Subscriptions: Create Subscription returns 403 The...

Walk15 · ‎05-07-2025

Been struggling with this for days.

Our setup:

App type: Server
Oauth flow passes and we get the access_token for the user.
We use the following scopes: acitvity,heartrate,profile

We make a GET request to list existing subscriptions.
We register any missing subscriptions:

- using fetch we do the following: await fetch('https://api.fitbit.com/1/user/-/activities/apiSubscriptions/<our-id-gen>.json', { method: 'POST', headers: { Authorization: 'Bearer <access_token>' } });

It always returns with 403 "The caller does not have permission"
When I try to do the following: curl -X POST -H "Authorization: Bearer <access_token>" <the same url as above> it creates the subscription and returns the details.
Issue is only happening on our localhost server. As we are trying to prototype the flow and activities data handling on our end, we do not have the luxury to deploy this to our stage servers. Do you guys not accept access from localhost? What's the deal?

IncaFitbit · ‎05-19-2025

Hi @Walk15 ,

Thanks for reaching out! Your curl test confirms your access token is valid. The "403: The caller does not have permission" error on localhost strongly suggests an issue with your Callback URL settings.

Please ensure your localhost address (e.g., http://localhost:3000/) is correctly added to your application's Callback URLs on the Fitbit developer website. This is crucial for Fitbit to recognize your application's origin.

Hope this helps you resolve it quickly!

Inca

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

Subscriptions: Create Subscription returns 403 The caller does not have permissions

Walk15

IncaFitbit