help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Web API to collect multiple users data

‎05-31-2024 05:30

‎05-31-2024 05:30

Hi,

I have completed an intraday research application that has been approved. I am aiming to carry out a research project that would collect multiple users who have fitbits (I have around 50 potential participants i could recruit to collect the data). I am a bit confused with the web API and how this works, could anyone give me some guidance please. Do I need to create a link that I can share with participants that means I would be able to collect there data? If I could be given some advice on how this works and whether it would be possible to collect multiple users' data at once, that would be great.

Thanks,

Alfie

Best Answer
Labels:
0 Votes
4 REPLIES 4

‎05-31-2024 07:58

‎05-31-2024 07:58

Hi @Alfiethain 

A description of the authorization flow is documented in our Developer Guide.  To summarize the content,

  1. you will create a single authorization URL that all of your participants will use to consent to sharing data with your application.  
  2. you can present this URL to your participants any method you choice, such as through your application, a personalized email, etc.
  3. when the user clicks on the link, they will be asked to sign into their Fitbit account, and they are presented with the consent webform (i.e. scopes page).
  4.  after the user consents to the scopes, they are redirected back to your application, specified by the redirect_uri parameter, with a unique authorization code appended.
  5. Your application should extract the authorization code from the redirect_uri.  Using the /oauth2/token endpoint, exchange the authorization code for the access token and refresh token.  The response the endpoint returns contain the user's Fitbit user id, the scopes they selected during consent, an access token and refresh token unique to the user.

Once the user goes through your authorization flow and your application generates the access and refresh tokens, the user should not need to go through the authorization flow again. You'll want to store the user id, the scopes and the 2 tokens.   As each user goes through the authorization flow using the same authorization URL, the /oauth2/token endpoint will provide you with each user's unique user id, scope list, access and refresh tokens.

The user id can be used to lookup the scopes and tokens when needed.  The scopes will tell you which endpoints you can call for each user.  The access token is used to query the user's data.  The refresh token is used to obtain a new access token when the access token expires.  As long as you maintain the 2 tokens, you will have constant access to the user's data, until the user revokes their consent.  See Using Tokens Effectively.   

Hopefully, this information is helpful.   If you need further clarification, please let me know where you are confused.

 

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer

‎06-03-2024 01:31

In response to Gordon-C

‎06-03-2024 01:31

Hi @Gordon-C 

Thank you for your help.

Regarding the redirect_url that directs the participant back to the application, I have currently set mine as http://localhost. Is this correct?

Thanks,

Alfie

Best Answer
0 Votes

‎06-03-2024 01:53

In response to Alfiethain

‎06-03-2024 01:53

Hi @Gordon-C 

I am going through the fitbit OAuth 2.0 tutorial, is this where I create the authorization URL? As i have gone through this and it wasn't been able to identify a URL to give to participants. 

Also in the tutorial it makes many references to "your app" is this the app created on the fitbit developer page or does a different specific app need to be created?

Thank for your help.

Alfie

Best Answer
0 Votes

‎06-03-2024 14:13

In response to Alfiethain

‎06-03-2024 14:13

Hi @Alfiethain 

1. You can use redirect_url=http://localhost.   A lot of people do this for testing.  However, you will not be able to automate the step where you exchange the authorization code for the access token and refresh token.  This will become a manual step.   It is best to create an endpoint that is reachable via the internet which you can redirect to.  This endpoint would automatically parse the redirect URL, extract the authorization code and create the tokens.

2. You can either use the OAuth2.0 Tutorial or the documentation.  OAuth2.0 Tutorial should be used as a tool for testing and not used in production.

3. "your app" is referencing the application registered in the developer portal at https://dev.fitbit.com/apps and your application code.

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer
0 Votes