Web Api call implementation should be from Applica...

chetananikam · ‎07-04-2023

Hello there,

I want to fetch health data using Fit bit API. After authentication from app side, What is the right procedure to fetch or call health API. Should it be implemented on server side or It should be directly called from App side? Kindly provide overall right procedure to implement fit bit API.

Thanks and regards

Gordon-C · ‎07-05-2023

Hi @chetananikam

The recommendations we make are going to be security focused. We support both client and server architectures. Where the API calls are called is really up to you and your application architecture. Server-based architectures can provide additional security while communicating via a web service. See Application Types. But there is nothing preventing you from allowing your client to make the API calls and store the data until the user opens a connection with your server to pass the data through. For both architectures, we recommend using Authorization Code Grant Flow with PKCE. This is the most secure OAuth2 authorization mechanism we support.

Gordon

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google

Olivialawrence · ‎08-16-2023

Hii, @chetananikam

Your server sends authorized API requests to Fitbit on behalf of the user. Fetch health data such as steps, heart rate, etc. And develop a server-side component (backend) that securely stores access tokens. This component communicates with the Fitbit API using the tokens.

Best regard,
livetheorangelife

Join us on the Community Forums!

Community Guidelines

Learn the Basics

Join the Community!

Not finding your answer on the Community Forums?

Go to the Help Site

Contact Support

Web Api call implementation should be from Application or Server side?

chetananikam

Gordon-C

Olivialawrence