help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What is the URL for OAuth signed activity requests ?

ANSWERED

‎01-13-2015 21:42 - last edited on ‎01-21-2015 22:46 by

‎01-13-2015 21:42 - last edited on ‎01-21-2015 22:46 by

Thanks to Ivan B's excellent Debug Tool I have got a desktop app running which can get permanent oauth_token and encoded_user_id.  Runs under Xojo, uses cURL, on MacOS.

 

I now want to retrieve activity for a given user who has provided me with authorization.  I want to use oAuth Authorization header validation so I can get data regardless of privacy settings for persons who have authorized.  This would not be the case if using the simple URL "https://api.fitbit.com/1/user/228TQ4/activities/date/2010-02-25.json"

 

My problem comes from the very last piece of the Debug Tool page.  In that last box, the API request CURL suggests that the URL is  "https://api.fitbit.com/"  This seems a bit short, perhaps it should be something like  "https://api.fitbit.com/oauth/read_activity" (based on the URLs for steps A and E) ?

 

But the page Fitbit Resource Access API (https://wiki.fitbit.com/display/API/Fitbit+Resource+Access+API) suggests that the URL should be "https://www.fitbit.com/oauth/authorize?oauth_token=".

 

Can anyone suggest the correct URL, which also will include the GET please ?

 

Regards,

Tony Barry

Sydney, Australia.

Best Answer
Labels:
0 Votes
1 BEST ANSWER

Accepted Solutions

‎01-15-2015 07:26

In response to tonybarry

‎01-15-2015 07:26

Hello Tony.

You should not specify request type as part of URL.

 

The valid get activities url should look like that: https://api.fitbit.com/1/user/-/activities/date/2014-07-08.json

Don't forget to select proper request type(shuold be GET) in drop down.

 

For more information see: https://wiki.fitbit.com/display/API/API-Get-Activities

I think you mught have been confused that the URLs provided in this page start with [GET /the actual url]. But this is how the http request looks like in a raw format: REQUEST_TYPE[space]URI. It has nothing to do with the request type to be as part of api url.

 

 

Ivan Bahdanau
Senior Software Developer at Fitbit

View best answer in original post

Best Answer
0 Votes
4 REPLIES 4

‎01-13-2015 22:07

‎01-13-2015 22:07

The the very last part curl on the debug page is for actual api requests and it has [...] at the end suggesting that you need to change it to what ever endpoint you need to use.

 

The https://www.fitbit.com/authorize... step you should've been done already since you're saying that you already have permanent access token. You also should have access token secret that you'll use to sign you requests.

 

Check out youtube link at this page: https://community.fitbit.com/t5/Web-API/How-to-properly-sign-API-request-and-set-up-OAuth-1-0a-flow/... You'll need to watch it full screen on HD monitor but it will give you basic idea how you authorize your app and make the requests.

 

P.S. the video a little bit outdated and actual fitbit api debug page looks a bit different how ever the gist how to use it is still the same.

Ivan Bahdanau
Senior Software Developer at Fitbit
Best Answer
0 Votes

‎01-14-2015 23:26

In response to ibahdanau

‎01-14-2015 23:26

Thank you Ivan for your response.

 

If I want to retrieve the "Activities" .json, then the URL would be:

https://api.fitbit.com/GET/1/user/-/activity.json

 

as far as I can see.  Unfortunately this looks suspicious to me because your excellent Debug tool then gives me the following as part of the Base String:-

 

GET&https%3A%2F%2Fapi.fitbit.com%2FGET%2F1%2Fuser%2F%2Factivity.json&oauth_consumer_key%3D638fde...

 

As you can see, there are two GETs in there and that just looks wrong.

 

Would you be able to provide the URL for the Activites .json please ? I realise this is probably more dumb, but it's not obvious at present. (and no, when I run this it is not working 🙂

 

Regards,

Tony Barry

Sydney

Best Answer
0 Votes

‎01-15-2015 07:26

In response to tonybarry

‎01-15-2015 07:26

Hello Tony.

You should not specify request type as part of URL.

 

The valid get activities url should look like that: https://api.fitbit.com/1/user/-/activities/date/2014-07-08.json

Don't forget to select proper request type(shuold be GET) in drop down.

 

For more information see: https://wiki.fitbit.com/display/API/API-Get-Activities

I think you mught have been confused that the URLs provided in this page start with [GET /the actual url]. But this is how the http request looks like in a raw format: REQUEST_TYPE[space]URI. It has nothing to do with the request type to be as part of api url.

 

 

Ivan Bahdanau
Senior Software Developer at Fitbit
Best Answer
0 Votes

‎01-15-2015 19:49 - edited ‎01-15-2015 19:53

In response to ibahdanau

‎01-15-2015 19:49 - edited ‎01-15-2015 19:53

Hi Ivan,

 

Thank you for the response.  Your one-line answer solved the issue.  My Fitbit integration can go ahead now.

 

To recap, the request URL for an API request should not contain the word GET, despite this figuring prominently in the docs.

The correct format for the request URL for an API request for "activities" is 

 https://api.fitbit.com/1/user/-/activities/date/2014-07-08.json

 

The GET phrase appears in the Authorisation header along with all the other stuff.

 

Regards

Tony Barry

Best Answer
0 Votes