Ok, I will do that and let you know but I have request for Fitbit developer, please improve the documentation of FitBit API. its pretty poor. Almost all API have examples in common programming languages Fitbit has none. OAuth is not easy for everyone. Specially for new developers. This statements"

1. Find an OAuth 2.0 library for your programming language and framework to create an authorization flow." in the Quick start guide doesn't help much. 

this is the httpresponse ...

HTTPRESPONSE: <NSHTTPURLResponse: 0x7fd6d0c3de00> { URL: https://api.fitbit.com/oauth2/token } { status code: 400, headers {

    "Cache-Control" = "no-cache, must-revalidate";

    "Content-Encoding" = gzip;

    "Content-Language" = "en-US";

    "Content-Type" = "application/json;charset=UTF-8";

    Date = "Sat, 21 Nov 2015 06:01:35 GMT";

    Expires = "Thu, 01 Jan 1970 00:00:00 GMT";

    Pragma = "no-cache";

    Server = "cloudflare-nginx";

    "Set-Cookie" = "JSESSIONID=6C4A88B0718274C10BB8AFF5A2888C64.fitbit1; Path=/; HttpOnly, fhttps=\"\"; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/";

    Vary = "Accept-Encoding";

    "cf-ray" = "248a2e4d27651201-SJC";

    "x-frame-options" = SAMEORIGIN;

    "x-ua-compatible" = "IE=edge,chrome=1";

} }

What's the request??

From the documentation, the example of authorization is (in standard cURL format):

POST https://api.fitbit.com/oauth2/token
Authorization: Basic Y2xpZW50X2lkOmNsaWVudCBzZWNyZXQ=
Content-Type: application/x-www-form-urlencoded

client_id=22942C&grant_type=authorization_code&redirect_uri=http%3A%2F%2Fexample.com%2Fcallback&code=1234567890

What is the content of the 'Authorization' request header? You should be able to make a request, even as ajax, and capture the request headers through Firebug/Chrome, or even cURL the request on command line. Also, what is the query string? If the API returns the error message invalid/missing grant_type field, then it means that you are missing that in your code, or the variable isn't properly set.

The devs won't be able to do much if they don't know the exact error message you receive from the API, as well as the full request that you make. I know you don't like the documentation, but I do agree that it's a little on the light side for troubleshooting information (errors etc.) as well as lacking real implementation examples.

Edit: What the documentation doesn't tell you is that the authorization and refresh requests can be made with get as well as post.

---

@simran5590 wrote:

Ok, I will do that and let you know but I have request for Fitbit developer, please improve the documentation of FitBit API. its pretty poor. Almost all API have examples in common programming languages Fitbit has none. OAuth is not easy for everyone. Specially for new developers. This statements"

1. Find an OAuth 2.0 library for your programming language and framework to create an authorization flow." in the Quick start guide doesn't help much. 

---

@simran5590: Thank you for the feedback. Given OAuth 2.0's ubiquity and our small team, we are focusing on supporting Fitbit API specific issues at this time. Nearly every language and application framework has an idiomatic way of making HTTP requests with OAuth 2.0. We will try to provide more examples in the future, but we will never be able to serve people as well as their preferred language's and framework's documentation.

@JeremiahFitbit I totally understand as a developer it might be hard for a small team to do it. Thanks for the response. Try to take help from the community as well. If you want I can try to provide you the example I used to OAuth with fibit in Swift you can modify it according to your standards and post in documentation examples. In future as I will get time I will do it in other languages also and provide you the github links and you can modify them also. 

---

@jmitchell38488 wrote:

 

Edit: What the documentation doesn't tell you is that the authorization and refresh requests can be made with get as well as post.

---

@jmitchell38488: These requests are only valid as POST requests. Making a GET request will result in errors in the future.

Can you help me, i get a HTTP request failing:

"Cache-Control" = "no-store, no-cache, must-revalidate";
"Content-Encoding" = gzip;
"Content-Language" = "en-IN";
"Content-Type" = "text/html;charset=UTF-8";
Date = "Fri, 27 Nov 2015 09:24:31 GMT";
Expires = "Thu, 01 Jan 1970 00:00:00 GMT";
Pragma = "no-cache";
Server = "cloudflare-nginx";
"Set-Cookie" = "fhttps=\"\"; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/, JSESSIONID=7D3D0C7DEACBC05F4F8D5C5CB318FB7D.fitbit1; Path=/; HttpOnly";
Vary = "Accept-Encoding";
"cf-ray" = "24bcc7c85cfc2ef3-DEL";
"x-frame-options" = SAMEORIGIN;
"x-ua-compatible" = "IE=edge,chrome=1";

Please Explain Whats wrong with this Code:

- (IBAction)showToken:(id)sender {

    NSString *kClientID = @"6da7a4053

---

@JeremiahFitbit wrote:

---

@jmitchell38488 wrote:

 

Edit: What the documentation doesn't tell you is that the authorization and refresh requests can be made with get as well as post.

---

@jmitchell38488: These requests are only valid as POST requests. Making a GET request will result in errors in the future.

---

**********";

    NSString *kClientSecret = @"8e8ca8*************";

    NSURL *baseURL = [NSURL URLWithString:@"https://api.fitbit.com/oauth/request_token"];

    AFOAuth2Manager *OAuth2Manager =

    [[AFOAuth2Manager alloc] initWithBaseURL:baseURL

                                    clientID:kClientID

                                      secret:kClientSecret];

    //client_id=22942C&grant_type=authorization_code&redirect_uri=http%3A%2F%2Fexample.com%2Fcallback&code=1234567890

    NSDictionary *params = @{@"authorization_code":@"password", @"mohd.saleem@rootinfosol.com"  @"password":@"**********"};

    [OAuth2Manager authenticateUsingOAuthWithURLString:@"/oauth/token"

                                            parameters:params

                                               success:^(AFOAuthCredential *credential) {

                                                   NSLog(@"Token: %@", credential.accessToken);

                                               }

                                               failure:^(NSError *error) {

                                                   NSLog(@"Error: %@", error);

                                                   NSLog(params);

                                              }];

2015-11-30 11:02:54.010 FitBit[690:14510] Error: Error Domain=com.alamofire.error.serialization.response Code=-1011 "Request failed: not found (404)" UserInfo={NSUnderlyingError=0x7f81a34451e0 {Error Domain=com.alamofire.error.serialization.response Code=-1016 "Request failed: unacceptable content-type: text/html" UserInfo={com.alamofire.serialization.response.error.response=<NSHTTPURLResponse: 0x7f81a34415b0> { URL: https://api.fitbit.com/oauth/token } { status code: 404, headers {

    "Cache-Control" = "no-store, no-cache, must-revalidate";

    "Content-Encoding" = gzip;

    "Content-Language" = "en-IN";

    "Content-Type" = "text/html;charset=UTF-8";

    Date = "Mon, 30 Nov 2015 05:32:53 GMT";

    Expires = "Thu, 01 Jan 1970 00:00:00 GMT";

    Pragma = "no-cache";

    Server = "cloudflare-nginx";

    "Set-Cookie" = "fhttps=\"\"; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/, JSESSIONID=802CB2BFCE8F078EAF94FF90A5933B5E.fitbit1; Path=/; HttpOnly";

    Vary = "Accept-Encoding";

    "cf-ray" = "24d42c9c8bf12f11-DEL";

    "x-frame-options" = SAMEORIGIN;

    "x-ua-compatible" = "IE=edge,chrome=1";

} }, NSErrorFailingURLKey=https://api.fitbit.com/oauth/token, com.alamofire.serialization.response.error.data=<0d0a0d0a 0d0a0d0a 0d0a0d0a 0d0a0d0a 0d0a0d0a 0d0a0d0a

Thanks for support. i will work on it after that lets see what happen.

thanks a lot Bro.

After Modification it show this request error:

2015-12-01 13:04:30.111 FitBit[1195:51846] Error: Error Domain=com.alamofire.error.serialization.response Code=-1011 "Request failed: bad request (400)" UserInfo={com.alamofire.serialization.response.error.response=<NSHTTPURLResponse: 0x7fd559ccc290> { URL: https://api.fitbit.com/oauth2/token/oauth2/token } { status code: 400, headers {

    "Cache-Control" = "no-cache, must-revalidate";

    "Content-Language" = "en-IN";

    "Content-Length" = 0;

    "Content-Type" = "text/xml;charset=UTF-8";

    Date = "Tue, 01 Dec 2015 07:34:30 GMT";

    Expires = "Thu, 01 Jan 1970 00:00:00 GMT";

    Pragma = "no-cache";

    Server = "cloudflare-nginx";

    "Set-Cookie" = "JSESSIONID=35826744598449DEBE95442AFB48BEC2.fitbit1; Path=/; HttpOnly, fhttps=\"\"; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/";

    "cf-ray" = "24dd1c1f3fce2f23-DEL";

    "x-frame-options" = SAMEORIGIN;

    "x-ua-compatible" = "IE=edge,chrome=1";

} }, NSErrorFailingURLKey=https://api.fitbit.com/oauth2/token/oauth2/token, com.alamofire.serialization.response.error.data=<>, NSLocalizedDescription=Request failed: bad request (400)}

@MdSaleem: Please share the *body* of the response. That is the part that tells you what went wrong.

{
"errors": [
{
"errorType": "invalid_request",
"message": "Authorization header required. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."
}
],
"success": false
}

Your Documentation is very poor for FitBit API. For request a token. Almost all API have examples in common programming languages