Cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

polling fitbit api

ANSWERED

I am working on an ios app that allows a user to grant activity access to our the app. After they successfully grant access we store the refresh token and access token in our database via a call to our webservice. Twice an hour we run a scheduled job that pulls intra day activity data from fitbit. I have been testing with a handful of users and it is working. I have read that the preferred way to do this is to use subscriptions, not polling, but at the moment we can't use subscriptions. Is polling allowed and are there downsides to doing it other than not having near realtime data?

 

Additionally, is it possible to get into a state where the refresh token is spent and the access token is expired? I was imagining making a call to fitbit and spending the refresh token. Then our server goes down before we can save the response from fitbit? I read this thread: 

https://community.fitbit.com/t5/Web-API-Development/Invalid-or-expired-refresh-tokens/td-p/1048159 and am not sure if it can happen. It ends with saying contact private support. Can this spent refresh token scenario happen with subscriptions? I'm assuming yes.

 

Thanks!

Best Answer
0 Votes
1 BEST ANSWER

Accepted Solutions

@mistyper Seems reasonable if you can't use subscriptions. The rate limit is 150 requests per user per hour so you're well within the limit.

 

For refresh tokens (from the docs):

"If a client makes identical refresh token requests within a two-minute period, the Fitbit Web API will return the same response. This is to assist applications unable to coordinate the refresh token flow between processes."

Otherwise, you would need to contact private API support if you failed to store the new token.

 

As far as with subscriptions, I'm assuming you mean if you're unable to respond to subscriptions? If so, then the resilient application design section of the docs will answer that.

Andrew | Community Moderator, Fitbit

What motivates you?

View best answer in original post

Best Answer
0 Votes
4 REPLIES 4

@mistyper Seems reasonable if you can't use subscriptions. The rate limit is 150 requests per user per hour so you're well within the limit.

 

For refresh tokens (from the docs):

"If a client makes identical refresh token requests within a two-minute period, the Fitbit Web API will return the same response. This is to assist applications unable to coordinate the refresh token flow between processes."

Otherwise, you would need to contact private API support if you failed to store the new token.

 

As far as with subscriptions, I'm assuming you mean if you're unable to respond to subscriptions? If so, then the resilient application design section of the docs will answer that.

Andrew | Community Moderator, Fitbit

What motivates you?

Best Answer
0 Votes

Thanks for the info Andrew. For the expired tokens with subscriptions question I was wondering if we could end up in the scenario where we need to contact private support. I think the answer is yes because we would respond to the subscription by calling the api, and before we get the response our servers go down. I think the same scenario could happen with polling or subscriptions. 

 

Would you mind elaborating on what contacting private support means? I'm just trying to answer a question about what happens if all the tokens are stale due to our servers going down right before receiving a response. Do we need to ask all of our users to re - register? Does private support provide some back end way of refreshing all of the tokens?

Thanks again!

Best Answer
0 Votes

@mistyper I see. Contacting private API support would mean filling out the form located on our docs describing the scenario, and then they can assist with recovering the token(s).

Andrew | Community Moderator, Fitbit

What motivates you?

Best Answer
0 Votes

How does one detect when a refresh token has expired? There is such a notion for access token. This is concerning the rest of this thread where I ask how to get refresh tokens for users that were spent in error? The answer was to contact fitbit support. The part I don't know is what response from fitbit will clue me in that the resfresh tokens are expired (not invalid - which I think means the user revoked access or never gave it in the first place)

Refresh Token Errors

See the Access Token Request - 401 Unauthorized section above for error descriptions that are not specific to refresh token requests. However, for 401 errors that occur during a refresh token request, the API will respond with a WWW-Authenticate header with a value of Bearer realm="api.fitbit.com", rather than a value of Basic realm="[redirect_uri]".

400 Bad Request

 

Error Response

refresh_token - invalid{"errors":[{"errorType":"invalid_grant","message":"Refresh token invalid: [access_token]"}],"success":false}
refresh_token - missing{"errors":[{"errorType":"invalid_request","message":"Missing parameters: refresh_token"}],"success":false}
grant_type - missing{"errors":[{"errorType":"invalid_request","message":"Missing 'grant_type' parameter value."}],"success":false}
grant_type - invalid{"errors":[{"errorType":"unsupported_grant_type", "message":"The authorization grant_type is not supported."}],"success":false}
Best Answer
0 Votes