help menu

Join us on the Community Forums!

  • Community Guidelines

    The Fitbit Community is a gathering place for real people who wish to exchange ideas, solutions, tips, techniques, and insight about the Fitbit products and services they love. By joining our Community, you agree to uphold these guidelines, so please take a moment to look them over.

  • Learn the Basics

    Check out our Frequently Asked Questions page for information on Community features, and tips to make the most of your time here.

  • Join the Community!

    Join an existing conversation, or start a new thread to ask your question. Creating your account is completely free, and takes about a minute.

Not finding your answer on the Community Forums?

Cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

unable to loigin to fitbit accounts | accounts blocked

‎08-27-2023 14:33

‎08-27-2023 14:33

Greetings,
I am developing an app to get user data from fitbit apis as a part of a research project. we have over 90 users from whom we need to collect data. All the 90 users have fitbit accounts. I want to get last sync time of all users for which i am using the following fitbit api GET https://api.fitbit.com/1/user/{user_id}/devices.json. we have credentials of all users(with their consent)

I developed a python script using selenium to get access tokens and refresh tokens of all users. Selenium automates the user authentication and consent screen process and successfully retrieves access tokens and refresh tokens using authorization code. In the process of testing the app I logged into a bunch of accounts multiple times using selenium to automate the consent process and get tokens, as a result fitbit banned my ip address, at the same time I cannot login to some(20+) of the user accounts now.

How can this issue be resolved and what can I do to avoid facing this issue in the future?

Can users whose accounts are locked/blocked successfully sync the data now that we they can't login to some accounts? If so, this is going to be a big concern for our research. Are they going to be locked out of mobile app as well? 

Can anyone please help me resolve this issue as soon as possible?

I want fitbit to unblock my ip address and more importantly I want to login to participants(users) accounts to get tokens and make api call to get last sync time
Thank you

Best Answer
Labels:
4 REPLIES 4

‎08-27-2023 20:59

‎08-27-2023 20:59

Hii,

You can implement token storage securely, and ensure consent process automation respects Fitbit's terms of use. Users with locked accounts might still sync data, but access issues can affect mobile apps too. 

Best regard,
YourTexasBenefits
Best Answer

‎08-28-2023 10:35

‎08-28-2023 10:35

Hi @wander_mind 

The reason your IP address was blocked is because you were logging into each user's account from the same machine.  Therefore, we thought these user's accounts were compromised.  Technically, they were.   You should never need the user's credentials to collect a Fitbit user's data.   Even though your IP address is blocked, this should have no impact to the Fitbit user's accessing their account or syncing their device to the mobile application.

The proper method for accessing the Fitbit data is to provide each of your participants your authorization URL, and have the participants log into their Fitbit account during the consent process.  When the user completes consent, they are redirected back to your application where you exchange the authorization code for the access token and refresh token.  The access token is used to query the participant data while the refresh token is used to obtain a new access token / refresh token pair when the access token expires.   If you store the access token and refresh tokens, and use the correctly, you should always have access to the user's data and never need their Fitbit credentials.  Read https://dev.fitbit.com/build/reference/web-api/developer-guide/best-practices/#Using-Tokens-Effectiv... for more information on this process.

To unblock your IP address, I will need to get some information from you.   I have created support case 00104858 and will send you an email with this case number in the subject line.

Best,

Gordon

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer

‎08-28-2023 11:09

In response to GordonFitbit

‎08-28-2023 11:09

Thank you for your response.

we have an original gmail/google account based on which we created multiple fitbit accounts using alias addresses (+ addresses). so there is one google account and 90 fitbit accounts. All these 90 fitbit accounts are linked with a single google account.

Also some 20+ user accounts  are blocked or locked. Users cant sign in using their credentials in fitbit.com. So we cant get access and refresh tokens for them now. Can you please look into this? Are they signed out of mobile apps as well? 


Thanks

Revanth

Best Answer

‎09-07-2023 07:35

In response to wander_mind

‎09-07-2023 07:35

Hi @wander_mind 

We have unblocked your IP address.   Please confirm you are able to access the web site.

Thank you,

Gordon

Gordon Crenshaw
Senior Technical Solutions Consultant
Fitbit Partner Engineering & Web API Support | Google
Best Answer