Error 403: disallowed_useragent
When trying to open oauth inside Android application web view with shouldOverrideUrlLoading it gives error "Authorization ErrorError 403: disallowed_useragent"and lands on screen shown in screenshot with this link.
Forum Posts
invalid_grant error when requesting for oauth2 token
Hello!I was able to access the access_token last week from from since yesterday even with new authorisation code I still keep getting { "errors": [ { "errorType": "invalid_grant", "message": "Authorization code invalid: 3D68e6124cc72f5d42f4b8ec98a...
Resolved! Problem with date ranges
I'm trying to integrate WebAPI into an App, but I'm getting errors in the FitBit API Explorer Swagger for any date format I try. Any ideas what I might be doing wrong? Example:Request URL:https://api.fitbit.com/1/user/-/body/log/fat/date/2019-04-01/2...
Oauth2 token exchange returns 400 error from cloudflare, but curl successfully gets access token?
Hi all.I am attempting to perform an access token exchange. When I perform my exchange requests via my written code application, the request returns a html-encoded 400 Bad Request response from cloudflare.However, when I perform the same request via ...
Resolved! Error "invalid_grant" while trying to get access token
Getting the following error while make the call to get token. { "errors": [ { "errorType": "invalid_grant", "message": "Authorization code invalid: <code> Visit https://dev.fitbit.com/docs/oauth2 for more information o...
I/O error on POST request for "https://api.fitbit.com/oauth2/token"
Randomly I get errors for https://api.fitbit.com/oauth2/token call. Here is my cURL:curl --location --request POST 'https://api.fitbit.com/oauth2/token' \--header 'Authorization: Basic <REDACTED>' \--header 'Content-Type: application/x-www-form-urlen...
Resolved! Access and refresh token cycle
Hi Team, I have an application where once the user has been authorized into the app we start collecting data from FITBIT API.Here once a user logs in we collected both AUTHORIZATION and REFRESH tokens. Here, once an AUTH token expires we can refresh ...
Resolved! postman error ,errortype:invalid_grant??
(I'm Taiwanese,my grammar maybe not correct ><)These days I've been learned how to use fitbit api~Also,I watched some instructional video in youtube to help me understand how fitbit api work.But today I encounter a problem in postman.I import these i...
Resolved! user_id not included in Token Retrieved response by Authorization Code Grant Flow with PKCE
Hi there, With PKCE, I can successfully use the retrieved token reponse's accessToken to directly query the api by using the default dash "-" in the endpoint url for [user-id](e.g. /1/user/-/activities/date/[date].json) but the token response itself ...
Resolved! Cannot get HRV data through WebAPI
I requested the form and got granted for getting intraday data. But when I request the HRV intraday by date, I still get the response "API client is not authorized by Fitbit to access the resource requested." The heartrate scope is granted. And I ca...
Resolved! Fitbit API Integration With Integromat (Make)
I've been searching all over the web for a tutorial on how to connect Fitbit with Integromat. Unfortunately, I haven't had much luck! Integromat (now called Make) allows you to create an OAuth 2.0 Request through their system to interact with virtual...
Resolved! Authorize 'invalid_request - Missing response_type parameter' when using 'state' query parameter
I am working on a prototype data collector for a research project. participants join the study using a web form. They have to agree to participate and enter a unique participant id sent to them in a separate email. The participant id needs to be forw...
Refreshing Tokens with Application Type Client
Hello The authorization process works fine (I am using Authorization Code Grant Flow with PKCE and application type is client) and I can also get data correctly. But I just can't figure out how to refresh the tokens with the application type being c...
Resolved! I added a State Parameter in "Edit the Application" => Redirect URL section. found no state in OAuth
Hi,I added a state parameter in the Redirect URL like (http://localhost:50237api/Fitbit/CallBackApiResponse&state=123abc) and next the URL is also without the state.Anyone here please help me here thanks
Resolved! Increasing token lifetime
Hi, I'm working on FitBit API integration via Implicit grand flow and trying to increase token lifetime to one year but it always returns same value near `604800` whenever I pass on `expires_in` parameter.Here is link example `https://www.fitbit.com/...
Resolved! SPO2 API
Hi All, just testing out the spo2 API and I cant connect by my normal means. All other api's still work however the spo2 API gives me this error ... API client is not authorized by Fitbit to access the resource requested. Visit https://dev.fitbit.com...
Resolved! Authorization code verifier invalid
I checked the related topics already but found no solution.Initial authorization with https://www.fitbit.com/oauth2/authorize?client_id=.... is OK.When I try to get the tokens withcurl -X POST "https://api.fitbit.com/oauth2/token" -H "accept: applica...
Resolved! How to know which user email generated the authorization code?
Hi! I am creating a family application that will be able to retrieve the data of all the members of my family. The first step was to create a website that receives the access code. How would my app know who owns that code? Is there any resource where...
Authorization Token
My company has a third-party App with Fitbit. I have been using my Surge for multiple years and things have been running very smoothly. I recently upgraded to a Versa 3, and now I am not receiving my data via my App. Does this have to do with my Auth...
Resolved! Refresh Token Invalid
Hi Fitbit Team, I have 3 users in our app that on May 26th that began returning the error message upon automatic access token refresh - existing users that have been getting data / refreshing token for quite a while: Response: {"errors":[{"errorType"...
Request failed with status code 429
Hello,I've started to have 'Request failed with status code 429' sometimes.As I understood it means that I'm out of limit 150 requests per user per hour.But I do need more than 150 r/h sometimes.How can I solve this?
Resolved! API OAuth login using Facebook or Google
I noticed in the api docs here: https://dev.fitbit.com/docs/oauth2/#authorization-errors that it appears we can authenticate users with the Fitbit api using Facebook or Google based on the potential error responses:Facebook account used is not associ...
User gets unexpected user_id
Our OAuth flow works fine for most users. One has found that despite resetting, and making new accounts, we consistently get a user_id from the Fitbit API that does not match the one that the user expects (and uses with their devices). It's the same ...
Timezone: Reported alongside activity/sleep data through API pull?
I know you can get a static timezone from the user profile, but is it possible to have the timezone reported alongside the activity data (aka, this activity data was collected at this timezone)? It doesn't look like it but that would be better. Alte...
Resolved! CORS headers on the oauth2 fitbit authorization endpoint
I am having some trouble with the oauth2 Authorization Code Grant Flow in regards to CORS and wondering if anyone can see where I am going wrong. My application setup: A nodejs backend using the passport-oauth2 and passport-fitbit-oauth2 modules. Ex...
Oauth flow: stuck at login on Android (Connecting with google button)
Hello we have a problem at login when user clicks on connect with google button.I've seen similar issues in forums, but we have different scenarios. Captures - Google DriveSteps:User starts login in appbrowser opens login pageUser clicks on connect w...
fitbit plug-in in bubble.io
Hi everyone I have try to follow the Logging a user in through Fitbit follow this link: https://manual.bubble.io/core-resources/bubble-made-plugins/fitbit but I’ve got the problem with the massage Developer information: invalid_request - Invalid red...
Resolved! Previously working oAuth flow stuck at Login Transfer page on Android
We have an issue where people can no longer proceed through the oAuth code grant login process on any Android device. It has actually been an issue for some weeks and we are pretty sure it is no happening because of anything we changed. It seems we a...
Issues approving accounts using OAuth2 tutorial page
Hi, We have a browser app which we have previously used to collect data from watches used in research studies. I've been having some difficulties doing the same today: 1.) Using the link provided on the OAuth2 tutorial page I can sometimes get to ...
Obtaining auth code from redirect URL (auth with PKCE)
Hello,I am building a web api based app from Flutter and I am quite confused on the process of obtaining the auth code from the redirect URL. I created the code verifier, got the code challenge and implemented intent filters in the android manifest. ...
Invalid refresh token for one user
I have an application which is using the fitbit web API and it works great, expect for one user. The refresh token is not valid, so the user has to redo the auth process one per day. The refresh token works for all other users, so i think my code is ...
Resolved! Make Request with PostMan to get Heartrate
Hello, I'm trying to make a simple request on the API to get back heartrate scope. I red API documentations and many subjects and the forum but i sill do not understand how to do it. here where i am: Set in API an new app to be able to get the requir...
Skip refresh token for personal use.
Is there a way to use the Fitbit api without needing to refresh the access token after a certain period?I want to use to api just for my own fitbit account.
Personal application and refresh tokens
I’m trying to use the web api with an app called Shortcuts.I don't have much experience of api:s, so I used the authorization process from this shortcut to get an access key. The shortcut I linked uses the “personal” application setting in applicatio...
Resolved! Is there a way to force user to login again for oauth authentication?
The problem is if someone (patient A) logs into their fitbit account and simply closed the browser, Fitbit retains the user credentials. If another individual (patient B) opens up and try to do oauth authentication from the same computer and same bro...
Resolved! Force a user to confirm scopes and login during OAuth 2.0 authentication
If a user goes through OAuth authentication using a browser where there is already a FitBit account logged in, then it will automatically log that user into the already logged in account without prompting them to confirm it is their account, and more...
oauth2 400 bad request invalid_grant Authorization code challenge missing
Hello, I am implementing oauth2 and getting a 400 bad request. I have a Fitbit app registered with oauth 2.0 application type of server. The grant type is authorization_code. In the body of the request I am sending: const body = {grant_type: "authori...
Enquiries on Webhook and fitbit activities APIs
Hi,Refer to my attachment below, Currently, the number of end users whom are using Fitbit device is 686 users. But our backend system received Fitbit calls with more than 800 requests per hour via “POST /v1/fitbit/webhook” endpoint even when it is 2 ...
Resolved! Insufficient Permissions | 403 Error
Hi ,I am facing an issue where I have authorized the user with my application and currently I am trying to access my personal data only. I am only able to access user profile data i.e., https://api.fitbit.com/1/user/-/profile.json I am not able to...
Error Code 1008
My app has recently started to get an error code 1008 in the body when using the request token to get the access token and refresh token. Any idea what this means? Nothing has changed in the code. It just started doing it.