OAuth 2.0 tutorial page
For a detailed explanation of OAuth 2.0, see the Fitbit API documentation.
1: Authorize- First, choose the type of flow your application will use. Implicit grant flow is for use in client-side applications that cannot keep a secret because they distribute their source code to the client (web apps, mobile apps). The authorization code flow is for server-side applications that can keep a secret. If possible, use the authorization code flow, because while both flows are secure, it provides additional security. Flow type:
- Enter all of your application's relevant data below. You can find this data at dev.fitbit.com.
|Fitbit API URL:|
|OAuth 2.0 Client ID:|
- Choose below what user data you'd like to have access to. Select Scopes- The default expiration times are 1 hour for the authorization code flow, and 1 day for the implicit grant flow.The expiration time for the implicit grant flow can be set to certain values; see the docs for details. Expires In(ms):
- We've generated the authorization URL for you, all you need to do is just click on link below:
1A Get CodeCopy and paste the code that you can find in the redirect URL after the user has clicked the "allow" button. Example: http://localhost:8888/callback?code=7b64c4b088b9c841d15bcac15d4aa7433d35af3e#_=_, the code you need to paste from that example is 7b64c4b088b9c841d15bcac15d4aa7433d35af3e. Don't include the “#_=_”.
2: Parse response
After the user consents and clicks the "allow" button, copy and paste the ending part of the URL, starting from the #. For instance for url: https://localhost/#_=_scope=nutrition&user_id=28GVHZ&token_type=Bearer&expires_in=593433&access_token=blablaToken copy and paste #scope=nutrition&user_id=28GVHZ&token_type=Bearer&expires_in=593433&access_token=blablaToken in input field below
If using the authorization code flow, paste below the response of the CURL that you made in previous step(1A) and we will automatically parse it for you. If using the implicit grant flow, paste below the url returned in step 1 after clicking on the authorization link.Token response does not match the expected format; please check that you're using the correct OAuth 2.0 flow.
3 Make RequestFinally, when you have an access token, you can start making requests. If you had a token before, you don't need to go through steps 2-3, just paste your token below and make sure you enter your app data in step 1. We only support GET requests at the moment in this tutorial. But please feel free to check out other types of requests in the docs too on your own.
|OAuth 2.0 Access Token:|
|API endpoint URL:|