Permissions Guide
chevron down

Permissions Guide


Applications and clock faces developed for Fitbit OS must be granted permissions by the user, in order to use specific Device and Companion APIs.

The permissions system is primarily provided to inform users which apps are using which functionality of the system, and allow them to make informed decisions about whether they want to prevent its installation.

If a developer tries to utilize an API without first requesting the appropriate permission, the API will generate an error message, and the requested data will not be returned.

Available Permissions

The list of available permissions are as follows:



Read user activities for today (distance, calories, steps, elevation and active minutes), and daily goals. The body presence sensor is used to detect if the device is being worn, or not.

Related APIs: Device.User-activity, Device.Body-presence.



Allow the application to create entries within the user's Fitbit Activity Log.

Related APIs: Device.Exercise,

Heart Rate


Application may read the heart-rate sensor in real-time.

Related API: Device.Heart-rate.



Companion may communicate with the Internet using your phone data connection.

Related API: Companion.Fetch



Application and companion may request location data from the device or mobile GPS.

Related APIs: Device.Geolocation, Companion.Geolocation.

User Profile


Read non-identifiable personal information (gender, age, height, weight, resting heart rate, basal metabolic rate, stride, heart rate zones).

Related API: Device.User-profile.

Run in background


Companion may run even when the application is not actively in use.

Related APIs: Companion.Location-change, Companion.Wake-interval

Requesting Permissions

In order to request permission to use specific APIs, they just need to open their project's package.json file in Fitbit Studio, then tick the appropriate permissions.

Alternatively, if editing the package.json file manually, the permissions need to be added as follows:

  "fitbit": {
    "requestedPermissions": [

When the application is installed, the user will be prompted to accept the permission requests.

Checking Permissions

In order to check permissions within code, you need to import the appbit API on the device, or the companion API for the companion.

import { me } from "appbit";

if (!me.permissions.granted("access_heart_rate")) {
  console.log("We're not allowed to read a users' heart rate!");
import { me } from "companion";

if (!me.permissions.granted("access_internet")) {
  console.log("We're not allowed to access the internet!");