Permissions Guide
chevron down

Permissions Guide


Applications and clock faces developed for Fitbit OS must be granted permissions by the user, in order to use specific Device and Companion APIs.

The permissions system is primarily provided to inform users which apps are using which functionality of the system, and allow them to make informed decisions about whether they want to prevent its installation.

If a developer tries to utilize an API without first requesting the appropriate permission, the API will generate an error message, and the requested data will not be returned.

Available Permissions

The list of available permissions are as follows:


Read user activities for today (distance, calories, steps, elevation and active minutes), and daily goals. The body presence sensor is used to detect if the device is being worn, or not.

Related APIs: Device.User-activity, Device.Body-presence.

User Profile

Read non-identifiable personal information (gender, age, height, weight, resting heart rate, basal metabolic rate, stride, heart rate zones).

Related API: Device.User-profile.

Heart Rate

Application may read the heart-rate sensor in real-time.

Related API: Device.Heart-rate.


Application and companion may request location data from the device or mobile GPS.

Related APIs: Device.Geolocation, Companion.Geolocation.


Companion may communicate with the Internet using your phone data connection.

Related API: Companion.Fetch

Run in background

Companion may run even when the application is not actively in use.

Related APIs: Companion.Location-change, Companion.Wake-interval

Requesting Permissions

In order to request permission to use specific APIs, they just need to open their project's package.json file in Fitbit Studio, then tick the appropriate permissions.

When the application is installed, the user will be prompted to accept the permission requests.

Checking Permissions

In order to check permissions within code, you need to import the appbit API on the device, or the companion API for the companion.

import { me } from "appbit";

if (!me.permissions.granted("access_heart_rate")) {
  console.log("We're not allowed to read a users' heart rate!");
import { me } from "companion";

if (!me.permissions.granted("access_internet")) {
  console.log("We're not allowed to access the internet!");