Permissions Guide
chevron down

Permissions Guide


Applications and clock faces developed for Fitbit OS must be granted permissions by the user, in order to use specific Device and Companion APIs.

The permissions system is primarily provided to inform users which apps are using which functionality of the system, and allow them to make informed decisions about whether they want to prevent its installation.

If a developer tries to utilize an API without first requesting the appropriate permission, the API will generate an error message, and the requested data will not be returned.

Note: Developers should be aware that permissions can be revoked by a user at any time, and developers should gracefully handle missing permissions in their application at runtime.

Available Permissions

The list of available permissions are as follows:



Read user activities for today (distance, calories, steps, elevation and active minutes), daily goals, and activity history. The body presence sensor is used to detect if the device is being worn, or not.

Related APIs: Device.User-activity, Device.Body-presence.

Always-on Display


Allows a developer to enable Always-on Display for their applications and clock faces.

NOTE: You can only use this permission with the Fitbit OS Simulator. Applications and clock faces must be authorized by Fitbit to use this permission due to the risk of hardware damage.

Related API: Device.Display

App Cluster Storage


Allows a developer to persist data on the mobile phone and share it between all of their applications and clock faces.

Related API: Companion.App-cluster-storage


Allows a developer to access calendar and event data from a user's mobile phone.

Related API: Companion.Calendars



Allow the application to create entries within the user's Fitbit Activity Log.

Related APIs: Device.Exercise,

Heart Rate


Application may read the heart-rate sensor in real-time.

Related API: Device.Heart-rate.



Companion may communicate with the Internet using your phone data connection.

Related API: Companion.Fetch



Application and companion may request location data from the device or mobile GPS.

Related APIs: Device.Geolocation, Companion.Geolocation, Companion.Weather.

Run in background


Companion may run even when the application is not actively in use.

Related APIs: Companion.Location-change, Companion.Wake-interval


Application may determine if the user is asleep or awake.

Related API: Device.Sleep

User Profile


Read non-identifiable personal information (gender, age, height, weight, resting heart rate, basal metabolic rate, stride, heart rate zones).

Related API: Device.User-profile.

Requesting Permissions

In order to request permission to use specific APIs, edit the package.json file. The permissions need to be added as follows:

  "fitbit": {
    "requestedPermissions": [

When the application is installed, the user will be prompted to accept the permission requests.

Checking Permissions

In order to check permissions within code, you need to import the appbit API on the device, or the companion API for the companion.

import { me as appbit } from "appbit";

if (!appbit.permissions.granted("access_heart_rate")) {
  console.log("We're not allowed to read a users' heart rate!");
import { me as companion } from "companion";

if (!companion.permissions.granted("access_internet")) {
  console.log("We're not allowed to access the internet!");