Getting Started with the Fitbit APIs
Creating a Developer Account for Fitbit
To use the Fitbit APIs, you need to have a Google account registered as a Fitbit developer account. The Google account used with Fitbit can be either a @gmail or a custom domain email address registered as a Google acount. Google Workspace accounts are not supported with Fitbit. If you have an existing Fitbit account that you would like to convert to a Google account, follow the steps in the help article How to move a Fitbit Account to a Google Account.
To create a developer account,
- Go to https://accounts.fitbit.com/signup.
- Press "Continue with Google".
- Press "Create Account" and select "For my personal user".
- Then, follow the instructions provided.
- After the google account has been created, go to https://dev.fitbit.com/apps and press the "Log In" button.
- Press "Continue with Google".
- Depending on the screen presented, either select the email address or enter the email address that you just created.
- Follow the steps provided to log in.
TIP: For larger organizations, we recommend your developer email account be a distribution list. Distribution lists are easier to manage ownership as people migrate throughout the company. Google Groups are not supported with Fitbit.
Registering an Application
An application must be registered within the developer account prior to calling the Fitbit Web APIs for the first time. Each registered application is provided with a client ID and secret. These client credentials will need to be referenced by the application during user authorization.
Steps to register your application with Fitbit
- Go to https://dev.fitbit.com/apps
- In the upper right hand corner, click the link "Register a new application"
or
- Go to https://dev.fitbit.com
- In the upper right hand corner, click on Manage -> Register an App
Fill out the following fields:
Application Name | required | The name of your application. |
Description | required | Describe what your application does. |
Application Website | required | The URL that points to your application website or download page. This URL is presented to the user during consent. |
Organization | required | The name of your company or organization. |
Organization Website | required | Your company or organization website URL. |
Terms of Service URL | required | The link to your Terms of Service document related to this application. It will be presented to the user during consent. |
Privacy Policy URL | required | The link to your Privacy Policy document related to this application. It will be presented to the user during consent. |
OAuth 2.0 Application Type | required | Supported: Server | Client | Personal See Application Types |
Callback URL | required | A link sending the onboarding user back to your application. The URL must be absolute. See Redirect URL. |
Default Access Type | required | Supported: Read-only | Read & Write See Access Types |
Add a Subscriber | optional / recommended | This is required if you want to received webhook / push notifications for updates to user data. Not required for registering an application. See Subscriptions |
NOTE: All URLs must use https.
Application Types
When registering your application, select the appropriate “OAuth 2.0 Application Type”. A description of the application types can be found at Application Types. See Authorization to determine the recommended OAuth 2.0 authorization flow that should be used for your application type.
Access Types
Applications operate in a read-only or read & write manner. This is an application-level setting and applies to all scopes. This is configured in the application settings at https://dev.fitbit.com/apps.
Only configure "Read & Write" access if you're sending data to Fitbit.
WARNING: Changing the access type settings will immediately invalidate all existing access tokens.
Registration Page Example
Application Settings
All registered applications will appear under the developer’s account at https://dev.fitbit.com/apps. Selecting one of the applications will display a summary of the application settings (see image).
NOTE: Never put your client secret in distributed code, such as apps downloaded through an app store or client-side JavaScript. Also, never give your client secrets to external people or post it on a public forum. Fitbit employees may ask for this information to troubleshoot problems. The information should be sent privately, and only the first 10 characters of your client secret will typically be requested to verify application ownership.