OAuth2 Introspect ver. 1.0 (Deprecated)

This version of the OAuth2 Introspect endpoint is deprecated because the response format changed which could affect your application. Please use Introspect endpoint ver. 1.1, instead.

Retrieve State of Tokens

An application can retrieve the active state of an OAuth 2.0 token. This endpoint conforms to RFC 7662.

Making Requests

POST https://api.fitbit.com/oauth2/introspect
Authorization: Bearer <Access Token>
Content-Type: application/x-www-form-urlencoded

token=<OAuth 2.0 token to retrieve the state of>

Example Response:

If the token passed in parameter is valid:

{
    "active":1,
    "scope":"{ACTIVITY=READ_WRITE}",
    "clientId":{"id":"<Client Id>"},
    "userId":{"id":"<User Id>"},
    "tokenType":"access_token",
    "exp":<expires at>,
    "iat":<issued at>
}

If the token passed in parameter is not valid:

{
    "active":0
}

Intraday Requests

Partner Support