Additional Fitbit OAuth 2.0 Features
Overview
In addition to the standard OAuth 2.0 features, Fitbit provides proprietary features to assist applications using the Fitbit Web API.
Refresh token recovery
Fitbit—at its discretion—may temporarily enable the ability for an application to retrieve its refresh token for a person who previously has authorized the application.
This feature may be enabled when:
- your application no longer has a valid refresh token for a person for a justifiable reason
- your application has not revoked its own access to the person's data
- the person has not revoked your application's access
- requesting the person to re-authorize your application would be unreasonable
To request access to this feature, contact private support.
Authorization header
The Authorization
header must be set to Basic
followed by a space, then the
Base64 encoded string of your application's client id and secret concatenated
with a colon. For example, the Base64 encoded string,
Y2xpZW50X2lkOmNsaWVudCBzZWNyZXQ=, is decoded as "client_id:client
secret".
Body parameters
Form Parameter | Description |
---|---|
grant_type required |
refresh_token Type: string |
user_id required |
The Fitbit user id of the person who authorized the client Type: string |
Example
POST https://api.fitbit.com/oauth2/recover
Authorization: Basic Y2xpZW50X2lkOmNsaWVudCBzZWNyZXQ=
Content-Type: application/x-www-form-urlencoded
user_id=26FWFL&grant_type=refresh_token
Example response:
{
"refresh_token": "c643x63x072f0f05478e9d18b991db80ef6061e4f8e6c822d83fed53e5fafdd7",
"user_id": "26FWFL"
}