Additional Fitbit OAuth 2.0 Features
chevron down

Additional Fitbit OAuth 2.0 Features


In addition to the standard OAuth 2.0 features, Fitbit provides proprietary features to assist applications using the Fitbit Web API.

Refresh token recovery

Fitbit—at its discretion—may temporarily enable the ability for an application to retrieve its refresh token for a person who previously has authorized the application.

This feature may be enabled when:

  1. your application no longer has a valid refresh token for a person for a justifiable reason
  2. your application has not revoked its own access to the person's data
  3. the person has not revoked your application's access
  4. requesting the person to re-authorize your application would be unreasonable

To request access to this feature, contact private support.

Authorization header

The Authorization header must be set to Basic followed by a space, then the Base64 encoded string of your application's client id and secret concatenated with a colon. For example, the Base64 encoded string, Y2xpZW50X2lkOmNsaWVudCBzZWNyZXQ=, is decoded as "client_id:client secret".

Body parameters

Form Parameter Description
grant_type required refresh_token
Type: string
user_id required

The Fitbit user id of the person who authorized the client

Type: string


Authorization: Basic Y2xpZW50X2lkOmNsaWVudCBzZWNyZXQ=
Content-Type: application/x-www-form-urlencoded


Example response:

    "refresh_token": "c643x63x072f0f05478e9d18b991db80ef6061e4f8e6c822d83fed53e5fafdd7",
    "user_id": "26FWFL"