HTTP Status Codes
chevron down
 

HTTP Status Codes

2xx Success

The 2xx status codes are returned when the HTTP request is successful.

200 OK

Message Type Message Comments
No error (DELETE) { <data> }
No error (GET) { <data> }

201 Created

Message Type Message Comments
No error (POST) empty body
No error (POST) { <data> }

204 No Content

Message Type Message Comments
No error (DELETE) empty body

4xx Client Errors

The 4xx status codes are returned when a problem exists in the client application code. Look at the response body elements, errorType and message, for more information about the problem.

Authorization Errors

These error messages will appear on the web form while authorizing consent. You will not see a status code.

Error Message Recommendation
client_id - invalid unauthorize_client - Invalid client_id
client_id - missing invalid_request - Missing parameters: client_id Verify the authorization URL contains the client_id parameter
code_challenge - invalid invalid_request - The code_challenge parameter is invalid
code_challenge - invalid invalid_request - The code_challenge parameter length must be between 43 and 128
code_challenge_method - invalid invalid_request - Unsupported code_challenge_method
redirect_uri - invalid invalid_request - Invalid redirect_uri parameter value Verify the redirect_uri value in your application code matches the setting in https://dev.fitbit.com/apps.
redirect_uri - missing and app has multiple redirect URIs invalid_request - Missing redirect_uri parameter value Verify the authorization URL contains the redirect_uri parameter
response_type - invalid unsupported_response_type - Invalid response_type parameter value
response_type - missing invalid_request - Missing response_type parameter value Verify the authorization URL contains the response_type parameter
response_type - unauthorized unauthorized_client - The client is not authorized to request an access token using this method Use the supported response_type value based on your application's "OAuth 2.0 Application Type" setting.

"server": response_type = code
"client": response_type = token
"personal": response_type = code or token
response_type - unauthorized unauthorized_client - A "Personal" application is only authorized to request access tokens from the owner of the application Modify the application type to "server" or "client" when attempting to access data from another user.
scope - invalid invalid_scope - The requested scope is invalid, unknown or malformed: [scope]
scope - missing invalid_request - Missing scope parameter value Verify the authorization URL contains the scope parameter

400 Bad Request

Error Type Message Recommendation
invalid_grant Authorization code expired: [code]
invalid_grant Authorization code invalid: [code]
invalid_grant Missing parameters: refresh_token
invalid_grant Refresh token invalid: [refresh_token]
invalid_request Authorization code invalid: [code]
invalid_request Authorization code verifier invalid: null
invalid_request Authorization code verifier invalid: [code_verifier]
invalid_request Missing ‘grant_type’ parameter values
invalid_request Missing parameters: code
invalid_request Redirect_uri mismatch: null
invalid_request Redirect_uri mismatch: [redirect_uri]
invalid_request The code_verifier parameter is invalid
invalid_request The code_verifier parameter length must be between 43 and 128
invalid_request There was an error reading the request body
request Food log entry without food could not be updated Editing a food entry requires a non-zero foodId
request Invalid parameter subscriberId: <subscriberId> The subscriberId in the error message does not exist. Check the subscribers created for this application at dev.fitbit.com
request Request to invalid domain: [domain]
request This request should use https protocol. Verify the endpoint or redirect_url is using https
unsupported_grant_type The authorization grant_type is not supported
validation Invalid time series resource path Request parameter is invalid or missing. Possible causes:
  • The user does not have a device paired to the account
  • The user does not have a device that supports the data requested
validation Invalid time series period: <value> Verify the endpoint syntax contains "1d". See Intraday API.
validation The number of days between time series start and end dates cannot exceed MAX Shorten the date range for the endpoint arguments
validation Invalid date: <date value> Verify date format is YYYY-MM-DD

401 Unauthorized

Error Type Message Recommendation
expired_token Access token expired: [access_token] The OAuth access_token has expired. Use the refresh token obtained during consent to exchange for a new access_token and refresh_token pair. See Refresh Token.
invalid_client Authorization header required
invalid_client Incorrect authorization method
invalid_client Invalid authorization header. Client id invalid The Authorization header must be set to Basic, followed by a space, then the Base64 encoding of your application’s client id and secret concatenated with a colon. See OAuth 2.0 documentation.
invalid_client Invalid authorization header. Client secret invalid
invalid_client Invalid authorization header format
invalid_request Authorization header required
invalid_token Access token invalid: [access_token] The OAuth token provided is invalid or was revoked. See Revoked Tokens.
system Authorization error: invalid authorization token type The Authorization header must be set to Bearer, followed by a space, then the user's access token. See documentation for making requests.

403 Forbidden

Error Type Message Recommendation
insufficient_permissions API client is not authorized by Fitbit to access the resource requested If you application type is “Personal”, then the owner of the application can only query their intraday data.
insufficient_permissions API client is not authorized by the resource owner to access the resource requested Verify the user has authorized the scope for the endpoint being executed.
insufficient_permissions Read-only API client is not authorized to update resources Verify the application is registered for read / write access. Changing this setting will invalidate all Bearer tokens.
insufficient_scope This application does not have permission to [access-type] [resource-type] data

Verify the Authorization header is set to Bearer

Verify the user has authorized the scope for the endpoint being executed.

404 Not Found

Error Type Message Recommendation
invalid_request Refresh token not found The refresh token does not exist in our database. See Revoking refresh tokens for details.
not_found The API you are requesting could not be found Verify the syntax of the endpoint. See Web API documentation
not_found Requested entity was not found Verify the syntax of the endpoint. See Web API documentation

405 Method Not Allowed

Error Type Message Recommendation
The request method being used is not allowed to be executed against the server. Verify the syntax of the endpoint. See Web API documentation

409 Conflict

Error Type Message Recommendation
{
  "collectionType": "<value>",
  "ownerId": "<value>",
  "ownerType": "<value>",
  "subscriberId": "<value>",
  "subscriptionId": "<value>",
}
Returned if the given user is already subscribed to this stream using a different subscription ID, OR if the given subscription ID is already used to identify a subscription to a different stream.
invalid_request Concurrent refresh token requests were made by the same client for the same user, and while one of these requests probably succeeded, this one did not due to an update conflict. Avoid making multiple, concurrent refresh token requests within a short period of time. Try executing the token refresh endpoint once if possible. If necessary, wait a few seconds before executing the token refresh endpoint again.

411 Length Required

Error Type Message Recommendation
MissingContentLength The Content-Length HTTP header is missing According to RFC 7230, section 3.3.2 , this HTTP request requires the Content-Length header field containing the anticipated size of the payload body.

429 Too Many Requests

Error Type Message Recommendation
system Too many requests Returned if the application has reached the rate limit for a specific user. The rate limit will be reset at the top of the hour.

5xx Server Errors

The 5xx status codes are returned when a problem exists on the server. Look at the response body elements, errorType and message, for more information about the problem.

500 Internal Server Error

Error Type Message Recommendation
request An error occurred with the Fitbit Web API while processing the request. Try your request later.

502 Bad Gateway

Error Type Message Recommendation
Bad Gateway Try your request later.

503 Service Unavailable

Error Type Message Recommendation
back_off_app_maintenance The Fitbit service is temporarily offline for maintenance. We'll be back soon. Please check https://www.fitbitstatus.com/ for the latest update.

504 Gateway Timeout

Error Type Message Recommendation
Gateway time-out Try your request later.