Fitbit Device Integration with Mobile and Web applications

Introduction:

Fitbit is a wearable device which tracks the daily activities, steps, calories burned, sleep, etc. These are wearable devices like watches. Fitbit can be connected to your smart phones and you can track your daily activities with this device. We will look into integrating Fitbit into your mobile or web application.

We will use Fitbit web APIs for accessing data from Fitbit activity trackers.

Steps to follow:

1. Register the app on the Fitbit developer portal to get the API credentials. You will need a Fitbit account (free) to register an app.
2. Implement OAuth 2.0 flow to give your app permission to access data from Fitbit.
3. Make HTTP request to access the data.
4. Implement Subscription APIs if you have a server app and want to get notified when people have new data available.

App Registration

• To use Fitbit web APIs register your app at dev.fitbit.com
• Select appropriate OAuth2.0 authentication type
  • Server
    • Authorization Code Grant Flow is used by Server side applications
• Client
  • Authorization Code Grant Flow or the Implicit Grant Flow is used by client side applications.
• Personal
  • Authorization Code Grant Flow or the Implicit Grant Flow is used by Personal applications, and approaches the intraday time arrangement information.

Authorization

Authorization includes OAuth2.0 authorization flow.

Obtaining Consent

• Authorization Code Grant and Implicit Grant flow are supported by Fitbit.
• The Authorization Code Grant Flow is recommended for the web based applications. This requires communication with the server using the client secret.
  For native applications, the Fitbit authorization page must be opened in dedicated browsers. iOS applications can use SFSafari Controllers and Android applications can use Custom Chrome tabs. Use of Webview is prohibited.
• Custom URL schemes as redirect URIs can be used to redirect users to application from the browser window.
  1. Application redirects to Fitbits Authorization page
  2. Once the user allows the permission redirect URI redirects the user to the application with the authorization as URL parameter.
  3. Your application exchanges the authorization code to get the access token and refresh token
  4. Access token will be used to fetch the data from FItbit APIs. It will be stored in the application.

Authorization Grant Flow example:

https://www.fitbit.com/oauth2/authorize?response_type=code&client_id=22DKPW&redirect_uri=https%3A%2F%2Ftudip.com%2F&scope=activity%20heartrate%20location%20nutrition%20profile%20settings%20sleep%20social%20weight&expires_in=604800

You will get code in the redirect URI after clicking allow button, make a curl call using the code to get the access token and refresh token

curl -X POST -i -H 'Authorization: Basic MjJEN0pSOmZhZDJjNzQ0MTgyOWRmYmY2Mzc5NjY2ZDE3MTg1YThj' -H 'Content-Type: application/x-www-form-urlencoded' -d "clientId=22D7JR" -d "grant_type=authorization_code" -d "redirect_uri=https%3A%2F%2Ftudip.com%2Fportal" -d "code=fd81713ac0746c4758465a93c1a6d0415abdfeed" https://api.fitbit.com/oauth2/token

You will get access token in the curl call response

Eg https://api.fitbit.com/1/client/ -/profile.json will give the profile data

curl -i -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJhdWQiOiIyMkQ3SlIiLCJzdWIiOiI2VzhYOVQiLCJpc3MiOiJGaXRiaXQiLCJ0eXAiOiJhY2Nlc3NfdG9rZW4iLCJzY29wZXMiOiJyc29jIHJzZXQgcmFjdCBybG9jIHJ3ZWkgcmhyIHJwcm8gcm51dCByc2xlIiwiZXhwIjoxNTUzOTE1NDU5LCJpYXQiOjE1NTM4ODY2NTl9.7UA4KQL7v5NRb8dqX_YsB_m7Pi0gVbI97p4DDW_d47Y" https://api.fitbit.com/1/user/[userId]/profile.json

Use activities API to get users activity results, https://api.fitbit.com/1/user/-/activities/date/2019-03-30.json

Activity API response is

{"activities":[],"goals":{"activeMinutes":30,"caloriesOut":2555,"distance":8.05,"steps":12000},"summary":{"activeScore":-1,"activityCalories":0,"caloriesBMR":0,"caloriesOut":0,"distances":[{"activity":"total","distance":0},{"activity":"tracker","distance":0},{"activity":"loggedActivities","distance":0},{"activity":"veryActive","distance":0},{"activity":"moderatelyActive","distance":0},{"activity":"lightlyActive","distance":0},{"activity":"sedentaryActive","distance":0}],"fairlyActiveMinutes":0,"lightlyActiveMinutes":0,"marginalCalories":0,"sedentaryMinutes":1440,"steps":0,"veryActiveMinutes":0}}

Fitbit Subscription API 

The Fitbit subscription API allows third party to notify when the user data changes and the data gets uploaded to fitbit.com, so the app can get updated data without using scheduling and polling.

Implementing Fitbit Subscription API

Use the following steps to implement Subscription API:

1. Arrange a basic warning URL as portrayed in Receiving Update Notifications.
2. Ensure your endorser endpoint is available from fitbit.com servers.
3. Arrange your supporter endpoints as depicted in Configure A Subscriber.
4. Check your endorser endpoint as depicted in Verify A Subscriber.
5. Confirm Fitbit clients on your site as portrayed in the OAuth validation API.
6. Include memberships as depicted in Add A Subscription.

Use following end points for Subscription API

POST

https://api.fitbit.com/1/user/-/[collection-path]/apiSubscriptions/[subscription-id].json

To delete subscription

DELETE

https://api.fitbit.com/1/user/-/[collection-path]/apiSubscriptions/[subscription-id].json