Fitbit OAuth Update

Fitbit is updating how developers access its API to improve security. We’re reaching out to our customers to ensure seamless functioning of their Temboo-powered applications that access the Fitbit API.

Fitbit has begun transitioning their security model from OAuth 1.0a to OAuth 2.0, and developers should transition their Fitbit apps to OAuth 2.0 by March 14, 2016.

Since Fitbit’s introduction of OAuth 2.0, our Fitbit Choreos have included support for both OAuth versions. Until this week OAuth 2.0 inputs had appeared as “optional” inputs for our Choreos on our website.

We’ve now removed the OAuth 1.0a inputs (ConsumerKey, ConsumerSecret, AccessTokenSecret) from our Fitbit Choreo pages, but they will continue to work in Temboo SDKs until you switch to OAuth 2.0.

We strongly recommend that you upgrade your application’s code to use OAuth 2.0 by March 14, 2016. On that day Fitbit will perform a one hour blackout test. During the test, all OAuth 1.0a requests will receive an error. By updating your app to follow the OAuth 2.0 flow by March 14th, you can use the blackout test to verify that your code is running as expected.

Note that Fitbit will permanently remove OAuth 1.0a support from their API on April 12, 2016. You can find detailed instructions for updating your Fitbit OAuth code via Temboo here.

As always, if you have any questions about this update, please don’t hesitate to get in touch. We will be happy to help!


What is happening?
Fitbit are discontinuing support for OAuth 1.0a, and moving to OAuth 2.0 only.

The hard deadline is April 12, 2016, with a blackout test on March 14, 2016.

How can I update my code?
Check out our instructions for how use Temboo’s support for Fitbit OAuth 2.0.