...
| workers | GET /v3/studies/:studyIdentifier/oauth/:vendorIdentifier?pageSize=x&offsetKey=y |
|---|---|
| 200 | {"items":["healthCode1","healthCode2"], "requestParams": {...}, "type":"ForwardOnlyCursorPagedList"} |
| workers | POST /v3/studies/:studyIdentifier/oath/:vendorIdentifier |
|---|---|
| body | {"healthCode":"<health code>"} |
| if access token exists and is not expired | return access token |
| if access token exists and is expired | refresh token and return refreshed token |
| 401 | anything else (should only be an error from Fitbit) |
| 200 | {"accessToken":"<accessToken>","expiresOn":"<ISO 8601 timestamp>"} |
...