...
| authenticated users | POST /v3/oauth/:vendorIdentifiervendorId |
|---|---|
| body | {"authCode":"<authCode>"} |
| if auth code provided in post | get access and refresh tokens |
| no authCode provided, accessToken exists, not expired | return access token |
| no authCode provided, accessToken exists, expired | refresh access token, return new access token |
| 401 | no authCode, no accessToken, or an error |
| 200 | {"accessToken":"<accessToken>","expiresOn":"<ISO 8601 timestamp>"} |
...
| workers | GET /v3/studies/:studyIdentifier/oauth/:vendorIdentifiervendorId?pageSize=x&offsetKey=y |
|---|---|
| 200 | {"items":["healthCode1","healthCode2"], "requestParams": {...}, "type":"ForwardOnlyCursorPagedList"} |
...
| workers | GET /v3/studies/:studyIdentifier/oath/:vendorIdentifiervendorId/grants/:healthCode |
|---|---|
| if access token exists and is not expired | return access token |
| if access token exists and is expired | refresh token and return refreshed token |
| 401 | anything else (should only be an error from Fitbit) |
| 200 | {"vendorId":"vendorId","accessToken":"<accessToken>","expiresOn":"<ISO 8601 timestamp>"} |
...