<h1>Third-party applications<aclass="headerlink"href="#third-party-applications"title="Permalink to this heading">¶</a></h1>
<p>(<em>new in 0.7.0</em>)</p>
<p>FitTrackee provides a REST API (see <aclass="reference external"href="api/index.html">documentation</a>) whose
most endpoints require authorization/authentication.</p>
<p>To allow a third-party application to interact with API endpoints, an
<aclass="reference external"href="https://datatracker.ietf.org/doc/html/rfc6749">OAuth2</a> client can be created
in user settings (‘apps’ tab).</p>
<divclass="admonition note">
<pclass="admonition-title">Note</p>
<p>OAuth2 support is implemented with <aclass="reference external"href="https://docs.authlib.org/en/latest/">Authlib</a> library.</p>
</div>
<divclass="admonition warning">
<pclass="admonition-title">Warning</p>
<p>OAuth2 endpoints requiring authentication are not accessible by third-party
applications (<aclass="reference external"href="api/oauth2.html">documentation</a>), only by FitTrackee
client (first-party application).</p>
</div>
<p>FitTrackee supports only <aclass="reference external"href="https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.1">Authorization Code</a>
flow (with PKCE support).
It allows to exchange an authorization code for an access token.
It is recommended to use <aclass="reference external"href="https://datatracker.ietf.org/doc/html/rfc7636">PKCE</a>
to provide a better security.</p>
<p>The following scopes are available:</p>
<ulclass="simple">
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">application:write</span></code>: grants write access to application configuration (only for users with administration rights),</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">profile:read</span></code>: grants read access to auth endpoints,</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">profile:write</span></code>: grants write access to auth endpoints,</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">users:read</span></code>: grants read access to users endpoints,</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">users:write</span></code>: grants write access to users endpoints,</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">workouts:read</span></code>: grants read access to workouts-related endpoints,</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">workouts:write</span></code>: grants write access to workouts-related endpoints.</p></li>
</ul>
<figureclass="align-default">
<imgalt="OAuth2 client creation on FitTrackee"src="_images/fittrackee_screenshot-07.png"/>
</figure>
<p>Some resources about OAuth 2.0:</p>
<ulclass="simple">
<li><p><aclass="reference external"href="https://www.oauth.com">OAuth 2.0 Simplified</a> by <aclass="reference external"href="https://aaronparecki.com">Aaron Parecki</a></p></li>
<li><p><aclass="reference external"href="https://requests-oauthlib.readthedocs.io/en/latest/examples/real_world_example.html">Web App Example of OAuth 2 web application flow</a> with Requests-OAuthlib</p></li>