Third-party applications

(new in 0.7.0)

FitTrackee provides a REST API (see documentation) whose most endpoints require authorization/authentication.

To allow a third-party application to interact with API endpoints, an OAuth2 client can be created in user settings (‘apps’ tab).

Note

OAuth2 support is implemented with Authlib library.

Warning

OAuth2 endpoints requiring authentication are not accessible by third-party applications (documentation), only by FitTrackee client (first-party application).

FitTrackee supports only Authorization Code flow (with PKCE support). It allows to exchange an authorization code for an access token. It is recommended to use PKCE to provide a better security.

The following scopes are available:

• application:write: grants write access to application configuration (only for users with administration rights),

• profile:read: grants read access to auth endpoints,

• profile:write: grants write access to auth endpoints,

• users:read: grants read access to users endpoints,

• users:write: grants write access to users endpoints,

• workouts:read: grants read access to workouts-related endpoints,

• workouts:write: grants write access to workouts-related endpoints.

Some resources about OAuth 2.0:

• OAuth 2.0 Simplified by Aaron Parecki

• Web App Example of OAuth 2 web application flow with Requests-OAuthlib