Connect Retool to the Fitbit Web API using a REST API Resource with OAuth 2.0 authentication. Query activity, sleep, heart rate, and exercise data to build wellness program dashboards — track employee or patient fitness metrics, monitor goal achievement, and aggregate wearable data alongside health program records in Retool for program administrators and health coaches.
| Fact | Value |
|---|---|
| Tool | Fitbit API |
| Category | Other |
| Method | REST API Resource |
| Difficulty | Intermediate |
| Time required | 30 minutes |
| Last updated | April 2026 |
Build Wellness Program and Fitness Tracking Dashboards in Retool with Fitbit
Corporate wellness programs and health coaching applications increasingly use wearable data to track participant progress, but the administrative side — viewing aggregate metrics across all participants, identifying who needs encouragement, and tracking goal achievement — typically requires manual data collection or expensive wellness platform subscriptions. Retool combined with the Fitbit API enables custom wellness dashboards that show exactly the metrics your program needs, integrated with your own participant records and program data.
Fitbit's Web API provides access to rich wearable data including daily step counts, active minutes, calorie burn, sleep duration and quality, heart rate zones, and logged exercises. Authentication uses OAuth 2.0 — importantly, each Fitbit user must individually authorize your application to access their personal health data, and you receive a separate access token per participant. This per-user token model means the integration involves collecting and managing authorization tokens for each program participant before you can query their data in Retool.
Common Retool apps built with the Fitbit API include: corporate wellness program dashboards showing participant activity levels and goal completion rates for program administrators, health coaching panels where coaches view their clients' weekly fitness trends and sleep patterns, leaderboard and challenge tracking tools that aggregate steps across a team for friendly competition programs, and wellness ROI dashboards that correlate fitness metrics with HR data about sick days and productivity indicators.
Integration method
Fitbit uses OAuth 2.0 with PKCE for user authorization. Each Fitbit user must individually authorize your application to access their data, and the resulting access tokens are per-user. For a Retool wellness program dashboard, you need to handle the OAuth flow to collect tokens for each participant, store them securely, and use them when querying that user's data. Configure a Retool REST API Resource with the Fitbit API base URL and per-user bearer tokens. All requests are proxied server-side through Retool.
Prerequisites
- A Fitbit developer account at dev.fitbit.com with an application registered to obtain client ID and secret
- OAuth 2.0 access tokens for each Fitbit user whose data you want to query (collected via Fitbit's OAuth flow)
- A database or Retool table to store per-user OAuth tokens securely (tokens should not be in Retool code)
- A Retool account with permission to create Resources
- Understanding of OAuth 2.0 flow and the privacy implications of accessing personal health data
Step-by-step guide
Register a Fitbit developer application and understand the OAuth flow
Navigate to dev.fitbit.com and log in with your Fitbit account (create one if needed — it does not need to be a paid account). Click 'Register an App' to create a new application registration. Fill in the required fields: application name (your wellness program name), description, website URL (your internal tool URL or company website), and most importantly the OAuth 2.0 Application Type — select 'Server' for server-side applications (not 'Personal' which only accesses the registering user's data). Set the Callback URL to a URL you control where users will be redirected after authorization — for internal tools, this can be a Retool app URL or a simple endpoint you set up to capture the authorization code. Under Default Access Type, select 'Read Only' unless you need to write exercise logs or update goals. After saving, Fitbit provides your OAuth 2.0 Client ID and Client Secret. Copy both values. The key limitation to understand: each Fitbit user must individually visit Fitbit's authorization page, log in, and grant access to your application before you can query their data. The resulting access token (valid for 8 hours) and refresh token (valid for indefinite use) must be stored and managed per-user in your own database.
Pro tip: For wellness programs with multiple participants, build a simple authorization flow: generate the Fitbit OAuth URL for each participant, send it to them via email, and when they authorize, capture the resulting code and exchange it for tokens using your backend. Store the access_token and refresh_token in your participant database, associated with their user record.
Expected result: You have a registered Fitbit application with a client ID and client secret. You understand the per-user OAuth authorization requirement and have a plan for collecting tokens from program participants.
Create the Fitbit REST API Resource in Retool
In Retool, navigate to the Resources tab and click 'Create New'. Select 'REST API' from the resource type list. Set the Base URL to 'https://api.fitbit.com'. Fitbit's API uses versioned endpoints — most current endpoints are under '/1/' or '/1.2/' as path prefixes. Under Authentication, select 'Bearer Token' and enter a placeholder or leave blank — for per-user token scenarios, you will pass the token in each query's headers individually by overriding the resource-level authorization. This is because each query targets a different user's token. Alternatively, configure the resource with a default token for a single-user integration. Under Headers, add 'Accept-Language: en_US' to get measurements in the units matching your locale, and 'Accept-Locale: en_US' for consistent formatting. Store your Fitbit client ID and secret in Retool Settings → Configuration Variables as 'FITBIT_CLIENT_ID' and 'FITBIT_CLIENT_SECRET' for the token refresh flow. Add 'FITBIT_ACCESS_TOKEN' as a configuration variable if you are building a single-user integration. Click 'Save Resource'.
1{2 "Base URL": "https://api.fitbit.com",3 "Headers": {4 "Accept-Language": "en_US",5 "Accept-Locale": "en_US",6 "Content-Type": "application/json"7 },8 "Authentication": "Bearer Token",9 "Note": "For multi-user wellness programs, pass each user's token in the Authorization header override per-query: Authorization: Bearer {user_token}"10}Pro tip: Fitbit access tokens expire after 8 hours. Implement a token refresh flow using the refresh_token stored in your database: POST to 'https://api.fitbit.com/oauth2/token' with grant_type=refresh_token to get a new access token. Build a Retool Workflow that refreshes tokens for all participants daily to ensure data is always accessible.
Expected result: The Fitbit REST API Resource is saved with the correct base URL and headers. Configuration variables for credentials are stored securely.
Query daily activity and step count data
Create a query to retrieve daily activity data for a specific user. Set the method to GET. Fitbit's activity summary endpoint returns comprehensive daily stats for a given date. The path format is '/1/user/{user-id}/activities/date/{date}.json' where user-id is the Fitbit user's ID (use '-' as a shorthand for the authenticated user when using their own token). The date format is YYYY-MM-DD. In the query header override, add 'Authorization: Bearer {{ selectedParticipant.fitbit_token }}' — where selectedParticipant is a state variable or table row containing the participant's stored token. The response 'summary' object contains: steps, floors, caloriesOut, distances array (including 'total' distance), minutesSedentary, minutesLightlyActive, minutesFairlyActive, minutesVeryActive, and the activity goals. For a date range, use the activities time series endpoint: '/1/user/-/activities/steps/date/{start-date}/{end-date}.json' which returns an array of date-value pairs. Add a DateRangePicker to control the date range and bind start/end dates to the query parameters.
1// GET /1/user/-/activities/steps/date/{start}/{end}.json2// Headers: Authorization: Bearer {{ participantSelect.value }}3// (participantSelect.value should contain the user's access token)45// For single-day summary:6// GET /1/user/-/activities/date/{date}.json78// Transformer: format step data for chart9const stepsData = data && data['activities-steps']10 ? data['activities-steps']11 : [];1213const weeklyTotal = stepsData.reduce((sum, day) => sum + parseInt(day.value || 0), 0);14const weeklyAvg = stepsData.length > 015 ? Math.round(weeklyTotal / stepsData.length)16 : 0;1718return {19 daily_data: stepsData.map(day => ({20 date: day.dateTime,21 steps: parseInt(day.value || 0),22 goal_met: parseInt(day.value || 0) >= 1000023 })),24 weekly_total: weeklyTotal,25 weekly_avg: weeklyAvg,26 goal_achievement_rate: stepsData.length > 027 ? Math.round((stepsData.filter(d => parseInt(d.value) >= 10000).length / stepsData.length) * 100)28 : 029};Pro tip: Fitbit's date-range step series endpoint is the most efficient way to get 7 or 30 days of step data in one request. Avoid making separate daily requests in a loop — use the date range endpoint and extract the array of daily values in your transformer.
Expected result: The query returns daily step counts for the selected participant over the specified date range, with computed weekly average and goal achievement rate.
Query sleep data and compute sleep quality metrics
Create a sleep data query using Fitbit's sleep log endpoint. Set the method to GET and the path to '/1.2/user/-/sleep/date/{date}.json' for a single night, or '/1.2/user/-/sleep/date/{start-date}/{end-date}.json' for a range (maximum 100 days per request). Include the per-user Authorization header override. The response includes a 'sleep' array of sleep sessions for the night, and a 'summary' object with totalMinutesAsleep, totalTimeInBed, and for Fitbit users with heart rate tracking, the 'stages' breakdown (deep, light, rem, wake minutes). Extract key sleep metrics from the summary: total sleep duration, time in bed vs. time asleep (sleep efficiency percentage), and stages breakdown percentages. For sleep consistency analysis, compare bedtime and wake time across multiple days and calculate the standard deviation to measure consistency. Add an Image or Chart component showing a sleep stage pie chart bound to the stages data from the summary.
1// GET /1.2/user/-/sleep/date/{start}/{end}.json2// Headers: Authorization: Bearer {{ participantToken }}34// Transformer: format sleep data with quality metrics5const sleepList = data && data.sleep ? data.sleep : [];67// Filter to main sleep sessions (exclude short naps)8const mainSessions = sleepList.filter(s => s.isMainSleep);910return mainSessions.map(session => {11 const duration = session.minutesAsleep || 0;12 const inBed = session.timeInBed || 0;13 const efficiency = inBed > 0 ? Math.round((duration / inBed) * 100) : 0;14 const stages = session.levels && session.levels.summary15 ? session.levels.summary16 : {};1718 return {19 date: session.dateOfSleep,20 bedtime: session.startTime21 ? new Date(session.startTime).toLocaleTimeString('en-US', { hour: '2-digit', minute: '2-digit' })22 : 'Unknown',23 wake_time: session.endTime24 ? new Date(session.endTime).toLocaleTimeString('en-US', { hour: '2-digit', minute: '2-digit' })25 : 'Unknown',26 duration_hours: Math.round(duration / 60 * 10) / 10,27 efficiency_pct: efficiency,28 deep_min: stages.deep ? stages.deep.minutes : null,29 rem_min: stages.rem ? stages.rem.minutes : null,30 light_min: stages.light ? stages.light.minutes : null,31 wake_min: stages.wake ? stages.wake.minutes : null,32 quality: duration >= 420 && efficiency >= 85 ? 'Good'33 : duration >= 360 && efficiency >= 75 ? 'Fair'34 : 'Needs Improvement'35 };36});Pro tip: Sleep stage data (deep, light, REM) is only available for Fitbit devices with heart rate monitoring. Older Fitbit models return 'classic' sleep data with only 'asleep', 'restless', and 'awake' stages. Check the 'type' field in the sleep session — 'stages' means full HR-based data, 'classic' means older classification.
Expected result: The sleep query returns nightly sleep metrics with duration, efficiency percentage, and sleep stage breakdown for each night in the selected range.
Build the multi-participant wellness dashboard
Assemble the complete wellness program dashboard by combining participant management with Fitbit data queries. Create a database query to load all enrolled program participants from your participants table (which should include their name, enrollment date, program goals, and stored Fitbit access token). Display participants in a Table component on the left panel. When a program manager selects a participant row, the right panel loads that participant's Fitbit data using their stored token — bind the token from the selectedRow to the Authorization header of your activity and sleep queries. Build aggregated views using JavaScript transformers: calculate each participant's 7-day step average, compare against their personal goal (stored in your database), and compute a goal achievement percentage. Add Stat components showing program-wide metrics: total participants, average team steps today, percentage meeting their weekly step goal. Use Retool's row background color feature to highlight participants below 50% of their goal in yellow. For programs with complex data privacy requirements or multi-source data joins, RapidDev's team can help architect and build your Retool wellness solution.
1// JavaScript query: aggregate program metrics across all participants2const participants = getParticipants.data || [];3const participantSteps = {};45// Build lookup from per-participant step queries6// In practice, load each participant's steps in a loop via Workflow7// This transformer assumes steps data has been pre-fetched and stored89return participants.map(p => {10 const stepsData = participantSteps[p.fitbit_user_id] || {};11 const weeklyAvg = stepsData.weekly_avg || 0;12 const goal = p.daily_step_goal || 10000;13 const achievement = goal > 0 ? Math.round((weeklyAvg / goal) * 100) : 0;1415 return {16 participant_id: p.id,17 name: p.full_name,18 enrollment_date: new Date(p.enrolled_at).toLocaleDateString(),19 daily_goal: goal,20 weekly_avg_steps: weeklyAvg,21 goal_achievement_pct: achievement,22 status: achievement >= 100 ? 'exceeding'23 : achievement >= 75 ? 'on_track'24 : achievement >= 50 ? 'at_risk'25 : 'needs_support',26 last_sync: p.fitbit_last_sync27 ? new Date(p.fitbit_last_sync).toLocaleDateString()28 : 'Never'29 };30}).sort((a, b) => a.goal_achievement_pct - b.goal_achievement_pct);Pro tip: For a wellness program with more than 10-15 participants, avoid querying Fitbit in real time for all participants when the dashboard loads. Instead, build a Retool Workflow that runs nightly, fetches each participant's data, and stores aggregated metrics in a program_metrics table. The dashboard reads from this cached table for fast loads, and the Workflow handles the Fitbit API quota.
Expected result: The wellness dashboard shows all program participants with their activity metrics, goal achievement rates, and status indicators. Selecting a participant loads their detailed activity and sleep data in the detail panel.
Common use cases
Build a corporate wellness program participant dashboard
Create a Retool admin panel for wellness program managers showing all enrolled participants with their Fitbit data for the current week. Display each participant's average daily steps, active minutes, sleep duration, and goal achievement percentage. Highlight participants who have not synced their device recently (indicating possible disengagement) and those who have exceeded their goals (eligible for rewards). Let program managers click on a participant to see their full activity history.
Build a Retool wellness program dashboard showing a Table of all enrolled participants with columns for name, weekly average steps, average active minutes, average sleep hours, and goal achievement percentage. Color-code rows green for participants meeting their goals and yellow for those below 75% of their goal. Include a date range filter and a participant detail panel.
Copy this prompt to try it in Retool
Create a health coaching client progress tracker
Build a Retool panel for health coaches showing their assigned clients' fitness trends. For each client, display a weekly activity chart showing daily steps over the past 30 days, sleep consistency metrics (variance in bed/wake times), and heart rate zone distribution from workout sessions. Allow coaches to add notes about each client session and set custom goals that override Fitbit's defaults, with the panel tracking progress against coach-defined targets.
Create a Retool health coaching panel where coaches select a client from a dropdown, view their 30-day step count trend as a line chart, see sleep consistency metrics (average bedtime, average wake time, standard deviation), and view heart rate zone breakdowns from recent workouts. Include a notes field for coaching session observations.
Copy this prompt to try it in Retool
Build a team step challenge leaderboard
Aggregate weekly step data for all members of a team step challenge and build a dynamic leaderboard showing current rankings, total steps, and days remaining in the challenge. Update automatically by querying each participant's step total for the challenge period. Display progress bars showing each team's cumulative steps toward the challenge goal, and identify the top individual performer and most improved participant since the previous update.
Build a Retool team step challenge dashboard showing a leaderboard of participants ranked by total steps in the challenge period, with each person's weekly step total, an overall progress bar toward the team goal, and comparison vs. the previous week's total. Refresh button updates the leaderboard with current Fitbit data.
Copy this prompt to try it in Retool
Troubleshooting
API returns 401 Unauthorized with 'Access token expired' in the error body
Cause: Fitbit access tokens expire after 8 hours. If a participant's token has not been refreshed since their initial authorization, queries to their data will fail.
Solution: Implement a token refresh flow: use the participant's stored refresh_token to POST to 'https://api.fitbit.com/oauth2/token' with grant_type=refresh_token, client_id, and client_secret (as Basic Auth or in the body). The response contains a new access_token and refresh_token — update both in your participant database. Build a Retool Workflow that checks token expiry daily and refreshes any tokens expiring within 24 hours.
1// Token refresh request (POST to Fitbit OAuth endpoint)2// Basic Auth: base64(client_id:client_secret)3// Body: grant_type=refresh_token&refresh_token={stored_refresh_token}API returns 403 Forbidden with 'insufficient_scope' for certain endpoints
Cause: The OAuth scope granted by the user during authorization does not include the data type being requested. For example, querying sleep data requires the 'sleep' scope, and heart rate data requires the 'heartrate' scope.
Solution: When generating the Fitbit authorization URL, include all required scopes: 'activity', 'heartrate', 'sleep', 'profile'. If a participant's token was obtained with insufficient scopes, they must re-authorize the application with the expanded scope list. Update your OAuth authorization URL to request all needed scopes, and prompt affected participants to re-authorize.
Step data returns 0 for recent dates even though the participant has synced their device
Cause: Fitbit data may not be available in the API immediately after device sync — there can be a delay of up to several minutes. Alternatively, the participant's device has not actually synced recently despite showing a 'last sync' timestamp in the app.
Solution: Check the participant's device sync timestamp using GET '/1/user/-/devices.json' which returns each linked device with its last sync time. If the last sync is recent (within the past hour), wait a few minutes and retry. If sync is significantly delayed, the participant may need to open their Fitbit app to force a sync. For wellness program use cases, accept that data is typically 1-24 hours delayed rather than real-time.
Rate limit errors (429 Too Many Requests) when loading the dashboard for many participants
Cause: Fitbit's API enforces a rate limit of 150 requests per hour per token (per user account). When loading a dashboard that queries multiple endpoints for many participants simultaneously, you can exceed this limit quickly.
Solution: Move data fetching to a Retool Workflow that runs on a schedule (nightly or every few hours) rather than on page load. The Workflow fetches data for all participants sequentially with delays between requests, stores results in a staging database table, and the Retool dashboard reads from this cached table. This approach respects rate limits and keeps the dashboard fast regardless of participant count.
Best practices
- Store participant OAuth tokens in an encrypted database column rather than in Retool configuration variables — these tokens grant access to personal health data and must be managed with strict access controls and privacy compliance
- Implement token refresh before tokens expire rather than on failure — proactively refreshing tokens daily in a Retool Workflow ensures data is always accessible without error interruptions in the dashboard
- Cache aggregated wellness data in a staging database table updated by a scheduled Retool Workflow — querying Fitbit in real time for many participants on every dashboard load is inefficient and risks hitting rate limits
- Be explicit with participants about what data is accessed and why — Fitbit health data is sensitive personal information; publish a clear wellness program data policy and ensure participants provide informed consent before authorization
- Request only the OAuth scopes you actually use — if your wellness program only tracks steps and sleep, do not request heartrate and nutrition scopes even if available; minimal scope access reduces privacy risk
- Build data retention controls into the dashboard — when a participant leaves the wellness program, immediately delete their stored tokens and queued data from your systems to comply with privacy regulations
- Handle missing data gracefully in transformers — not all Fitbit devices support all data types (e.g., older models do not have heart rate), and participants may have days with no sync; use null checks and default values throughout your transformer code
Alternatives
Garmin Connect targets serious athletes and uses a partner program with OAuth 1.0a authentication, making it better suited for sports performance tracking rather than consumer wellness programs; requires Garmin partnership approval.
Google Analytics tracks digital behavior rather than physical activity, but Google also offers Google Fit API for health data access with similar OAuth patterns if your wellness program participants prefer Android wearables.
Amplitude is a product analytics platform — relevant only if you are building a wellness app and want to analyze user engagement with the app itself rather than the underlying fitness data from wearables.
Frequently asked questions
Does Retool have a native Fitbit connector?
No, Retool does not have a native Fitbit connector. You connect using a REST API Resource with Fitbit OAuth 2.0 bearer tokens. The primary complexity is managing per-user tokens for multiple participants, which requires storing and refreshing tokens in a database rather than using a single shared API key.
Can I access any Fitbit user's data, or only users who have authorized my application?
Only users who have individually authorized your Fitbit application through Fitbit's OAuth flow. Fitbit users must give explicit consent for each application to access their personal health data. There is no admin or enterprise API that bypasses individual user consent — this is a deliberate privacy protection. For wellness programs, you must provide each participant with an authorization link and collect their consent before their data is accessible.
What types of data can I access through the Fitbit API?
With appropriate OAuth scopes, you can access: daily activity summary (steps, distance, calories, active minutes, floors), intraday data (5-minute and 1-minute step counts, heart rate), sleep logs (duration, stages, efficiency), heart rate data (resting HR, zones from workouts), exercise logs (GPS data, pace, workout details), body measurements (weight, BMI if logged), nutrition logs (food and water intake if logged), and device information. Data availability depends on the specific Fitbit device model and what the user has logged.
Are there privacy regulations I need to consider when building a wellness dashboard with Fitbit data?
Yes, significantly. Fitbit data is health and fitness data that may be subject to HIPAA in US healthcare contexts, GDPR in Europe, and various state/national privacy laws. Before building a wellness program dashboard, consult with your legal and privacy teams. Key requirements typically include: explicit informed consent, data minimization (only collect what you need), secure storage of tokens and health data, data deletion procedures when participants leave the program, and clear disclosure of how data is used.
What are the Fitbit API rate limits?
Fitbit enforces a rate limit of 150 API requests per hour per OAuth token (per user account). For wellness programs with many participants, this means you cannot query all participants' data simultaneously in real time. Use a Retool Workflow that sequentially fetches data for each participant with delays between requests, stores results in a database, and updates on a schedule rather than on-demand. The dashboard then reads from the pre-fetched database table for fast, limit-safe access.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation