Skip to main content
RapidDev - Software Development Agency
retool-integrationsREST API Resource

How to Integrate Retool with Fitbit API

Connect Retool to the Fitbit Web API using a REST API Resource with OAuth 2.0 authentication. Query activity, sleep, heart rate, and exercise data to build wellness program dashboards — track employee or patient fitness metrics, monitor goal achievement, and aggregate wearable data alongside health program records in Retool for program administrators and health coaches.

What you'll learn

  • How to create a Fitbit developer application and configure OAuth 2.0 for server-side access
  • How to handle Fitbit's per-user OAuth authorization flow and store tokens for program participants
  • How to query Fitbit activity, step count, and sleep data for specific users and date ranges
  • How to build a wellness program dashboard aggregating fitness data across multiple participants
  • How to use JavaScript transformers to compute metrics like weekly averages and goal achievement rates
Book a free consultation
4.9Clutch rating
600+Happy partners
17+Countries served
190+Team members
Intermediate16 min read30 minutesOtherLast updated April 2026RapidDev Engineering Team
TL;DR

Connect Retool to the Fitbit Web API using a REST API Resource with OAuth 2.0 authentication. Query activity, sleep, heart rate, and exercise data to build wellness program dashboards — track employee or patient fitness metrics, monitor goal achievement, and aggregate wearable data alongside health program records in Retool for program administrators and health coaches.

Quick facts about this guide
FactValue
ToolFitbit API
CategoryOther
MethodREST API Resource
DifficultyIntermediate
Time required30 minutes
Last updatedApril 2026

Build Wellness Program and Fitness Tracking Dashboards in Retool with Fitbit

Corporate wellness programs and health coaching applications increasingly use wearable data to track participant progress, but the administrative side — viewing aggregate metrics across all participants, identifying who needs encouragement, and tracking goal achievement — typically requires manual data collection or expensive wellness platform subscriptions. Retool combined with the Fitbit API enables custom wellness dashboards that show exactly the metrics your program needs, integrated with your own participant records and program data.

Fitbit's Web API provides access to rich wearable data including daily step counts, active minutes, calorie burn, sleep duration and quality, heart rate zones, and logged exercises. Authentication uses OAuth 2.0 — importantly, each Fitbit user must individually authorize your application to access their personal health data, and you receive a separate access token per participant. This per-user token model means the integration involves collecting and managing authorization tokens for each program participant before you can query their data in Retool.

Common Retool apps built with the Fitbit API include: corporate wellness program dashboards showing participant activity levels and goal completion rates for program administrators, health coaching panels where coaches view their clients' weekly fitness trends and sleep patterns, leaderboard and challenge tracking tools that aggregate steps across a team for friendly competition programs, and wellness ROI dashboards that correlate fitness metrics with HR data about sick days and productivity indicators.

Integration method

REST API Resource

Fitbit uses OAuth 2.0 with PKCE for user authorization. Each Fitbit user must individually authorize your application to access their data, and the resulting access tokens are per-user. For a Retool wellness program dashboard, you need to handle the OAuth flow to collect tokens for each participant, store them securely, and use them when querying that user's data. Configure a Retool REST API Resource with the Fitbit API base URL and per-user bearer tokens. All requests are proxied server-side through Retool.

Prerequisites

  • A Fitbit developer account at dev.fitbit.com with an application registered to obtain client ID and secret
  • OAuth 2.0 access tokens for each Fitbit user whose data you want to query (collected via Fitbit's OAuth flow)
  • A database or Retool table to store per-user OAuth tokens securely (tokens should not be in Retool code)
  • A Retool account with permission to create Resources
  • Understanding of OAuth 2.0 flow and the privacy implications of accessing personal health data

Step-by-step guide

1

Register a Fitbit developer application and understand the OAuth flow

Navigate to dev.fitbit.com and log in with your Fitbit account (create one if needed — it does not need to be a paid account). Click 'Register an App' to create a new application registration. Fill in the required fields: application name (your wellness program name), description, website URL (your internal tool URL or company website), and most importantly the OAuth 2.0 Application Type — select 'Server' for server-side applications (not 'Personal' which only accesses the registering user's data). Set the Callback URL to a URL you control where users will be redirected after authorization — for internal tools, this can be a Retool app URL or a simple endpoint you set up to capture the authorization code. Under Default Access Type, select 'Read Only' unless you need to write exercise logs or update goals. After saving, Fitbit provides your OAuth 2.0 Client ID and Client Secret. Copy both values. The key limitation to understand: each Fitbit user must individually visit Fitbit's authorization page, log in, and grant access to your application before you can query their data. The resulting access token (valid for 8 hours) and refresh token (valid for indefinite use) must be stored and managed per-user in your own database.

Pro tip: For wellness programs with multiple participants, build a simple authorization flow: generate the Fitbit OAuth URL for each participant, send it to them via email, and when they authorize, capture the resulting code and exchange it for tokens using your backend. Store the access_token and refresh_token in your participant database, associated with their user record.

Expected result: You have a registered Fitbit application with a client ID and client secret. You understand the per-user OAuth authorization requirement and have a plan for collecting tokens from program participants.

2

Create the Fitbit REST API Resource in Retool

In Retool, navigate to the Resources tab and click 'Create New'. Select 'REST API' from the resource type list. Set the Base URL to 'https://api.fitbit.com'. Fitbit's API uses versioned endpoints — most current endpoints are under '/1/' or '/1.2/' as path prefixes. Under Authentication, select 'Bearer Token' and enter a placeholder or leave blank — for per-user token scenarios, you will pass the token in each query's headers individually by overriding the resource-level authorization. This is because each query targets a different user's token. Alternatively, configure the resource with a default token for a single-user integration. Under Headers, add 'Accept-Language: en_US' to get measurements in the units matching your locale, and 'Accept-Locale: en_US' for consistent formatting. Store your Fitbit client ID and secret in Retool Settings → Configuration Variables as 'FITBIT_CLIENT_ID' and 'FITBIT_CLIENT_SECRET' for the token refresh flow. Add 'FITBIT_ACCESS_TOKEN' as a configuration variable if you are building a single-user integration. Click 'Save Resource'.

resource-config.json
1{
2 "Base URL": "https://api.fitbit.com",
3 "Headers": {
4 "Accept-Language": "en_US",
5 "Accept-Locale": "en_US",
6 "Content-Type": "application/json"
7 },
8 "Authentication": "Bearer Token",
9 "Note": "For multi-user wellness programs, pass each user's token in the Authorization header override per-query: Authorization: Bearer {user_token}"
10}

Pro tip: Fitbit access tokens expire after 8 hours. Implement a token refresh flow using the refresh_token stored in your database: POST to 'https://api.fitbit.com/oauth2/token' with grant_type=refresh_token to get a new access token. Build a Retool Workflow that refreshes tokens for all participants daily to ensure data is always accessible.

Expected result: The Fitbit REST API Resource is saved with the correct base URL and headers. Configuration variables for credentials are stored securely.

3

Query daily activity and step count data

Create a query to retrieve daily activity data for a specific user. Set the method to GET. Fitbit's activity summary endpoint returns comprehensive daily stats for a given date. The path format is '/1/user/{user-id}/activities/date/{date}.json' where user-id is the Fitbit user's ID (use '-' as a shorthand for the authenticated user when using their own token). The date format is YYYY-MM-DD. In the query header override, add 'Authorization: Bearer {{ selectedParticipant.fitbit_token }}' — where selectedParticipant is a state variable or table row containing the participant's stored token. The response 'summary' object contains: steps, floors, caloriesOut, distances array (including 'total' distance), minutesSedentary, minutesLightlyActive, minutesFairlyActive, minutesVeryActive, and the activity goals. For a date range, use the activities time series endpoint: '/1/user/-/activities/steps/date/{start-date}/{end-date}.json' which returns an array of date-value pairs. Add a DateRangePicker to control the date range and bind start/end dates to the query parameters.

steps_data_transformer.js
1// GET /1/user/-/activities/steps/date/{start}/{end}.json
2// Headers: Authorization: Bearer {{ participantSelect.value }}
3// (participantSelect.value should contain the user's access token)
4
5// For single-day summary:
6// GET /1/user/-/activities/date/{date}.json
7
8// Transformer: format step data for chart
9const stepsData = data && data['activities-steps']
10 ? data['activities-steps']
11 : [];
12
13const weeklyTotal = stepsData.reduce((sum, day) => sum + parseInt(day.value || 0), 0);
14const weeklyAvg = stepsData.length > 0
15 ? Math.round(weeklyTotal / stepsData.length)
16 : 0;
17
18return {
19 daily_data: stepsData.map(day => ({
20 date: day.dateTime,
21 steps: parseInt(day.value || 0),
22 goal_met: parseInt(day.value || 0) >= 10000
23 })),
24 weekly_total: weeklyTotal,
25 weekly_avg: weeklyAvg,
26 goal_achievement_rate: stepsData.length > 0
27 ? Math.round((stepsData.filter(d => parseInt(d.value) >= 10000).length / stepsData.length) * 100)
28 : 0
29};

Pro tip: Fitbit's date-range step series endpoint is the most efficient way to get 7 or 30 days of step data in one request. Avoid making separate daily requests in a loop — use the date range endpoint and extract the array of daily values in your transformer.

Expected result: The query returns daily step counts for the selected participant over the specified date range, with computed weekly average and goal achievement rate.

4

Query sleep data and compute sleep quality metrics

Create a sleep data query using Fitbit's sleep log endpoint. Set the method to GET and the path to '/1.2/user/-/sleep/date/{date}.json' for a single night, or '/1.2/user/-/sleep/date/{start-date}/{end-date}.json' for a range (maximum 100 days per request). Include the per-user Authorization header override. The response includes a 'sleep' array of sleep sessions for the night, and a 'summary' object with totalMinutesAsleep, totalTimeInBed, and for Fitbit users with heart rate tracking, the 'stages' breakdown (deep, light, rem, wake minutes). Extract key sleep metrics from the summary: total sleep duration, time in bed vs. time asleep (sleep efficiency percentage), and stages breakdown percentages. For sleep consistency analysis, compare bedtime and wake time across multiple days and calculate the standard deviation to measure consistency. Add an Image or Chart component showing a sleep stage pie chart bound to the stages data from the summary.

sleep_transformer.js
1// GET /1.2/user/-/sleep/date/{start}/{end}.json
2// Headers: Authorization: Bearer {{ participantToken }}
3
4// Transformer: format sleep data with quality metrics
5const sleepList = data && data.sleep ? data.sleep : [];
6
7// Filter to main sleep sessions (exclude short naps)
8const mainSessions = sleepList.filter(s => s.isMainSleep);
9
10return mainSessions.map(session => {
11 const duration = session.minutesAsleep || 0;
12 const inBed = session.timeInBed || 0;
13 const efficiency = inBed > 0 ? Math.round((duration / inBed) * 100) : 0;
14 const stages = session.levels && session.levels.summary
15 ? session.levels.summary
16 : {};
17
18 return {
19 date: session.dateOfSleep,
20 bedtime: session.startTime
21 ? new Date(session.startTime).toLocaleTimeString('en-US', { hour: '2-digit', minute: '2-digit' })
22 : 'Unknown',
23 wake_time: session.endTime
24 ? new Date(session.endTime).toLocaleTimeString('en-US', { hour: '2-digit', minute: '2-digit' })
25 : 'Unknown',
26 duration_hours: Math.round(duration / 60 * 10) / 10,
27 efficiency_pct: efficiency,
28 deep_min: stages.deep ? stages.deep.minutes : null,
29 rem_min: stages.rem ? stages.rem.minutes : null,
30 light_min: stages.light ? stages.light.minutes : null,
31 wake_min: stages.wake ? stages.wake.minutes : null,
32 quality: duration >= 420 && efficiency >= 85 ? 'Good'
33 : duration >= 360 && efficiency >= 75 ? 'Fair'
34 : 'Needs Improvement'
35 };
36});

Pro tip: Sleep stage data (deep, light, REM) is only available for Fitbit devices with heart rate monitoring. Older Fitbit models return 'classic' sleep data with only 'asleep', 'restless', and 'awake' stages. Check the 'type' field in the sleep session — 'stages' means full HR-based data, 'classic' means older classification.

Expected result: The sleep query returns nightly sleep metrics with duration, efficiency percentage, and sleep stage breakdown for each night in the selected range.

5

Build the multi-participant wellness dashboard

Assemble the complete wellness program dashboard by combining participant management with Fitbit data queries. Create a database query to load all enrolled program participants from your participants table (which should include their name, enrollment date, program goals, and stored Fitbit access token). Display participants in a Table component on the left panel. When a program manager selects a participant row, the right panel loads that participant's Fitbit data using their stored token — bind the token from the selectedRow to the Authorization header of your activity and sleep queries. Build aggregated views using JavaScript transformers: calculate each participant's 7-day step average, compare against their personal goal (stored in your database), and compute a goal achievement percentage. Add Stat components showing program-wide metrics: total participants, average team steps today, percentage meeting their weekly step goal. Use Retool's row background color feature to highlight participants below 50% of their goal in yellow. For programs with complex data privacy requirements or multi-source data joins, RapidDev's team can help architect and build your Retool wellness solution.

program_dashboard_transformer.js
1// JavaScript query: aggregate program metrics across all participants
2const participants = getParticipants.data || [];
3const participantSteps = {};
4
5// Build lookup from per-participant step queries
6// In practice, load each participant's steps in a loop via Workflow
7// This transformer assumes steps data has been pre-fetched and stored
8
9return participants.map(p => {
10 const stepsData = participantSteps[p.fitbit_user_id] || {};
11 const weeklyAvg = stepsData.weekly_avg || 0;
12 const goal = p.daily_step_goal || 10000;
13 const achievement = goal > 0 ? Math.round((weeklyAvg / goal) * 100) : 0;
14
15 return {
16 participant_id: p.id,
17 name: p.full_name,
18 enrollment_date: new Date(p.enrolled_at).toLocaleDateString(),
19 daily_goal: goal,
20 weekly_avg_steps: weeklyAvg,
21 goal_achievement_pct: achievement,
22 status: achievement >= 100 ? 'exceeding'
23 : achievement >= 75 ? 'on_track'
24 : achievement >= 50 ? 'at_risk'
25 : 'needs_support',
26 last_sync: p.fitbit_last_sync
27 ? new Date(p.fitbit_last_sync).toLocaleDateString()
28 : 'Never'
29 };
30}).sort((a, b) => a.goal_achievement_pct - b.goal_achievement_pct);

Pro tip: For a wellness program with more than 10-15 participants, avoid querying Fitbit in real time for all participants when the dashboard loads. Instead, build a Retool Workflow that runs nightly, fetches each participant's data, and stores aggregated metrics in a program_metrics table. The dashboard reads from this cached table for fast loads, and the Workflow handles the Fitbit API quota.

Expected result: The wellness dashboard shows all program participants with their activity metrics, goal achievement rates, and status indicators. Selecting a participant loads their detailed activity and sleep data in the detail panel.

Common use cases

Build a corporate wellness program participant dashboard

Create a Retool admin panel for wellness program managers showing all enrolled participants with their Fitbit data for the current week. Display each participant's average daily steps, active minutes, sleep duration, and goal achievement percentage. Highlight participants who have not synced their device recently (indicating possible disengagement) and those who have exceeded their goals (eligible for rewards). Let program managers click on a participant to see their full activity history.

Retool Prompt

Build a Retool wellness program dashboard showing a Table of all enrolled participants with columns for name, weekly average steps, average active minutes, average sleep hours, and goal achievement percentage. Color-code rows green for participants meeting their goals and yellow for those below 75% of their goal. Include a date range filter and a participant detail panel.

Copy this prompt to try it in Retool

Create a health coaching client progress tracker

Build a Retool panel for health coaches showing their assigned clients' fitness trends. For each client, display a weekly activity chart showing daily steps over the past 30 days, sleep consistency metrics (variance in bed/wake times), and heart rate zone distribution from workout sessions. Allow coaches to add notes about each client session and set custom goals that override Fitbit's defaults, with the panel tracking progress against coach-defined targets.

Retool Prompt

Create a Retool health coaching panel where coaches select a client from a dropdown, view their 30-day step count trend as a line chart, see sleep consistency metrics (average bedtime, average wake time, standard deviation), and view heart rate zone breakdowns from recent workouts. Include a notes field for coaching session observations.

Copy this prompt to try it in Retool

Build a team step challenge leaderboard

Aggregate weekly step data for all members of a team step challenge and build a dynamic leaderboard showing current rankings, total steps, and days remaining in the challenge. Update automatically by querying each participant's step total for the challenge period. Display progress bars showing each team's cumulative steps toward the challenge goal, and identify the top individual performer and most improved participant since the previous update.

Retool Prompt

Build a Retool team step challenge dashboard showing a leaderboard of participants ranked by total steps in the challenge period, with each person's weekly step total, an overall progress bar toward the team goal, and comparison vs. the previous week's total. Refresh button updates the leaderboard with current Fitbit data.

Copy this prompt to try it in Retool

Troubleshooting

API returns 401 Unauthorized with 'Access token expired' in the error body

Cause: Fitbit access tokens expire after 8 hours. If a participant's token has not been refreshed since their initial authorization, queries to their data will fail.

Solution: Implement a token refresh flow: use the participant's stored refresh_token to POST to 'https://api.fitbit.com/oauth2/token' with grant_type=refresh_token, client_id, and client_secret (as Basic Auth or in the body). The response contains a new access_token and refresh_token — update both in your participant database. Build a Retool Workflow that checks token expiry daily and refreshes any tokens expiring within 24 hours.

typescript
1// Token refresh request (POST to Fitbit OAuth endpoint)
2// Basic Auth: base64(client_id:client_secret)
3// Body: grant_type=refresh_token&refresh_token={stored_refresh_token}

API returns 403 Forbidden with 'insufficient_scope' for certain endpoints

Cause: The OAuth scope granted by the user during authorization does not include the data type being requested. For example, querying sleep data requires the 'sleep' scope, and heart rate data requires the 'heartrate' scope.

Solution: When generating the Fitbit authorization URL, include all required scopes: 'activity', 'heartrate', 'sleep', 'profile'. If a participant's token was obtained with insufficient scopes, they must re-authorize the application with the expanded scope list. Update your OAuth authorization URL to request all needed scopes, and prompt affected participants to re-authorize.

Step data returns 0 for recent dates even though the participant has synced their device

Cause: Fitbit data may not be available in the API immediately after device sync — there can be a delay of up to several minutes. Alternatively, the participant's device has not actually synced recently despite showing a 'last sync' timestamp in the app.

Solution: Check the participant's device sync timestamp using GET '/1/user/-/devices.json' which returns each linked device with its last sync time. If the last sync is recent (within the past hour), wait a few minutes and retry. If sync is significantly delayed, the participant may need to open their Fitbit app to force a sync. For wellness program use cases, accept that data is typically 1-24 hours delayed rather than real-time.

Rate limit errors (429 Too Many Requests) when loading the dashboard for many participants

Cause: Fitbit's API enforces a rate limit of 150 requests per hour per token (per user account). When loading a dashboard that queries multiple endpoints for many participants simultaneously, you can exceed this limit quickly.

Solution: Move data fetching to a Retool Workflow that runs on a schedule (nightly or every few hours) rather than on page load. The Workflow fetches data for all participants sequentially with delays between requests, stores results in a staging database table, and the Retool dashboard reads from this cached table. This approach respects rate limits and keeps the dashboard fast regardless of participant count.

Best practices

  • Store participant OAuth tokens in an encrypted database column rather than in Retool configuration variables — these tokens grant access to personal health data and must be managed with strict access controls and privacy compliance
  • Implement token refresh before tokens expire rather than on failure — proactively refreshing tokens daily in a Retool Workflow ensures data is always accessible without error interruptions in the dashboard
  • Cache aggregated wellness data in a staging database table updated by a scheduled Retool Workflow — querying Fitbit in real time for many participants on every dashboard load is inefficient and risks hitting rate limits
  • Be explicit with participants about what data is accessed and why — Fitbit health data is sensitive personal information; publish a clear wellness program data policy and ensure participants provide informed consent before authorization
  • Request only the OAuth scopes you actually use — if your wellness program only tracks steps and sleep, do not request heartrate and nutrition scopes even if available; minimal scope access reduces privacy risk
  • Build data retention controls into the dashboard — when a participant leaves the wellness program, immediately delete their stored tokens and queued data from your systems to comply with privacy regulations
  • Handle missing data gracefully in transformers — not all Fitbit devices support all data types (e.g., older models do not have heart rate), and participants may have days with no sync; use null checks and default values throughout your transformer code

Alternatives

Frequently asked questions

Does Retool have a native Fitbit connector?

No, Retool does not have a native Fitbit connector. You connect using a REST API Resource with Fitbit OAuth 2.0 bearer tokens. The primary complexity is managing per-user tokens for multiple participants, which requires storing and refreshing tokens in a database rather than using a single shared API key.

Can I access any Fitbit user's data, or only users who have authorized my application?

Only users who have individually authorized your Fitbit application through Fitbit's OAuth flow. Fitbit users must give explicit consent for each application to access their personal health data. There is no admin or enterprise API that bypasses individual user consent — this is a deliberate privacy protection. For wellness programs, you must provide each participant with an authorization link and collect their consent before their data is accessible.

What types of data can I access through the Fitbit API?

With appropriate OAuth scopes, you can access: daily activity summary (steps, distance, calories, active minutes, floors), intraday data (5-minute and 1-minute step counts, heart rate), sleep logs (duration, stages, efficiency), heart rate data (resting HR, zones from workouts), exercise logs (GPS data, pace, workout details), body measurements (weight, BMI if logged), nutrition logs (food and water intake if logged), and device information. Data availability depends on the specific Fitbit device model and what the user has logged.

Are there privacy regulations I need to consider when building a wellness dashboard with Fitbit data?

Yes, significantly. Fitbit data is health and fitness data that may be subject to HIPAA in US healthcare contexts, GDPR in Europe, and various state/national privacy laws. Before building a wellness program dashboard, consult with your legal and privacy teams. Key requirements typically include: explicit informed consent, data minimization (only collect what you need), secure storage of tokens and health data, data deletion procedures when participants leave the program, and clear disclosure of how data is used.

What are the Fitbit API rate limits?

Fitbit enforces a rate limit of 150 API requests per hour per OAuth token (per user account). For wellness programs with many participants, this means you cannot query all participants' data simultaneously in real time. Use a Retool Workflow that sequentially fetches data for each participant with delays between requests, stores results in a database, and updates on a schedule rather than on-demand. The dashboard then reads from the pre-fetched database table for fast, limit-safe access.

RapidDev

Talk to an Expert

Our team has built 600+ apps. Get personalized help with your project.

Book a free consultation

Integrations are where projects stall

We wire Retool integrations like this one every week — auth, webhooks, edge cases included. Fixed-price builds from $13K, delivered in 6–10 weeks.

Talk to an integration engineer

We put the rapid in RapidDev

Need a dedicated strategic tech and growth partner? Discover what RapidDev can do for your business! Book a call with our team to schedule a free, no-obligation consultation. We'll discuss your project and provide a custom quote at no cost.