Connecting Retool to Garmin Connect requires access to Garmin's Health API, which is a partner program requiring approval — not a self-service developer API. Once approved, you configure a REST API Resource with OAuth 1.0a credentials and build fitness data dashboards. For corporate wellness programs, this enables activity, sleep, and heart rate dashboards from Garmin wearables.
| Fact | Value |
|---|---|
| Tool | Garmin Connect |
| Category | Other |
| Method | REST API Resource |
| Difficulty | Intermediate |
| Time required | 30 minutes |
| Last updated | April 2026 |
Build a Garmin Fitness Data Dashboard in Retool
Garmin Connect is the ecosystem for Garmin's fitness wearables — the Fenix, Forerunner, Vivosmart, and other devices used by athletes and corporate wellness programs worldwide. Unlike consumer-focused APIs, Garmin's Connect API is not self-service. Access requires applying to Garmin's Health API partner program, which evaluates your use case, data privacy practices, and business justification before granting API credentials.
Once approved, Garmin's Health API uses OAuth 1.0a — an older, more complex authentication protocol than OAuth 2.0. Each request must be cryptographically signed using your consumer key and secret plus the user's access token and token secret. Retool's REST API Resource can be configured to handle OAuth 1.0a through custom authentication headers or a pre-signing proxy.
The typical use case for a Retool Garmin integration is a corporate wellness dashboard: an HR or wellness program coordinator needs to view aggregated activity data, step counts, sleep scores, and stress levels for enrolled employees — without accessing individual-level data that would violate privacy policies. Garmin's Daily Summaries endpoint provides the data for this, and Retool's Table and Chart components make it easy to visualize trends over time.
Integration method
Garmin Connect uses the Garmin Health API, which requires applying to Garmin's partner program before access is granted. The API uses OAuth 1.0a for authentication — a three-legged process that provides user-specific access tokens. Once approved and authenticated, Retool's REST API Resource with custom auth headers handles Garmin's signed request pattern, enabling fitness data queries for approved applications.
Prerequisites
- Approved access to Garmin's Health API partner program — apply at https://developer.garmin.com/health-api/overview/
- Garmin Health API consumer key and consumer secret from the Garmin Developer Portal
- OAuth 1.0a access tokens for each Garmin Connect user whose data you'll access
- A Retool account (Cloud or self-hosted) with permission to create Resources
- Understanding of OAuth 1.0a request signing or access to a pre-signing proxy service
Step-by-step guide
Apply for Garmin Health API access
Garmin's Health API is not a self-service developer API. You must apply for access through Garmin's partner program before you can make any API calls. This is a fundamental difference from APIs like Fitbit, Withings, or Strava. Navigate to https://developer.garmin.com/health-api/overview/ and read the documentation. Click 'Request API Access' or navigate to the developer portal at https://developer.garmin.com. Create a developer account and submit a partner application. The application asks for: - Your organization name and contact information - A description of your use case and the application you're building - Information about data privacy practices and how you'll protect user data - Expected number of users - Business model and how the integration creates value Approval timelines vary — typically 2-4 weeks. Garmin evaluates whether your use case aligns with their health data ethics guidelines. Healthcare, corporate wellness, coaching platforms, and research applications are commonly approved. Once approved, you receive a consumer key and consumer secret via the developer portal. These are permanent credentials for your application (not user-specific). User-specific access tokens are obtained later through the OAuth 1.0a flow. For testing before approval, Garmin provides a sandbox environment with mock data. Ask about sandbox access when submitting your application.
Pro tip: Prepare a clear, specific use case description for your application. 'Corporate wellness dashboard for tracking employee activity metrics' is more likely to be approved than a vague description.
Expected result: You have received Garmin Health API approval and have your consumer key and consumer secret from the developer portal.
Understand OAuth 1.0a and obtain user access tokens
OAuth 1.0a is more complex than OAuth 2.0. Each API request must be signed using a cryptographic signature combining your consumer key, consumer secret, user access token, user token secret, a timestamp, and a nonce. The signature process is prescribed by the OAuth 1.0a spec and cannot be simplified. The OAuth 1.0a flow for Garmin: 1. Your application requests a temporary request token from Garmin's OAuth endpoint 2. Your application redirects the user to Garmin's authorization URL with the request token 3. The user approves access in Garmin Connect 4. Garmin redirects back to your callback URL with an oauth_verifier 5. Your application exchanges the request token + verifier for a permanent access token For Retool, you have two options: Option A (simpler): Use a separate OAuth 1.0a signing service. A small server-side script (Node.js or Python) handles the OAuth signing and exposes a simple Bearer token endpoint that your Retool REST API Resource calls. The signing service adds the OAuth Authorization header before forwarding to Garmin. Option B (Retool Custom Auth): Configure Retool's Custom Auth with a JavaScript function that builds the OAuth 1.0a Authorization header signature. This is feasible but complex — the signature requires HMAC-SHA1 hashing with specific string formatting. For most teams, Option A (a signing proxy) is more reliable and maintainable. Once implemented, your Retool resource calls the proxy with a simple Bearer token, and the proxy handles OAuth 1.0a signing.
1// OAuth 1.0a Authorization header format (for reference)2// The header value looks like:3// OAuth realm="",4// oauth_consumer_key="your_consumer_key",5// oauth_nonce="random_string",6// oauth_signature="base64_hmac_sha1_signature",7// oauth_signature_method="HMAC-SHA1",8// oauth_timestamp="unix_timestamp",9// oauth_token="user_access_token",10// oauth_version="1.0"1112// The signature base string is:13// HTTP_METHOD&url_encoded(base_url)&url_encoded(sorted_params_string)14// Signed with HMAC-SHA1 key: url_encode(consumer_secret)&url_encode(token_secret)Pro tip: Libraries like oauth-signature (npm) or the Python oauthlib package handle OAuth 1.0a signing. Use them in a signing proxy rather than implementing signing from scratch.
Expected result: You have a method for obtaining and using OAuth 1.0a access tokens for Garmin API requests, either via a signing proxy or Retool Custom Auth.
Create the Garmin REST API Resource in Retool
With OAuth 1.0a authentication handled (either via a signing proxy or Custom Auth), create the Garmin REST API Resource in Retool. For the signing proxy approach: Name: Garmin API Proxy Base URL: https://your-signing-proxy.example.com/garmin Authentication: Bearer token (the proxy's API key) For direct Garmin API with Custom Auth: Name: Garmin Health API Base URL: https://healthapi.garmin.com/wellness-api/rest Authentication: Custom Auth Garmin's Health API base URL is https://healthapi.garmin.com/wellness-api/rest. All endpoints are relative to this base. For the Custom Auth approach, configure the auth steps in Retool's resource Custom Auth section: 1. Build the OAuth 1.0a Authorization header using a JavaScript step that computes the HMAC-SHA1 signature 2. Store the header value in a variable 3. Set the Authorization header for all requests using the variable The custom auth needs your consumer key, consumer secret, user access token, and token secret — store these in Retool Configuration Variables marked as secrets. Test the resource with GET /dailies?uploadStartTimeInSeconds={timestamp}&uploadEndTimeInSeconds={timestamp}.
1// Garmin Health API endpoint overview:2// Base URL: https://healthapi.garmin.com/wellness-api/rest3//4// Key endpoints:5// GET /dailies - Daily activity summaries6// GET /activities - Detailed activity data7// GET /sleeps - Sleep tracking data 8// GET /body-composition - Weight, BMI data9// GET /stress - Stress level data10// GET /heart-rate-variability - HRV summaries11// GET /respiration - Breathing rate data12// GET /user-metrics - User fitness metrics13//14// All endpoints accept uploadStartTimeInSeconds and uploadEndTimeInSeconds15// as Unix epoch timestamps for date range filteringPro tip: Garmin's API uses Unix timestamps in seconds (not milliseconds). Convert JavaScript Date objects with Math.floor(date.getTime() / 1000).
Expected result: The Garmin REST API Resource is created in Retool and a test query to /dailies returns daily activity summary data.
Query daily activity summaries and sleep data
Create a getDailySummaries query. Set method to GET and path to /dailies. Garmin uses Unix epoch timestamps for date range filtering — add these query parameters: - uploadStartTimeInSeconds: {{ Math.floor(new Date(datePicker_start.value).getTime() / 1000) }} - uploadEndTimeInSeconds: {{ Math.floor(new Date(datePicker_end.value).getTime() / 1000) }} The response includes a dailies array. Each record has: calendarDate, steps, distanceInMeters, activeTimeInSeconds, floorsClimbed, averageHeartRateInBeatsPerMinute, maxHeartRateInBeatsPerMinute, bodyBatteryDynamicFeedbackEvent, and more. For sleep data, create a getSleepData query: GET /sleeps with the same timestamp parameters. The response includes sleepTimeInSeconds, deepSleepDurationInSeconds, lightSleepDurationInSeconds, remSleepInSeconds, and sleepScores. For stress data: GET /stress with timestamp parameters. Returns stressLevel (0-100) and bodyBattery readings. Create transformers for each data type that convert Unix timestamps to readable dates, convert seconds to hours/minutes, and format distance from meters to kilometers or miles.
1// Transformer for Garmin daily summaries2const dailies = data.dailies || [];3return dailies.map(day => ({4 date: day.calendarDate,5 steps: day.steps || 0,6 distance_km: day.distanceInMeters ? (day.distanceInMeters / 1000).toFixed(2) : '0',7 active_minutes: day.activeTimeInSeconds ? Math.round(day.activeTimeInSeconds / 60) : 0,8 floors: day.floorsClimbed || 0,9 calories: day.activeKilocalories || 0,10 avg_heart_rate: day.averageHeartRateInBeatsPerMinute || 0,11 max_heart_rate: day.maxHeartRateInBeatsPerMinute || 0,12 body_battery_low: day.minBodyBattery || null,13 body_battery_high: day.maxBodyBattery || null,14 stress_avg: day.averageStressLevel || null15}));Pro tip: Garmin's API returns data relative to when it was uploaded from the device, not necessarily real-time. There can be a delay of hours between a workout completing and it appearing in the API.
Expected result: The getDailySummaries and getSleepData queries return daily fitness metrics for the selected date range, formatted for display in Retool Tables and Charts.
Build the wellness dashboard UI
Create a dashboard layout with three sections: Top row: Stat components for key weekly metrics: - Average Daily Steps (compare to 10,000 goal) - Average Sleep Hours - Average Stress Level - Total Active Minutes Middle section: Line Chart showing step count per day over the selected date range. Configure the Chart component with: - X-axis: date field - Y-axis: steps field - Type: Line + Area for visual fill - Reference line at 10,000 (goal line) Bottom section: A 2-column layout. Left: A Table of daily summaries with all metrics. Right: A stacked bar chart showing sleep composition (deep, light, REM, awake) per night. For corporate wellness use, add a User ID dropdown at the top that selects which enrolled user's data to view (loaded from a database Resource containing your enrolled users list). When the user dropdown changes, all Garmin queries re-run with the new user's access token — this requires storing access tokens per user in your database and parameterizing the auth configuration. Add a Date Range picker (defaulting to the last 30 days) that drives the timestamp parameters in all queries.
1// Transformer for sleep chart data2const sleeps = data.sleeps || [];3return sleeps.map(night => ({4 date: night.calendarDate,5 total_hours: night.sleepTimeInSeconds ? (night.sleepTimeInSeconds / 3600).toFixed(1) : 0,6 deep_hours: night.deepSleepDurationInSeconds ? (night.deepSleepDurationInSeconds / 3600).toFixed(1) : 0,7 light_hours: night.lightSleepDurationInSeconds ? (night.lightSleepDurationInSeconds / 3600).toFixed(1) : 0,8 rem_hours: night.remSleepInSeconds ? (night.remSleepInSeconds / 3600).toFixed(1) : 0,9 awake_hours: night.awakeDurationInSeconds ? (night.awakeDurationInSeconds / 3600).toFixed(1) : 0,10 sleep_score: night.sleepScores?.overall?.value || null11}));Pro tip: For corporate wellness dashboards, always aggregate data by cohort or team level rather than showing individual-level data — this protects employee privacy and is typically required by workplace health data regulations.
Expected result: A complete wellness dashboard showing step trends, sleep composition, and stress metrics. The date range picker updates all charts dynamically.
Handle multi-user data and access token management
For corporate wellness programs with multiple enrolled users, you need to manage OAuth 1.0a access tokens per user. Each user's access token pair (access_token and token_secret) must be stored securely. Store user tokens in a database resource connected to Retool (your PostgreSQL or another database). Create a users_garmin_tokens table with: user_id, garmin_access_token, garmin_token_secret, enrolled_at. When a Retool user selects a specific employee from the user dropdown, fetch their tokens from the database and parameterize the Garmin API calls with those tokens. For the OAuth 1.0a signing with per-user tokens, update your signing proxy to accept user_id and look up the appropriate tokens from your database, or pass the token and token_secret to the proxy in the request. For new user enrollment, implement the OAuth 1.0a flow (Steps 1-5 described earlier) in a Retool Workflow or a separate enrollment web page. Store the resulting access tokens in your users_garmin_tokens table. For compliance with GDPR and corporate wellness data regulations, implement data deletion: when a user unenrolls from the wellness program, delete their Garmin tokens from the database and revoke OAuth access at Garmin's token revocation endpoint. For complex multi-user wellness program integrations involving token lifecycle management and privacy compliance, RapidDev's team can help architect the full solution.
1-- SQL query to fetch user's Garmin tokens2-- Use this in a Retool database Resource query3SELECT 4 u.id,5 u.display_name,6 u.department,7 gt.garmin_access_token,8 gt.garmin_token_secret,9 gt.enrolled_at10FROM users u11JOIN users_garmin_tokens gt ON u.id = gt.user_id12WHERE u.id = {{ select_user.value }}13 AND gt.revoked_at IS NULL14LIMIT 1;Pro tip: Never log or display raw OAuth access tokens in Retool UI components. Treat them with the same security as passwords — store only in configuration variables or encrypted database columns.
Expected result: Multi-user support works: selecting a different user loads their Garmin data. Tokens are stored securely in the database and the dashboard respects user-level data access.
Common use cases
Build a corporate wellness program dashboard
Create a Retool dashboard showing aggregated fitness metrics for employees enrolled in a corporate wellness program. Display step count trends, average sleep duration, active minutes, and stress scores — all anonymized and aggregated to protect individual privacy while giving wellness coordinators the program-level insights they need.
Build a Retool wellness dashboard showing weekly aggregated Garmin metrics for enrolled users. Show average daily steps, average sleep duration, average active minutes, and heart rate range as stat components. Include a line chart of step count trend over 30 days. Add a Table of daily summaries per user (with user ID, not name) for detailed analysis.
Copy this prompt to try it in Retool
Build an activity analysis tool for coaches
Create a Retool panel for sports coaches to view athlete training data from Garmin devices. Display recent activities with distance, duration, pace, heart rate zones, and training load. Coaches can identify athletes who are overtraining or underrecovering and adjust training plans accordingly.
Build a Retool coach dashboard showing Garmin activity data for a selected athlete. Show recent activities in a Table with type, date, distance, duration, average heart rate, and calories. Add a chart showing training load over the last 4 weeks. Include sleep score and recovery data from the previous night.
Copy this prompt to try it in Retool
Build a personal health tracking panel
For developers approved for the Garmin Health API, build a personal Retool dashboard combining multiple Garmin data streams: daily step counts, sleep stages, heart rate variability, body battery, and stress scores. This creates a comprehensive health dashboard that goes beyond what Garmin Connect's native mobile app shows.
Build a personal Retool health dashboard showing my Garmin daily summaries for the last 30 days. Show a line chart of steps per day, a stacked bar chart of sleep stages (light/deep/REM/awake), and a scatter plot of HRV vs sleep quality. Include daily stress scores and body battery end-of-day values.
Copy this prompt to try it in Retool
Troubleshooting
All Garmin API calls return 401 Unauthorized despite valid credentials
Cause: OAuth 1.0a request signatures are time-sensitive. If the server clock is out of sync by more than a few minutes, Garmin rejects the signature as expired. This is also caused by incorrect signature construction.
Solution: Ensure your signing proxy or signing code uses the current UTC Unix timestamp. Verify the HMAC-SHA1 signature key format: it must be url_encode(consumer_secret) + '&' + url_encode(token_secret). Check the signature base string is correctly formed as METHOD&encoded_url&encoded_params.
Getting 403 Forbidden with 'insufficient permissions' on wellness endpoints
Cause: Your Garmin Health API partner credentials may not have been approved for all data categories. Garmin grants access to specific data types per application.
Solution: Log into the Garmin Developer Portal and check which wellness data categories your application has been approved for. Contact Garmin's developer support to request access to additional data types. The approval level determines which endpoints return data vs 403.
API returns empty results for a date range where data exists
Cause: Garmin's API filters by upload time, not activity date. Data uploaded recently might have an activity date from days ago. The uploadStartTimeInSeconds/uploadEndTimeInSeconds parameters filter by when data was synced to Garmin's servers, not when the activity occurred.
Solution: Use a wider date range for the upload time window. If looking for activities from last week, set the upload time window to the last 7-10 days to capture any recently synced historical data. Garmin recommends querying a rolling window (e.g., last 24 hours) on a schedule rather than large one-off date ranges.
Garmin Health API application was rejected or not approved
Cause: Garmin has specific criteria for API access and rejects applications that don't clearly articulate a health-related use case with appropriate data privacy practices.
Solution: Revise your application with a more specific use case, explicit data retention and deletion policies, and information about your organization's privacy compliance (HIPAA, GDPR). Garmin is more likely to approve healthcare organizations, certified wellness programs, and established fitness platforms than general-purpose tools.
Best practices
- Store all OAuth credentials (consumer key, consumer secret, user access tokens) in Retool Configuration Variables marked as secrets or in an encrypted database column — never in resource headers or code.
- Use a signing proxy to handle OAuth 1.0a complexity — this keeps the cryptographic signing code isolated and makes the Retool resource configuration simple.
- Query Garmin's API with rolling time windows (e.g., last 24 hours uploaded) on a schedule via Retool Workflows rather than on-demand large date ranges — Garmin recommends this pattern for production integrations.
- For corporate wellness programs, always aggregate data to team/cohort level rather than displaying individual records in dashboards — this protects employee privacy and typically satisfies regulatory requirements.
- Implement OAuth token revocation when users unenroll from your program — call Garmin's token revocation endpoint and delete tokens from your database.
- Handle the case where Garmin devices haven't synced recently — always check for empty responses and display 'No recent data' rather than showing stale cached values.
- Monitor API quota usage through the Garmin Developer Portal — the Health API has request limits per day that vary by partner approval level.
- Test thoroughly in Garmin's sandbox environment before requesting production access — the sandbox provides mock data for all data types and allows you to verify your integration without real user data.
Alternatives
Fitbit offers a self-service OAuth 2.0 API that's available without a partner application, making it much faster to set up than Garmin's partner-required Health API.
MyFitnessPal focuses on nutrition and calorie tracking rather than wearable device data, making it complementary to Garmin rather than a direct alternative.
Withings provides health measurement data (weight, blood pressure, sleep) via a self-service OAuth 2.0 API that's easier to access than Garmin's partner program.
Frequently asked questions
Does Retool have a native Garmin Connect connector?
No. Retool connects to Garmin Connect via a REST API Resource using Garmin's Health API. The main prerequisite is being approved as a Garmin Health API partner — without approval, you cannot access Garmin's wellness data endpoints. Once approved and authenticated, all data is available through standard REST API queries in Retool.
Why does Garmin require a partner program application instead of self-service API access?
Garmin restricts API access because their platform contains sensitive health data. The partner review process ensures that applications accessing user health metrics have appropriate privacy practices, clear consent mechanisms, and legitimate use cases. Consumer fitness data is classified as sensitive under GDPR and similar regulations, and Garmin's gated access model helps manage this compliance responsibility.
What is OAuth 1.0a and why does Garmin use it instead of OAuth 2.0?
OAuth 1.0a is an older authentication standard that requires cryptographic request signing. Each API call is signed using HMAC-SHA1 with your credentials, making request interception attacks practically impossible even without HTTPS. OAuth 2.0 relies on Bearer tokens which are simpler but depend entirely on HTTPS for security. Garmin uses OAuth 1.0a for the additional security layer it provides for sensitive health data.
How do I handle Garmin data for multiple users in a corporate wellness program?
Each enrolled user must individually authorize your application through Garmin's OAuth 1.0a flow. After authorization, you store each user's access_token and token_secret in your secure database. When building Retool queries for a specific user, retrieve their tokens from the database and use them to sign API requests. Token management (enrollment, revocation, expiry handling) is the primary technical complexity of multi-user Garmin integrations.
Can I access Garmin Connect data without the Health API partner program?
There are unofficial libraries (like garth in Python) that access Garmin Connect's internal APIs by mimicking the mobile app's authentication. However, this approach violates Garmin's Terms of Service and is not recommended for production or corporate use. The only compliant method for third-party application access to Garmin data is through the official Health API partner program.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation