How to import Fitbit data into WordPress Part 3: Getting a new access token

March 23, 2021

As you learned in Part 2, the access token expires in 8 hours but can easily be exchanged for a new one using the refresh token that was generated at the same time as the access token.

Parameters
KEY
grant_typeThe refresh token from Step 2
refresh_tokenrefresh_token
Headers
AuthorizationBasic Base64 Authorization from Step 1 (that is, the word Basic then a space then the Base64 code)
Content-Typeapplication/x-www-form-urlencoded

Below are screen captures of the Headers and Parameters entries in Postman including the body after successfully requesting a refresh token.

Note that there is a new access token and a new refresh token. The earlier refresh token will no longer work however you can take the new refresh token and generate a new set of access and refresh tokens whenever you like.

Since the access token expires in 8 hours the important piece of information you need to save is the refresh token. I will store it in the WordPress usermeta table.

Note that Header > Authorization never changes. It’s always Basic followed by the Base64 code generated in Part 1.

Also note that you can save this post request in Postman for future reference. Do so then we’ll move on to Part 4, actually requesting data from the Fitbit API.