I’m working on an iOS app that needs to fetch data from Garmin Connect. The official docs are pretty sparse, so I’ve been looking at other projects for inspiration.
I’ve managed to log in using a POST request with the user’s credentials, and I get a 200 response. But when I try to grab activity data, I keep hitting a 403 error.
Here’s a simplified version of what I’ve tried:
// Login attempt
let loginURL = URL(string: "https://connect.garmin.com/signin")!
var loginRequest = URLRequest(url: loginURL)
loginRequest.httpMethod = "POST"
loginRequest.httpBody = "username=\(user)&password=\(pass)".data(using: .utf8)
let loginTask = URLSession.shared.dataTask(with: loginRequest) { data, response, error in
// Handle response
}
loginTask.resume()
// Trying to fetch activities
let activitiesURL = URL(string: "https://connect.garmin.com/proxy/activity-search-service-1.2/json/activities?start=0&limit=10")!
let activitiesTask = URLSession.shared.dataTask(with: activitiesURL) { data, response, error in
// Always gets a 403 here
}
activitiesTask.resume()
Has anyone successfully pulled this off? Any tips on what I might be missing?
hey there! i’ve done something similar before. the trick is you need to include the session cookie from the login response in your activities request. try adding a ‘Cookie’ header with the session info to your activitiesRequest. also, make sure you’re using HTTPS for all requests. hope that helps!
As someone who’s worked with the Garmin Connect API, I can tell you it’s a bit tricky. One thing that helped me was using Charles Proxy to inspect the network traffic between the official Garmin Connect app and their servers. This gave me insights into the exact headers and parameters they use. Another crucial step is handling the two-factor authentication flow if it’s enabled on the account. You’ll need to implement a way to prompt the user for their 2FA code and include it in your authentication process. Also, don’t forget about rate limiting. Garmin has pretty strict limits on API calls, so implement some kind of throttling mechanism in your app to avoid getting temporarily blocked. Lastly, consider caching some of the data locally to reduce the number of API calls and improve your app’s performance. Good luck with your project!
I have experimented with the Garmin Connect API, and a couple of key points might help resolve the issue. After a successful login, it is important to retrieve an OAuth token to allow subsequent API calls. Without the token, requests for activity data are likely to result in a 403 error. It is also critical to confirm that you are utilizing the most current API endpoints, as older URLs may no longer be supported. In addition, incorporating proper token refresh logic and using a robust networking library such as Alamofire can simplify header and cookie management over time.