Related

TLS fingerprinting blocks third-party clients

mitchl

I'm a software developer and over the years I've made a few scripts and tools to collect, parse, analyze, and otherwise interact with my data on Garmin Connect. Most recently, I was interested in using an MCP server to give LLMs access to my data. There are already a few options available, but most of them have been broken by a recent server-side change. Apparently, Garmin is now using Cloudflare TLS fingerprinting, which breaks most/all non-browser clients. That means we can no longer (easily) interact with the Connect REST APIs.

This is really disappointing to me as a customer. The data I record on my devices and store on Garmin Connect are my data, and I expect to be able to access it via reasonable means for whatever purpose I want to use it for. Garmin customers, including myself, made a lot of noise in support of Garmin when Strava recently brought a frivolous lawsuit over patents and data usage. But whether or not it was intentional, this change makes me feel like Garmin is now gatekeeping access to my own data in a similar manner.

I do understand that there are costs associated with running the platform, and there need to be controls in place to prevent malicious misuse or excessive requests from badly-behaved clients. But if that's the primary concern, it's time for Garmin Connect to provide a real, documented public API with OAuth support and the ability for any developer to create a new client for personal use.

  • 0 in reply to diegoscarabelli

    Yes, same here. Wahoo and other vendors they give you full API access.

  • 0

    in the age of AI, an API is not a nice to have, it's a required feature. Please support your customers with access to our own data

  • 0

    While I understand that Garmin has to protect data from abuse, disabling access to the data generated by and owned by their users is a sh***y decision. Up to now I was under the impression that Garmin was on bright side, working for and with their customers in exchange for asking higher prices, and I would be truly disappointed if that changes.

  • 0

    +1 -- Sad to see that you can't access your health data via APIs. I hope this gets more traction

  • 0

    same here! strongly request Garmin to open offical API to personal user, those are our own data!

  • 0

    Hi everyone, adding my experience to this thread because the situation has escalated beyond technical troubleshooting.

    Like many of you, I've been hit by the Cloudflare TLS fingerprinting block on server-side requests. Simultaneously, I've been trying to get official API access through the Developer Program. Their support initially told me the form was "under maintenance" and would be back in a few days. Yesterday, they quietly removed the ETA entirely. They are rejecting all new integrations indefinitely.Let's be clear: this is not a technical glitch. It's a deliberate lockdown to protect their new $7/mo Garmin Connect+ subscription. They are holding hardware-generated data hostage to prevent indie developers from building competing analytics tools. For EU Developers and Users: The EU Data Act Garmin's current behavior is a direct violation of the EU Data Act (Regulation (EU) 2023/2854). Under Article 4 and 5, users who purchase a "connected product" (hardware like a Garmin watch) have the legal right to share their generated data continuously and in real-time with 3rd parties of their choice. Garmin is bypassing this by saying users can manually download zip files, while actively blocking the automated APIs that make our apps work.