Comment by aenis
7 hours ago
Garmin recently did something similar, resorting to tls fingerprinting to prevent unofficial logins to their api (via the popular garth library).
They lost a lifetime customer in me - i think i have spent close to 20k on garmin gear between my wife and myself, watches, gps devices for cars, boats, and hiking gear. If they refuse to give me access to my data, i will (a) lobby for laws to be passed to make this mandatory (b) absolutely never ever buy anything garmin until i see a reversal of this policy and an apology.
More broadly though, its yet another service that blocks API access. No doubt this is caused by proliferation of amateurs armed with agentic tools building nice, personalized frontends for themselves. Companies seem to absolutely hate it when people dont go through their shitty websites with dark patterns, misleading search results and analytics.
Huh, I completely missed that. I've been using python-garminconnect [0] for a few months without issues. I agree though that it's annoying, though not reason enough for me to switch away from Garmin yet.
Already minted tokens work, they broke the login process.
For now its just tls fingerprinting, not client attestation - so, I managed to implement a working solution. But I am sure they will tighten the screws still further.
Same here. I've been scraping the data from my Garmin watch for years with very little problems (first with https://github.com/tcgoetz/GarminDB, then https://github.com/sealbro/dotnet.garmin.connect).
The only annoyance is that Garmin requires 2FA if you enable the ECG feature on your smart watch/fitness tracker, but I have a small program that reads the 2FA codes from my Gmail inbox and supplies them to the scraper without too much trouble.