Strava's API powers over 240,000 developer applications, from indie side projects to major fitness platforms used by millions. Whether you want to build a training analytics tool, a social challenge app, or something entirely new, the Strava API v3 gives you access to activities, segments, routes, athlete profiles, and more.
This guide walks through the complete process of getting started — from registering your application to making your first authenticated API call. For detailed reference documentation, check out our full developer guide.
Step 1: Register Your Application
Every Strava API integration starts with registering an application. Head to strava.com/settings/api (you'll need a Strava account) and fill in the required fields:
- Application Name — the name users will see when authorizing your app
- Category — what type of application you're building
- Website — your app's URL
- Authorization Callback Domain — the domain where users will be redirected after granting access (e.g.,
localhostfor development)
After registration, you'll receive a Client ID and Client Secret. Keep these secure — the Client Secret should never be exposed in client-side code or version control.
Step 2: Understand OAuth 2.0 Authentication
Strava uses OAuth 2.0 for authentication. The flow works like any standard OAuth implementation:
The OAuth 2.0 Flow
- 1.Redirect the user to Strava's authorization page with your Client ID and requested scopes
- 2.The user logs in to Strava and grants permission to your app
- 3.Strava redirects back to your app with an authorization code
- 4.Exchange the code for an access token and refresh token
The authorization URL looks like this:
https://www.strava.com/oauth/authorize?client_id=YOUR_CLIENT_ID&response_type=code&redirect_uri=YOUR_CALLBACK_URL&scope=read,activity:read_all&approval_prompt=autoPermission Scopes
Scopes determine what data your app can access. Request only what you need:
| Scope | Access |
|---|---|
read | Public profile and activities |
activity:read_all | All activities (including private) |
activity:write | Create and update activities |
profile:read_all | Full athlete profile |
profile:write | Update athlete weight and FTP |
Token Exchange
After the user approves, exchange the authorization code for tokens:
// Exchange authorization code for tokens
const response = await fetch('https://www.strava.com/oauth/token', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
client_id: YOUR_CLIENT_ID,
client_secret: YOUR_CLIENT_SECRET,
code: AUTHORIZATION_CODE,
grant_type: 'authorization_code',
}),
});
const data = await response.json();
// data.access_token - Use this for API calls (expires in 6 hours)
// data.refresh_token - Use this to get new access tokens
// data.expires_at - Unix timestamp when access token expiresImportant: Access tokens expire after 6 hours. Use the refresh token to get a new access token when the current one expires. Note that Strava uses rotating refresh tokens — each refresh response includes a new refresh token, so always store the latest one.
For the full OAuth deep-dive, see our complete authentication guide.
Step 3: Make Your First API Call
With an access token in hand, you can query Strava's API. The base URL is https://www.strava.com/api/v3. Here's how to fetch the authenticated athlete's recent activities:
// Fetch your recent activities
const activities = await fetch(
'https://www.strava.com/api/v3/athlete/activities?per_page=10',
{
headers: {
'Authorization': 'Bearer YOUR_ACCESS_TOKEN',
},
}
);
const data = await activities.json();
// Returns an array of activity summaries with
// distance, elapsed_time, total_elevation_gain, type, etc.Step 4: Understand Rate Limits
Strava enforces rate limits to keep the API stable. The default limits are:
Check the X-RateLimit-Limit and X-RateLimit-Usage response headers to monitor your usage. If you exceed the limits, you'll receive a 429 Too Many Requests response. Implement exponential backoff in your retry logic.
For apps that need higher limits, Strava offers a rate limit increase request process. See our best practices guide for details on optimizing your API usage.
Step 5: Set Up Webhooks (Optional but Recommended)
Instead of polling for new activities, Strava's webhook system pushes real-time notifications to your server when athletes create, update, or delete activities. This is more efficient and provides a better user experience.
Webhook events include:
- Activity created — a user uploaded or recorded a new activity
- Activity updated — title, description, or other fields were changed
- Activity deleted — an activity was removed
- Athlete deauthorized — a user revoked your app's access
What Can You Build?
The Strava ecosystem is incredibly diverse. The apps built on the API range from deep analytics platforms to AI-powered entertainment to gamified exploration tools. Here are some categories where developers have found success:
- Analytics & Training — performance analysis, training load tracking, fitness modeling
- Visualization — heatmaps, 3D route flythroughs, custom art from GPS data
- Social & Gamification — challenges, leaderboards, exploration games
- Automation — auto-rename activities, set gear, apply rules to new uploads
- Hardware Integration — connect devices, sensors, and platforms to Strava
Browse our full directory of 242+ Strava apps for inspiration.
Next Steps
Ready to start building? Here are the resources you'll need:
The Strava developer ecosystem is thriving. The apps recognized at the 2025 Strava Developer Summit started as simple side projects — proving that a great idea and the Strava API is all you need to build something athletes around the world will love.