I have an app with the sole purpose of verifying if someone can run 5km under a specified time in order for them to join a club. It does this by scanning their Strava activity history and returning a yes or no answer. I don’t need to know anything beyond that so I don’t need them to be stored as a “connected athlete” going forward.
However, as I understand, by them just giving access for the app to scan their activity history this counts as an additional connected athlete right? And they remain as an additional connected athlete in the future (i.e. forever, unless they manually revoke access to your app).
Is there a way around this?
My initial thinking is webhook-based deauthorisation. After the worker gets the token and checks activities, this immediately call Strava’s deauthorise endpoint. This revokes the token and removes the app from the athlete’s authorised apps list on Strava’s side. In theory this should free the slot. Whether this actually frees the slot against the 10-athlete counter isn’t explicitly documented by Strava so I’m unsure if it’ll work. Appreciate any pointers :)