Strava API Overhaul: Company Locks Public Data, Adds $11.99 Monthly Developer Fee
Strava API changes require login, introduce a $11.99/month developer fee and retired endpoints to stop web scraping as the fitness app tightens data access.
Strava is locking previously public pages behind authentication, imposing a flat developer fee and retiring API endpoints as part of a wider effort to block large-scale web scraping and protect user data. The company announced that certain public profiles and club listings will require authenticated access while developers must now pay a baseline subscription to use the Strava API. Strava said these moves are intended to curb abusive scraping, reduce system strain and give the company tighter control over how its data is shared.
Authentication for public pages
Strava has moved to require logged-in access for data that was once viewable without authentication.
The change affects public profiles, club listings and other pages that external crawlers and unauthenticated users previously could access.
Company officials said the measure is designed to prevent automated scraping tools from harvesting large volumes of fitness data and to protect site performance for legitimate users.
Flat developer fee and API endpoint retirements
Strava is introducing a flat $11.99-per-month fee for developer access, with geographic variations possible.
The new pricing replaces the prior tiered, free-entry system where developers applied for incremental access as apps grew. Strava also plans to retire specific API endpoints that exposed details such as club information, a move intended to limit what third-party apps can pull from the platform.
Model Context Protocol and technical safeguards
As part of the update, Strava will add support for the emerging Model Context Protocol (MCP) to manage structured data access for AI assistants and apps.
MCP support is intended to allow Strava to serve contextualized, controlled data to external models while maintaining strict limits on what is exposed. Company engineers said the protocol gives fine-grained control over data types and reduces the risk that large language models will consume raw datasets indiscriminately.
Developer community response and transition timeline
Strava said its developer community has grown from about 185,000 members last year to roughly 241,000 this year, and the company pledged ongoing support.
Despite that growth, the announcement has prompted concerns among third-party developers who rely on retired endpoints and the previous free access model. Strava will provide a 90-day grace period before enforcing the new rules to give developers time to adapt their apps or migrate to the paid tier.
Concerns about scraping, load and licensing offers
Strava’s leadership framed the changes as a response to aggressive scraping by AI companies that has degraded site performance and strained servers.
CEO Michael Martin told reporters that unauthorized scraping and inefficient API usage — including high-volume requests from poorly designed apps — have caused measurable performance problems. He added that Strava has rejected licensing overtures from some AI firms, and flagged attempts by at least one company to route scraping through aggregators after being turned away.
Business context and investor signaling
Observers note the timing of the policy shift coincides with Strava’s confidential IPO filing earlier this year, suggesting the company may be signalling stronger data governance to prospective investors.
Strava contrasted its approach with prior platform disputes where per-call pricing models led to developer backlash, stating that a flat monthly fee aims to preserve an active third-party ecosystem while protecting users. The company reiterated its stated goal of ensuring users feel they retain ownership and control over their personal fitness data.
Strava’s changes reflect a broader industry reckoning over how public web content is harvested for AI model training and how platforms can limit unintended uses of user-generated data. The company’s mix of authentication, paid developer access, protocol-based integrations and endpoint retirements will test whether a middle ground exists that balances developer innovation, user privacy and operational stability.
