API
Link API Improvements (Jan 2025)
We have increased Link Token expiry from 15 minutes to 60 minutes.
We have also added an on_error=redirect Link Token option which forces any error scenario to redirect to your specified redirect_url
URL, disabling any in-built error handling behaviour in the Link Widget.
Check out the Link Error format and the Generate a Link Token endpoint documentation.
Extendable Historical Date Ranges (Jul 2024)
We now offer the ability to set custom historical data ranges for wearables providers, with resource-level granularity.
You can now extend the historical pull range for a number of supported providers using the Org Management API
Org Management API is available for the Scale plan.
Check out the Set Data Pull Preferences, Get Data Pull Preferences, Delete Data Pull Preferences endpoint documentation for more details.
Introspection: Historical Pull Timeline (May 2024)
The Historical Pull Introspection endpoint now reports the execution timeline of historical pulls.
The timeline tracks when the historical pull was scheduled, started, and eventually ended (success or failure). This improves the visibility around the latency of historical pulls, as well as providing more indicator of an incomplete execution.
Check out the Historical Pull Introspection endpoint documentation.
Team Scope Requirements (Apr 2024)
You can now tailor what scopes Vital would request from your Users using the Org Management API. This applies when your user connects to an OAuth provider which supports scopes.
Vital ensures that any new provider connection can be established only when the user has granted all the scopes specified in the user_must_grant scope list.
The scopes specified as user_may_grant would be requested alongside the user_must_grant scopes. However, unlike user_must_grant, they do not prevent the connection from being established.
Org Management API is available for the Scale plan.
Check out the Set Team Scope Requirements and Get Team Scope Requirements endpoint documentation on how to enable the setting.
Reject Duplicate Connections (Apr 2024)
You can now configure your Vital Team through the Org Management API to reject duplicate wearable connections.
When the reject_duplicate_connection setting is enabled on the Team, Vital checks whether or
not the provider-reported user ID is already connected to an existing User in your Team.
If it does, the Link API would report the duplicate_connection error.
Org Management API is available for the Scale plan.
Check out the Update Team and Create Team endpoint documentation on how to enable the setting.
Check out the Link Errors documentation on how to
catch the duplicate_connection error.
Link Error reporting (Apr 2024)
The Link API now reports errors in terms of a predefined set of Error Types on which your application logic can depend.
We introduce this because there has not been a dependable way for your application logic to understand why a connection attempt has failed, and in turn this prevents your application from providing actionable messages to your end users.
Depending on how you initiate the Link flow, the Link Error would be reported either as a URL query parameter, or as part of the JSON response.
Check out the Link Errors documentation for the detailed guidance.
Understanding Resource Availability (Apr 2024)
When a user connection to a provider is established, the webhook event now includes a resource availability report of the connection.
We introduce this because this helps you understand what resources would and would not be available on a new connection. We also provide insights into how partial consents from users during the OAuth authentication flow can influence the resource availability, so that you can take actions accordingly.
This resource availability report is based on the permissions (also known as API access scopes) the user has granted during the authentication process.
In some cases, a provider resource may be available, but some information could be absent due to some optional scopes having been denied by the user. The availability report includes a full breakdown of granted and denied scopes by their optionality.
If the provider has no concept of API access scopes, we report all resources as available.
You can also query this information at any time through the Get User Connections endpoint.
Check out the Provider Connection Created
(provider.connection.created) event schema and the Get User Connections endpoint documentation.
Fallback Birth Date for Heart Rate Zones (Feb 2024)
You can now set a Fallback Birth Date on a user.
Vital can use this to compute a more accurate workout Heart Rate Zones, when the provider exposes neither heart rate zones nor user age to Vital.
Check out the Heart Rate Zones documentation.
Grouped Timeseries (Feb 2024)
You can now get grouped timeseries data.
This initial release groups data by Source Type from supported providers.
Check out the Blood Oxygen endpoint documentation for an example.
Historical Pull Introspection (Dec 2023)
You can now introspect the status of all one-off user historical data pulls.
It also provides the pulled date-time range, as well as a rough estimate of the amount of data ingested (in terms of “days with data”).
Check out the Historical Pull Introspection endpoint documentation.
User Resources Introspection (Dec 2023)
You can now introspect user data ingestion statistics.
For example, the endpoint provides:
- Oldest and newest data timestamp
- The number of objects sent in
*.createdevents - The status and time of the last ingestion attempt (polling or push)
Check out the User Resources Introspection endpoint documentation.
Vital Sign-In Token for Mobile SDKs (Nov 2023)
Vital Sign-In Token is a new, user-scoped Authentication scheme for Vital Mobile SDKs.
It grants only user-scoped access to your mobile app sign-ins. This allows you to keep your Vital API Keys as server-side secrets.
We encourage all customers using Vital API Keys in their production mobile apps to migrate to the Vital Sign-In Token scheme.
Check out the SDK Authentication guide on how to migrate to this scheme. Check out the Create Sign-In Token endpoint documentation on how to generate tokens for your mobile app sign-ins.