Team Scope Requirements (Apr 24)

You can now tailor what scopes Vital would request from your Users using the Org Management API. This applies when your user connects to an OAuth provider which supports scopes.

Vital ensures that any new provider connection can be established only when the user has granted all the scopes specified in the user_must_grant scope list.

The scopes specified as user_may_grant would be requested alongside the user_must_grant scopes. However, unlike user_must_grant, they do not prevent the connection from being established.

Org Management API is available for the Scale plan.

Check out the Set Team Scope Requirements and Get Team Scope Requirements endpoint documentation on how to enable the setting.

Reject Duplicate Connections (Apr 24)

You can now configure your Vital Team through the Org Management API to reject duplicate wearable connections.

When the reject_duplicate_connection setting is enabled on the Team, Vital checks whether or not the provider-reported user ID is already connected to an existing User in your Team.

If it does, the Link API would report the duplicate_connection error.

Org Management API is available for the Scale plan.

Check out the Update Team and Create Team endpoint documentation on how to enable the setting.

Check out the Link Errors documentation on how to catch the duplicate_connection error.

The Link API now reports errors in terms of a predefined set of Error Types on which your application logic can depend.

We introduce this because there has not been a dependable way for your application logic to understand why a connection attempt has failed, and in turn this prevents your application from providing actionable messages to your end users.

Depending on how you initiate the Link flow, the Link Error would be reported either as a URL query parameter, or as part of the JSON response.

Check out the Link Errors documentation for the detailed guidance.

Understanding Resource Availability (Apr 24)

When a user connection to a provider is established, the webhook event now includes a resource availability report of the connection.

We introduce this because this helps you understand what resources would and would not be available on a new connection. We also provide insights into how partial consents from users during the OAuth authentication flow can influence the resource availability, so that you can take actions accordingly.

This resource availability report is based on the permissions (also known as API access scopes) the user has granted during the authentication process.

In some cases, a provider resource may be available, but some information could be absent due to some optional scopes having been denied by the user. The availability report includes a full breakdown of granted and denied scopes by their optionality.

If the provider has no concept of API access scopes, we report all resources as available.

You can also query this information at any time through the Get User Connections endpoint.

Check out the Provider Connection Created (provider.connection.created) event schema and the Get User Connections endpoint documentation.

Fallback Birth Date for Heart Rate Zones (Feb 24)

You can now set a Fallback Birth Date on a user.

Vital can use this to compute a more accurate workout Heart Rate Zones, when the provider exposes neither heart rate zones nor user age to Vital.

Check out the Heart Rate Zones documentation.

Grouped Timeseries (Feb 24)

You can now get grouped timeseries data.

This initial release groups data by Source Type from supported providers.

Check out the Blood Oxygen endpoint documentation for an example.

Historical Pull Introspection (Dec 23)

You can now introspect the status of all one-off user historical data pulls.

It also provides the pulled date-time range, as well as a rough estimate of the amount of data ingested (in terms of “days with data”).

Check out the Historical Pull Introspection endpoint documentation.

User Resources Introspection (Dec 23)

You can now introspect user data ingestion statistics.

For example, the endpoint provides:

  1. Oldest and newest data timestamp
  2. The number of objects sent in *.created events
  3. The status and time of the last ingestion attempt (polling or push)

Check out the User Resources Introspection endpoint documentation.

Vital Sign-In Token for Mobile SDKs (Nov 23)

Vital Sign-In Token is a new, user-scoped Authentication scheme for Vital Mobile SDKs.

It grants only user-scoped access to your mobile app sign-ins. This allows you to keep your Vital API Keys as server-side secrets.

We encourage all customers using Vital API Keys in their production mobile apps to migrate to the Vital Sign-In Token scheme.

Check out the SDK Authentication guide on how to migrate to this scheme. Check out the Create Sign-In Token endpoint documentation on how to generate tokens for your mobile app sign-ins.