Legacy API FAQ

What types of data do you collect from your multiple device and app vendors?

The primary categories are Fitness, Routine, Nutrition, Sleep, Weight, Diabetes and Biometric data.

How do you get the data from the devices?

Gathering data from each of the device/app manufacturers is one of the key values we deliver to our customers. For most apps/devices we maintain connections directly through their open API. In some cases, we connect directly to the device/system or they write directly to us. Validic also has a proprietary mobile application and SDK that captures data from non-networked Bluetooth LE enabled devices. Once your users allow your application access to these apps/devices in the marketplace, we will pull their de-identified data into our system.

Do we need to set up a direct deal with each of these apps or devices or is that all done through you?

It’s all done through us. You simply need to work with our API and it is our job to manage each app and device.

How does the data get to us? Does the data push to us or do we have to pull from you?

You can pull data from us anytime with no call limits. Our Enterprise customers may also register push notification URL’s with us in order to receive pub-sub notifications when new data is available for your end users so you can initiate a fetch to pull data.

How often is the data updated? How long until someone sees their data appear?

We have a bountiful Knowledge Base containing many articles to help our customers have information such as this at their fingertips. Please view the Data Sync Time by Source article for details regarding this topic. You can also learn more here.

When the data comes to me, what form is it in?

Data delivered from the Validic API comes as clean, complete and actionable JSON data that has been standardized and normalized to allow you to put that data to use much more quickly and efficiently.

Are units of measure published? Is everything standardized?

Yes, a major part of our value is that we give you clean, complete and actionable data that is both standardized and normalized. We standardize all nomenclature so steps are always steps, not steps taken or strides, for example.We normalize all units so distances are always in meters, not yards or miles, and time is in seconds for example. This is all explained in detail in the data objects section of our API Documentation.

How long does it take to deploy?

This depends on how deeply you want to integrate with our system and your current stage of development. One of the many values Validic provides is an easy to work with, scalable API that can quickly be integrated with your system. We’ve had some clients begin making calls within a matter of hours. However, a typical implementation will last 2-10 weeks. We are very hands on during the implementation process including a technical kickoff call, a discussion of potential trouble spots, best practices, ongoing support and resources pre and post go live.

How does the Validic Marketplace fit into our app/portal?

There are two ways of implementing the Validic Marketplace.

Deploying the Validic Standard HTML5 Marketplace.
Building your own marketplace/user experience via one simple API call providing all the
needed data end points and URL’s to do so.

More information on deploying the Validic Marketplace can be found in the Sync Apps & Devices section of our API Documentation.

Can you customize which apps/devices are displayed in the Marketplace?

Yes, you can curate which apps and devices you would like users to have access to.

Do I need to load Validic on my servers?

No, we are a remotely managed API so there is nothing to install.

Can we get developer data to get started?

Yes, once you’ve signed an NDA we can discuss next steps in providing you with all of the information you need to test the Validic system and determine that it is a viable solution for your needs.

What is the difference between Sandbox and Production credentials?

Both sets of organization credentials provide full access to partners, apps, devices and data. However, the Sandbox credentials, primarily used during testing, do not allow customer branding of the Marketplace. Thus, in the Sandbox environment, all end (test) users will see Validic branding when asked to authenticate.

What is the user provisioning and authentication process?

The user provisioning and authentication process, as Validic refers to it, is a series of two ID (token) exchange mechanisms, or handshakes, that ultimately enables your end user data to remain completely safe, secure and de-identified. This means, through this process, Validic adheres to US-EU-Swiss Safeharbor certification requirements and is fully HIPAA compliant. For technical details regarding this topic, please refer to the User Provisioning section of our API Documentation.

How long do you keep the data?

In compliance with HIPAA standards, Validic persists de-identified data for a minimum of 7 years.

Can we see which device the data came from?

Yes, all data records returned from Validic are sourced. More information regarding data sources and filters can be found in the Data Retrieval section of our API Documentation.

Do you have any SDKs (software development kits) or libraries?

Since we have a straightforward API which is easy to deploy we do not offer an SDK for API integrations. Enterprise customers may discuss mobile app SDK availability with their sales person. We do offer/recommend certain OAuth2 libraries for Ruby and C# which can be found in the API Libraries section of our API Documentation.

Can the standard/default marketplace be used in an iframe?

The standard marketplace is built in HTML5 and can, therefore, be used in an iframe. However, it is important to note, that some of the device vendors’ OAuth pages do not render properly in an iframe. Therefore, Validic does not recommend the use of an iframe as a means to display the standard marketplace.

Is it possible for it to say that our company is requesting access to the data, not Validic?

Yes, that is our standard practice. That said, this is only available with Production credentials and not available with Sandbox credentials.

When we authenticate a user through the marketplace, does the Validic server store the OAuth token on behalf of our client app or are the client credentials created in a totally different mechanism between the individual cloud server and Validic?

Validic stores and maintains the OAuth client credentials for each of the integrated partners (Fitbit, Withings, Jawbone, etc.) and our customers only have to be concerned with managing the one connection with Validic.

Does the OAuth token expire?

No, but we offer an OAuth refresh if desired.

Can the verbiage of the UI be customized?

The standard marketplace has limited customization; however, our Enterprise customers have the option to deploy the custom marketplace in which case they may create their own user interface.

Is the current marketplace web view responsive on mobile?

Yes. Validic is platform and device agnostic.

Can we download the entire data set instead of one end user at a time?

We only allow data to be accessed for those end users who have authenticated with app/device vendors and we do not sell or permit downloads of the entire data set. Data calls to the Validc API may be made at the organization (population) or user level and additional bulk population level data delivery calls are available as well. For more information, please visit the Data Retrieval section of our API Documentation.

If someone was terminated from a company would we have to manually delete them from the Validic system?

Yes, you would send use a DELETE call accompanied by the user access token which results in the deletion of the user and any of their activities in our system. For details on this, please visit the Delete Users section of our API Documentation.

How does the duplication work with multiple apps? What if their run is tracked by multiple apps and devices?

We don’t make assumptions about the data and will return data returned by both devices. The exception is when a single device may upload the same activity to multiple vendors’ websites, in which case we de-dupe that record.

Is there any non-identifiable demographic information that is available for users?

Yes, if it is available from the app/device vendor, we are able to collect and supply Gender, State, Country, Birth Year, Height and Weight.

Are all of the apps pull? Or do some of the apps push data as well?

We receive push notifications from some of our integration partners. We fetch data on regular intervals for the remaining vendors.

Do you pull directly from devices or when they are synced?

We interact with the web presence (when it becomes available to their cloud), not to the actual hardware. The exception is Validic’s proprietary mobile application and SDK that captures data directly from BLE clinical devices.

Do you collect any extra data?

Some non-standardized data points, such as Nike Fuel Points, can be made available through an expanded filter. For more information regarding data filters please visit the Data Retrieval section of our API Documentation.

How do you deal with time zones?

This varies depending on our vendor integration partner. For more information, please read the Timestamp Format & UTC Timezone Offset Support article.

Is the data encrypted?

Yes, the data is encrypted in transit and at rest via 256-bit encryption.

Who owns that data?

Validic does not make any claims regarding the ownership of the data and ultimately your end users own that data thus enabling them the ability to retract access to their data.

Can access tokens be sent using an Authorization HTTP Header?

Yes. Here are two ways to make an API call with the Access Token added as an
Authorization HTTP Header:

Via cURL:

curl -X GET -H ‘Authorization: Token token={ACCESS_TOKEN}’
https://api.validic.com/v1/organizations/{ORGANIZATION_ID}.json

via Standard REST template with Authorization HTTP Headers:

GET https://api.validic.com/v1/organizations/{ORGANIZATION_ID}.json -H ‘Authorization:Token token={ACCESS_TOKEN}’

What is the difference between using the latest.json endpoint and push notifications?

The primary difference is that push notifications are intended for real time, individual user-level data delivery, while the latest.json endpoint is intended for near real time, bulk population-level data delivery. For more information, please read our knowledgebase article: Latest endpoint vs. Push Notifications.

How do I reset or re-acquire a user’s authentication token?

Should you require resetting or re-acquiring a user’s authentication token (the authentication token is provided in our API response when the user is provisioned in our system), you may make a GET request call for a new user authentication token:

JSON

GET https://api.validic.com/v1/organizations/{ORGANIZATION_ID}/users/{VALIDIC_USER_ID}/
refresh_token.json?access_token={ACCESS_TOKEN}

{  
   "code":200,
   "message":"Ok",
   "user":{  
      "id_":"51552cd7fded0SAMPLE00017",
      "uid":"1234567890",
      "authentication_token":"uXek7RK2wSAMPLERv5Q"
   }
}

How do I paginate through large record sets?

When making API calls, it is normal for a given scope (“start_date” and “end_date” of an API call)to include a large record resultset. However, only 100 of these records would be included in the response, up to a maximum of 200 records by adding a “limit” parameter. In order to access the rest of the records in the result set, you may then use the “next” attribute of the Summary object in the API response. The value of “next” is a full HTTP resource that you can use to make an API request and retrieve the next set of records in the resultset. Please note that the succeeding response may as well contain value for the “next” attribute.

Is there an endpoint that returns all the activities (routine, fitness, weight, etc) for a user for a requested period of time?

We do not have a feature to return all activities of a specific user at a certain period of time. We only return activity records per endpoint (Fitness, Routine, Nutrition, Sleep, Weight, Diabetes, and Biometrics).

I am getting a 409 error when provisioning a user, how do I resolve this?

There may be cases where you were unable to save the user’s Validic ID and Access Token during User Provisioning. When you try to provision the same user using the same uid, you get a 409 Conflict Response. For more information regarding steps to resolution, please visit our How to resolve 409 Conflictknowledge base article.

Can we get the total number of users who have already connected an app?

There are three options you may use in order to capture the total number of your users who have already connected an app.

The first option is by making an OrganizationID.json API Call. In the API response, you will be able to retrieve the total number of users who have already connect an app by looking at the “users” field. You may be able to do this by making the sample API Call:

HTTP

The second option is by making the Users.json API Call and appending the parameter “status=active”. Here, you are able to verify the Validic USER IDs or “_id” with each having a corresponding “uid” or the users’ unique identification used when they were provisioned. The API response using this API Call will enable you to see the total number of active users, which by definition mean that they have already connected at least one app. You may be able to do this by making the sample API Call:

Text

The third option is by making the Profile.json API Call. The Profile.json endpoint provides a listing of applications currently synced by user, which will give you the benefit of aggregating the total number of users who have synced a particular application. To do this, you may loop through each of your users and make the following API call below: