API
Detecting password expiration in password-based connections (July 2025)
The Link Password Provider endpoint, the Get User Connections endpoint
and the Provider Connection Error events would now report password expiration using the provider_password_expired error type.
This mainly affects Abbott LibreView patient-based connections.
Introducing Universal Group By Support to Horizon AI Query (June 2025)
Horizon AI Query is in closed beta.
Interested in the Horizon AI Query? Get in touch with your Customer Success Manager.
Horizon AI Query can now group and aggregate the data by any Table Column expression and/or any Source Column expression.
This gives you more options on how the data should be dissected — not just by calendar units, but now also by Data Source fields and categorical values from the data itself.
Details
Details
Check out the Group By clause documentation.
If both the Provider and Source Type Source Columns are present in the Group By clause, the implicit Data Prioritization behaviour would be disabled.
Example queries
Introducing Timeseries Data Support to Continuous Query (June 2025)
Horizon AI Query is in closed beta.
Interested in the Horizon AI Query? Get in touch with your Customer Success Manager.
We have expanded Continuous Query to support timeseries resources in addition to the previously available summary resources.
With a few simple configuration steps, Continuous Query enables you to:
-
Extract aggregations of high‑volume timeseries data collected across all your active user device connections; and
-
Offload this concern to Junction, allowing you to simplify your data pipeline and focus on extracting actionable signals.
Details
Details
You can now select timeseries resources in a Query:
- For each resource, you can select all of specific fields of interest.
- You can select multiple timeseries resources simultaneously, even though they are of different types (discrete, interval of blood pressure).
Check out the Table Column expression documentation.
Examples of Timeseries Table Column expressions
External User ID of User Connections (April 2025)
We now expose the External User ID of User Connections in the Provider Connection Created event and Get User Connections endpoint.
The External User ID is the unique user identifier supplied by the provider, e.g., the Fitbit User ID for Fitbit connections.
| Connection type | Content |
|---|---|
| OAuth Providers | User unique identifier; provider-specific formats |
| Password Providers | Username |
| Email Providers | |
| Junction Mobile SDK Providers | null (not available at this time) |
Details
Details
Check out the Provider Connection Created event and Get User Connections endpoint documentation.
Link API Improvements (Jan 2025)
We have increased Link Token expiry from 15 minutes to 60 minutes.
We have also added an on_error=redirect Link Token option which forces any error scenario to redirect to your specified redirect_url
URL, disabling any in-built error handling behaviour in the Link Widget.
Details
Details
Check out the Link Error format and the Generate a Link Token endpoint documentation.
Extendable Historical Date Ranges (Jul 2024)
We now offer the ability to set custom historical data ranges for wearables providers, with resource-level granularity.
Details
Details
You can now extend the historical pull range for a number of supported providers using the Org Management API
Org Management API is available for the Scale plan.
Check out the Set Data Pull Preferences, Get Data Pull Preferences, Delete Data Pull Preferences endpoint documentation for more details.
Introspection: Historical Pull Timeline (May 2024)
The Historical Pull Introspection endpoint now reports the execution timeline of historical pulls.
Details
Details
The timeline tracks when the historical pull was scheduled, started, and eventually ended (success or failure). This improves the visibility around the latency of historical pulls, as well as providing more indicator of an incomplete execution.
Check out the Historical Pull Introspection endpoint documentation.
Team Scope Requirements (Apr 2024)
You can now tailor what scopes Vital would request from your Users using the Org Management API. This applies when your user connects to an OAuth provider which supports scopes.
Details
Details
Vital ensures that any new provider connection can be established only when the user has granted all the scopes specified in the user_must_grant scope list.
The scopes specified as user_may_grant would be requested alongside the user_must_grant scopes. However, unlike user_must_grant, they do not prevent the connection from being established.
Org Management API is available for the Scale plan.
Check out the Set Team Scope Requirements and Get Team Scope Requirements endpoint documentation on how to enable the setting.
Reject Duplicate Connections (Apr 2024)
You can now configure your Vital Team through the Org Management API to reject duplicate wearable connections.
Details
Details
When the reject_duplicate_connection setting is enabled on the Team, Vital checks whether or
not the provider-reported user ID is already connected to an existing User in your Team.
If it does, the Link API would report the duplicate_connection error.
Org Management API is available for the Scale plan.
Check out the Update Team and Create Team endpoint documentation on how to enable the setting.
Check out the Link Errors documentation on how to
catch the duplicate_connection error.
Link Error reporting (Apr 2024)
The Link API now reports errors in terms of a predefined set of Error Types on which your application logic can depend.
Details
Details
We introduce this because there has not been a dependable way for your application logic to understand why a connection attempt has failed, and in turn this prevents your application from providing actionable messages to your end users.
Depending on how you initiate the Link flow, the Link Error would be reported either as a URL query parameter, or as part of the JSON response.
Check out the Link Errors documentation for the detailed guidance.
Understanding Resource Availability (Apr 2024)
When a user connection to a provider is established, the webhook event now includes a resource availability report of the connection.
Details
Details
We introduce this because this helps you understand what resources would and would not be available on a new connection. We also provide insights into how partial consents from users during the OAuth authentication flow can influence the resource availability, so that you can take actions accordingly.
This resource availability report is based on the permissions (also known as API access scopes) the user has granted during the authentication process.
In some cases, a provider resource may be available, but some information could be absent due to some optional scopes having been denied by the user. The availability report includes a full breakdown of granted and denied scopes by their optionality.
If the provider has no concept of API access scopes, we report all resources as available.
You can also query this information at any time through the Get User Connections endpoint.
Check out the Provider Connection Created
(provider.connection.created) event schema and the Get User Connections endpoint documentation.
Fallback Birth Date for Heart Rate Zones (Feb 2024)
You can now set a Fallback Birth Date on a user.
Details
Details
Vital can use this to compute a more accurate workout Heart Rate Zones, when the provider exposes neither heart rate zones nor user age to Vital.
Check out the Heart Rate Zones documentation.
Grouped Timeseries (Feb 2024)
You can now get grouped timeseries data.
Details
Details
This initial release groups data by Source Type from supported providers.
Check out the Blood Oxygen endpoint documentation for an example.
Historical Pull Introspection (Dec 2023)
You can now introspect the status of all one-off user historical data pulls.
Details
Details
It also provides the pulled date-time range, as well as a rough estimate of the amount of data ingested (in terms of “days with data”).
Check out the Historical Pull Introspection endpoint documentation.
User Resources Introspection (Dec 2023)
You can now introspect user data ingestion statistics.
Details
Details
For example, the endpoint provides:
- Oldest and newest data timestamp
- The number of objects sent in
*.createdevents - The status and time of the last ingestion attempt (polling or push)
Check out the User Resources Introspection endpoint documentation.
Vital Sign-In Token for Mobile SDKs (Nov 2023)
Vital Sign-In Token is a new, user-scoped Authentication scheme for Vital Mobile SDKs.
Details
Details
It grants only user-scoped access to your mobile app sign-ins. This allows you to keep your Vital API Keys as server-side secrets.
We encourage all customers using Vital API Keys in their production mobile apps to migrate to the Vital Sign-In Token scheme.
Check out the SDK Authentication guide on how to migrate to this scheme. Check out the Create Sign-In Token endpoint documentation on how to generate tokens for your mobile app sign-ins.