{{ body }}
Important information about our API
We are making important non-backward-compatible changes to our API. Therefore, you may need to make time-sensitive changes to your application.
CLOSING THE OAUTH 1.0 AUTHENTICATION
The Health Mate API is now fully functional with OAuth 2.0 authentication protocol. Therefore, the OAuth 1.0 process will no longer be supported beginning November 30, 2018.
WHY ARE WE MAKING THIS CHANGE?
When the Health Mate API was first developed, we implemented the OAuth 1.0 process to ensure authentication. Because the OAuth 2.0 protocol is now available and easier to use, we have decided to improve our API by integrating the OAuth 2.0 authentication protocol.
WILL NOKIA HEALTH WEB SERVICES CHANGE?
If you update to our new process outlined in this email, the Health Mate API will provide the same web services for retrieving user information and measures.
WHAT DO YOU NEED TO DO?
You must integrate the OAuth 2.0 authentication process and transform your current OAuth 1.0 tokens into OAuth 2.0 tokens. You must then use those new tokens in every call to our API.
For more information, please refer to the new documentation, which replaces the previous version. See the new documentation
OTHER SECURITY CHANGES
1. NOTIFICATION CALLBACK URLS VERIFICATION
We have implemented new rules regarding notify callback URLs to improve security. Subscriptions with an invalid callback URL will be deleted November 30, 2018. Please note that:
  • HTTPS is now required
  • If you specify a port, you must only use 443
  • The URL must not contain an IP
  • The use of localhost is no longer allowed
If your notifications do not follow these new rules, please refer to the Notify section of our documentation to learn how to make changes.
2. OAUTH 2.0 CALLBACK URL VERIFICATION
As of November 2018, the OAuth 2.0 workflow will only accept redirect URLs in HTTPS. You can edit to redirect your URL in the OAuth 2.0 dashboard.
3. HTTPS REQUIRED WITH SNI AND TLS 1.2
HTTPS with the SNI (Server Name Indication) extension will be required as of November 2018. HTTP calls will be rejected.
You must use a client that supports TLS 1.2. To follow industry standards, including those provided by NIST and PCI-DSS, we will drop support for TLS versions 1.0 and 1.1 beginning November 30, 2018.
NEW DOCUMENTATION
The new official documentation is available at:
https://developer.health.nokia.com
QUESTIONS?
If you still have questions, don’t hesitate to reach out to us at:
partner-api@withings.com
Thank you,
The Health Mate API Team