| Buy in white | Buy in black | Buy both |
Withings Body metrics Services API (WBS API) is a set of webservices allowing developers and third parties limited access to users' data.
Prior to any access by an external application, the user has to explicitly allow their data to be accessed through the WBS API. The authentication and provisionning procedure is described in our Oauth implementation guide.
It is freely available for non-commercial use by any developer and may be licensed (or freely licensed in some cases) for commercial use by prior arrangement.Please review the API terms of use and register your service, website or application here. Please contact us if you have any question regarding this process.
A small PHP library is available to illustrate this documentation. Giving it a look will save you time. It is here.
Stefan Andersen feeled the urge to rewrite this sample code using more classes and exceptions. You can find it here.
If you are an iPhone developer, you may download the sample iPhone application source code. This application is a example of code to illustrate the API and not the wiScale application. It will anyway save a lot of time to those integrating our API in an iPhone application.
Android developers can find sample code and more information about integration with Android applications in this page
The WBS API is REST-based. Basically, WBS requests are sent as HTTP POST or GET requests.
A typical WBS API service request follows this template :
Where :
[service_name] is the requested service,
[action_name] is the action you want to perform on the requested service,
[parameters] are parameters, mandatory or optional, passed to the requested service.
Every service needs a mandatory action parameter. For example, the user service has two possible actions (getbyuserid and update). action is a parameter of the GET or POST request (user?action=getbyuserid)
For every thing you want to do, there is a service and an action. The measure?action=getmeas service, which gets anything ranging from the user's weight and body fat to blood pressure and heart pulse, is probably the most useful.
Responses to such requests are JSON documents. All responses look like the following:
The body field may eventually be absent or empty, depending on the service/action requested and the success or failure of the requested action.
Any single response will provide a mandatory status field. A status value set to 0 means that the action was successfully processed. Other values mean the request was not processed properly. Please refer to the Error codes sections to get a hint as to what went wrong, and why.
A json library IS available for your programming language at http://www.json.org. Please don't try to parse a JSON document without first visiting this site. Use an already available JSON library: it saves a lot of effort.
As a first example (and this is a good starting point to check that this is working in your actual environement):
returns
You typically use the WBS API to retrieve data related to a given user, for example weight and body fat or blood pressure measurements. A user is part of an account.
An account is what Withings device users use to log into their dashboard. An account is uniquely defined by an email address. For access to be granted to a given account, its password (chosen by the user at registration time) is needed. A single account might be used by several device users (a parent and their young kids), or each user might have their own account.
A user (as listed in the dashboard's leftmost part) of a Withings device is uniquely defined by a userid and is tied to your own application through his Oauth credentials. These parameters are mandatory in all requests and are given back to your application as soon as you tie your application to the userid. For more information on setting up and retrieving Oauth credentials between your application and a Withings user, please refer to Oauth implementation guidelines. Every single request made to WBSAPI must include authentication parameters, and in particular an Oauth signature that will allow the API to authenticate you.
The required Oauth parameters are :
A complete WBSAPI request would be :
The most effective way for third parties to retrieve measurements updates is to setup notifications (some might call it "Push") for the users they are interested in. Notifications are handled on a user-per-user basis : each third party application shall subscribe once for every user being monitored, as explained here. Each time the subscribed users use their device and make it create a new measurement, or manually add, delete or modify any measurement or objective, the WBS API will send notifications to all their monitoring third parties.
A given user can not be subscribed by more than 16 third parties.
When the WBS API sees that subscriber data has been modified, it sends a notification to the subscribing third party application. The notification contains information that helps to determine what should be downloaded to remain in sync.
Notifications subscriptions last 3 weeks and it is the subscriber responsability to renew the subscription when necessary, as explained here. Checking for the existence of a subscription and the retrieval of its expiry date can be performed as shown here.
Would you need to list all the subscriptions you previously set for a given user, have a try with list.
The subscription can be revoked at anytime, as explained here.
Several use cases can be performed with this service, depending on its input parameters.
The userid parameter is mandatory. ALL others are provided for filtering purposes and are optional.
| Required | Name | Type | Description |
| required | userid | integer | The userid of the target user. This value is obtained when your user links his/her Withings account with your application. |
| optional | startdate | integer (EPOCH format) | Will prevent retrieval of values dated prior to the supplied parameter. |
| enddate | integer (EPOCH format) | Will prevent retrieval of values dated after the supplied parameter. | |
| devtype | integer | Will retrieve data for this particular device type. For exemple, using &devtype=1 will retrieve all body scale related measures (including weight, fatmass and fatfree mass), while using &devtype=0 will retrieve all user personal data (ie. the height and weight entered at user creation time). Can be used as a bitmask if necessary. | |
| meastype | integer | Will restrict the type of data retrieved (see below the type list). Please note that currently this filter only supports weight (ie type 1) height (ie type 4) types. | |
| lastupdate | integer (EPOCH format) | Is useful for performing data synchronization. It can be used by the system using the WBS API to supply the last time (EPOCH format) it acquired data. Only entries which have been added or modified since this time are retrieved. | |
| category | integer | Can be set to 2 to retrieve objectives or to 1 to retrieve actual measurements. | |
| limit | integer | Can be used to limit the number of measure groups returned in the result. For instance, setting &limit=1 will return the last measure group only. Measure groups are always delivered from the newest to the oldest one. | |
| offset | integer | Can be used to skip the 'offset' most recent measure group records of the result set. For instance, setting &offset=10 will return the 11th measure group and onward. Used in conjunction with limit, it can be used to acquire large data sets in several requests. |
As with every service, the answer starts with a status that should be 0, and a body that contains the actual result, an array of measuregrps (measure groups) related to the specified user.
| Measure group content fields | |
|---|---|
| Name | Description |
| grpid | A unique grpid (Group Id), useful for performing synchronization tasks. |
| attrib | An attrib (Attribute), defining the way the measure was attributed to the user. It may take the values shown in the Attribution status table below. |
| date | The date (EPOCH format) at which the measure was taken or entered. |
| category | The category of the group. A measure group can represent either measures captured by the device or objectives set by the user. The category field indicates for each measure group whether the measures in the group are measurements or targets. Refer to the Category values table below. |
| measures | An array of measures that belong to this particular measure group. |
| Measure content fields | |
|---|---|
| Name | Description |
| type | A type which can be one of the ones specified in the Measure types table. |
| value | A value which is the actual value of the measure (integer). |
| unit | A unit which represents the power of 10 that has to be multipled by value to find the actual data (integer). |
| Attribution status table | |
|---|---|
| Attribution Mode | Description |
| 0 | The measuregroup has been captured by a device and is known to belong to this user (and is not ambiguous) |
| 1 | The measuregroup has been captured by a device but may belong to other users as well as this one (it is ambiguous) |
| 2 | The measuregroup has been entered manually for this particular user |
| 4 | The measuregroup has been entered manually during user creation (and may not be accurate) |
| Category table | |
|---|---|
| Category | Description |
| 1 | Measure |
| 2 | Target |
| Measure types table | |
|---|---|
| Type | Description |
| 1 | Weight (kg) |
| 4 | Height (meter) |
| 5 | Fat Free Mass (kg) |
| 6 | Fat Ratio (%) |
| 8 | Fat Mass Weight (kg) |
| 9 | Diastolic Blood Pressure (mmHg) |
| 10 | Systolic Blood Pressure (mmHg) |
| 11 | Heart Pulse (bpm) |
| Device types table | |
|---|---|
| Type | Description |
| 0 | User related (for the moment, only height and weight) |
| 1 | Body scale |
| 4 | Blood pressure monitor |
As an example, the following JSON measure { "value": 79300, "unit": -3, "type": 1 } means "This is a weight measurement of 79,3 kg".
Note: Our units are SI units (kilogram, meter, mmHg, etc.). In case you come from a country that uses the imperial system (ie, Burma, Liberia, or the United States), you may have to convert the values to your local representation.
| Name | Description |
| updatetime | The webservices local timestamp at which the Json response was generated |
| more | If present, this field means that your query yielded too many measure groups to fit in a single response. Either you provided a limit parameter and the query yielded more groups than limit, or you didn't and the query yielded more than the default implicit limit (currently 2048 groups by query). In any case, it is up to your application to request remaining groups using measure/getmeas and providing offset parameter. The more value represents the number of remaining groups still to be fetched. |
| measuregrps | An array containing the measures, see above |
| Code | Description |
| 0 | Operation was successfull |
| 2555 | An unknown error occured |
| 247 | The userid provided is absent, or incorrect |
| 250 | The provided userid and/or Oauth credentials do not match. |
{
"status": 0,
"body": {
"updatetime": 1249409679,
"measuregrps": [
{
"grpid": 2909,
"attrib": 0,
"date": 1222930968,
"category": 1,
"measures": [
{
"value": 79300,
"type": 1,
"unit": -3
},
{
"value": 652,
"type": 5,
"unit": -1
},
{
"value": 178,
"type": 6,
"unit": -1
},
{
"value": 14125,
"type": 8,
"unit": -3
}
]
},
{
"grpid": 2908,
"attrib": 0,
"date": 1222930968,
"category": 1,
"measures": [
{
"value": 173,
"type": 4,
"unit": -2
}
]
}
]
}
}
This service will return an array containing information regarding the specified user.
This can be used to retrive a user's firstname, lastname, gender, or birthdate.Issuing such a request on a professional account 'unknown' user will only yield id and firstname elements since other ones are not significant for anonymous users.
| Required | Name | Type | Description |
| required | userid | integer | The userid of the target user. This can be obtained through an account/getuserslist or through the user's "Share" overlay in the dashboard. |
This service allows third parties to subscribe to notifications. Once the notification service has been subscribed, the WBS API will notify the subscriber whenever the target user's measurements or objectives are added, modified or deleted.
This allows third party applications to remain in sync with user's data.
To monitor a user, its userid is needed.
Two parameters are mandatory in all cases : userid and callbackurl. The optional parameter appli can be used to restrict the request to the given device type.
| Required | Name | Type | Description |
| required | userid | integer | The userid of the user to subscribe notification for. This can be obtained through an account/getuserslist or through the user's "Share" overlay in the dashboard. |
| required | callbackurl | URL-encoded string | The URL the API notification service will call. . WBS API notification are merely HTTP POST requests to this URL (such as http://www.yourdomain.net/yourCustomApplication.php ?userid=123456&startdate=1260350649&enddate=1260350650). Those requests contain startdate and enddate parameters (both are integers in EPOCH format) and the userid it refers to. It is up to the targeted system to issue a measure/getmeas request using both figures to retrieve updated data. This URL shall be provided as a URL-encoded string. Please refer to w3schools URL encoding reference to learn more about URL encoding, use free online URL encoders or check the example provided. The URL length shall not be greater than 128 characters. |
| optional | appli | integer | Default value : 1 (Bodyscale). This field specifies the device type for which the notification is to be activated. See measure/getmeas for supported device types. |
| required | comment | UTF-8 encoded string | The comment string is used as a description displayed to the user when presenting him your notification setup. |
| Code | Description |
| 0 | Operation was successfull |
| 2555 | An unknown error occured |
| 247 | The userid is either absent or incorrect |
| 250 | The provided userid and/or Oauth credentials do not match. |
| 293 | The callback URL is either absent or incorrect |
| 304 | The comment is either absent or incorrect |
| 305 | Too many notifications are already set |
In this example, we assume the target callback URL is http://www.yourdomain.net/yourCustomApplication.php. Once URL-encoded (you can find free online URL encoders here, this transforms into the following :
As a consequence, the resulting subscribe request results in the following. Please note how the URL-encoded form of the callback URL was used, not the callback URL itself :
{
"status": 0
}
This service allows third party applications to revoke a previously subscribed notification.
This will disable the notification feature between the WBS API and the specified applications for the specified user.
Two parameters are mandatory in all cases : userid and callbackurl. The optional parameter appli can be used to restrict the request to the given device type.
| Required | Name | Type | Description |
| required | userid | integer | The userid of the target user. |
| required | callbackurl | URL-encoded string | The URL-encoded URL used when subscribing to the notification service for the specified user. |
| optional | appli | integer | Default value : 1 (Bodyscale). This field specifies the device type for which the notification is to be deactivated. See measure/getmeas for supported device types. |
| Code | Description |
| 0 | Operation was successfull |
| 2555 | An unknown error occured |
| 247 | The userid is either absent or incorrect |
| 250 | The provided userid and/or Oauth credentials do not match. |
| 293 | The callback URL is either absent or incorrect |
| 294 | No such subscription could be deleted |
{
"status": 0
}
This service allows third party applications to check whether the notification service was previously subscribed on a specific user and to retrieve the subscription expiry date.
Two parameters are mandatory in all cases : userid and callbackurl. The optional parameter appli can be used to restrict the request to the given device type.
| Required | Name | Type | Description |
| required | userid | integer | The userid of the target user. |
| required | callbackurl | URL-encoded string | The URL-encoded URL used when subscribing to the notification service for the specified user. |
| optional | appli | integer | Default value : 1 (Bodyscale). This field specifies the device type for which the notification is to be retrieved. See measure/getmeas for supported device types. |
As with every service, the answer starts with a status that should be 0, and a body that contains the actual result, in this case the expiry date of the notification subscription for this user and its associated comment.
| Code | Description |
| 0 | Operation was successfull |
| 2555 | An unknown error occured |
| 247 | The userid is either absent or incorrect |
| 250 | The provided userid and/or Oauth credentials do not match. |
| 286 | No such subscription was found |
| 293 | The callback URL is either absent or incorrect |
| 343 | No notification matching the criteria was found |
{
"status": 0,
"body": {
"expires": 2147483647,
"comment": "Your Own Application Description"
}
}
This service allows third party applications to list all their currently provisionned notification callbacks for a specific user and to retrieve the subscriptions expiry dates.
Only the userid parameter is mandatory. The optional parameter appli can be used to restrict the request to the given device type.
| Required | Name | Type | Description |
| required | userid | integer | The userid of the target user. |
| optional | appli | integer | Default value : 1 (Bodyscale). This field specifies the device type for which the notification is to be retrieved. See measure/getmeas for supported device types. |
As with every service, the answer starts with a status that should be 0, and a body that contains the actual result, in this case the expiry date of the notification subscription for this user and its associated comment.
| Code | Description |
| 0 | Operation was successfull |
| 2555 | An unknown error occured |
| 247 | The userid is either absent or incorrect |
| 250 | The provided userid and/or Oauth credentials do not match. |
| 293 | The callback URL is either absent or incorrect |
| 305 | Too many profiles were to be returned |
{
"status":0,
"body": {
"profiles": [{"expires":2147483647,"comment":"http:\/\/www.withings.com"},{"expires":2147483647,"comment":"http:\/\/www.corp.withings.com"}]
}
}