This documentation provides the necessary details for third-party applications to integrate with Ultrahuman OAuth 2.0 provider. The provider supports the Authorization Code Grant flow and Refresh Token flow.

Access Tokens

Access tokens are required to access protected resources. They are issued after a successful token exchange and are valid for a week, post week they need to be refreshed.

Scopes

Scopes define the level of access granted to the application. This scopes should be included in the params when requesting the access. Scopes include:

• profile : Grants read access to the user’s basic info like ID, Time zone, etc. (required for /user_info API)
• ring_data: Grants read access to user’s ring metrics (required for ring data in /metrics API)
• cgm_data: Grants read access to user’s CGM metrics (required for cgm data in /metrics API)

Its suggested that applications should request only the scopes they require.

Authorization Code Grant Flow

The Authorization Code Grant flow is used for server-side applications. This flow allows applications to obtain an authorization code and exchange it for an access token.

Flow Steps

1. User Authorization: The application redirects the user to the authorization endpoint.
2. Authorization Code: Upon user consent, the application receives an authorization code.
3. Token Exchange: The application exchanges the authorization code for an access token.
4. Access Resource: The access token is used to access protected resources.