API reference

Introduction

once you have credentials on the spike developer console you can begin using spike api api authentication for a user to establish connection to spike authentication must be done application user id should be be constant throughout entire user lifecycle user requires no pre registration and will be valid from the moment of first provider integration is authorized curl location 'https //app api spikeapi com/v3/auth/hmac' \\ \ header 'content type application/json' \\ \ header 'accept application/json' \\ \ data '{ "application id" 9999, "application user id" "my application user 123", "signature" "string" }' required parameters application id (int) application id is constant and can be found on your console after login it's unique identifyer of your application application user id (string) id you have selected to uniquely identify user on your own system, for e g " my application user 123 " signature (string) signature generated per each user using hmac signature generation example const crypto = require('crypto'); // example signuser("my application user 123") function signuser(userid) { const hmackey = "hmac key from admin console"; const hmac = crypto createhmac('sha256', hmackey); hmac update(userid); return hmac digest('hex'); }import hmac import hashlib \# example sign user("my application user 123") def sign user(user id str) > str hmac key = b"hmac key from admin console" h = hmac new(hmac key, user id encode(), hashlib sha256) return h hexdigest()import ( &#x9;"crypto/hmac" &#x9;"crypto/sha256" &#x9;"encoding/hex" ) // example signuser("my application user 123") func signuser(userid string) (string, error) { &#x9;m = hmac new(sha256 new, \[]byte("hmac key from admin console")) &#x9; , err = m write(\[]byte(userid)) &#x9;if err != nil { &#x9; return "", err &#x9;} &#x9;return hex encodetostring(m sum(nil)), nil }\<?php // example signuser("my application user 123") function signuser($userid) { $hmackey = "hmac key from admin console"; $hmac = hash hmac('sha256', $userid, $hmackey, false); return $hmac; } integration initialization api integration initialization to connect users with data providers, first make an api call to get a redirect url then redirect users to this url to start the oauth integration process api endpoint https //app api spikeapi com/v3/providers/{provider slug}/integration/init url provider slug is a canonical name of a provider, eg fitbit, garmin, huawei, oura, etc query parameters redirect uri (string, url) optional url to redirect the user back to after the integration is complete must be a whitelisted domain for your application state (string) optional state parameter that will be passed back to your redirect uri can be used to maintain state between the request and callback so to get back an integration url for garmin you would make the following call curl x get "https //app api spikeapi com/v3/providers/garmin/integration/init url" h "authorization bearer eyjhbgcioijiuzi1niisinr5cci6ikpxvcj9 eyjpc3mioii5otk5iiwic3viijoiyxbwbgljyxrpb24tdxnlci1pzc0xmjmifq xni1y4tkrjdisehwuqdmk9em htpojtmzbou30nmd y" which returns { "provider slug" "garmin", "path" "https //app api spikeapi com/v3/providers/garmin/integration/init/ic/8usq2pfxn1g6zfic3viijoiyxvsqk9bgjbeacdiclovyuahr5fo0qic3viijoiyxjuchcfg8o2auqlw" } you can then redirect the user to path which would initiate the integration process get data from devices below you can find user id (string) key returned by spike connect device request this key should be stored in your database against the user and used for all interactions with the spike api from (date) query data from time format 2025 01 02 or 2025 01 02t15 04 05 to (date) query data to time format 2025 01 02 or 2025 01 02t15 04 05 timezone (string) the timezone to use for responses, it would convert the original timestamp to this timezone; to avoid conversion and keep original user's timezone provide "local" curl location 'https //app api spikeapi com/v3/queries/provider records' \\ \ header 'content type application/json' \\ \ header 'accept application/json' \\ \ header 'authorization bearer ' \\ \ data '{ "from" "2025 03 20t00 00 00", "to" "2025 03 21t00 00 00", "timezone" "europe/london" }'
Did this page help you?
PREVIOUS
Background data delivery
NEXT
Authenticate via HMAC
Docs powered by Archbee