A webhook (also called a web callback or HTTP push API) is a way for Spike to provide other applications with real-time information. A webhook delivers data to other applications as it happens, meaning you get data immediately—unlike a typical API where you would need to poll for data very frequently to get it in real-time. This makes webhooks much more efficient for the provider and consumer. Webhooks are almost always faster than polling and require less work to implement. New data will be normalized and sent to your webhook URL address.
The endpoint you create must be configured to accept POST requests. It has to be an HTTPS-secured endpoint on your server with a distinct URL. You can enable/disable webhook messages and configure your webhook URL address in your app settings page in the developer console.
Webhooks can be enabled/disabled via Spike API too.
All Spike webhook events have the following structure in JSON format. In the example below you will find all possible fields that can be returned in the top-level JSON object for a webhook payload.
Unique identification assigned by Spike to each webhook notification. This is a synthetic ID, and it has no relation to the content of the notification.
Webhook event type.
The time when the ping data from the provider was received.
Spike user ID (UUID)
User ID from your systems
Data source (Garmin, Fitbit...)
Data type (sleep, steps...)
Data payload. The data format depends on the data type. All data types and examples can be found in the Metrics section.
Requests will be retried 5 times with 180s intervals if your server returns a non-2xx response code, or if the request times out.
All Requests have the header X-Spike-Signature for request verification. A signature is HMAC (sha256) encoded string containing hexadecimal digits. The message value is event_id, the secret is your app secret token.