Monitoring interface - Medisana/vitadock-api GitHub Wiki

Monitoring

When registering a new Application the owner can specify a Monitoring URL. After new data was transmitted to a VitaDock Online User account with an Access Token with an Access Right that allows monitoring for that VitaDock Online Module a monitoring event is executed. There, VitaDock Online checks all Access Tokens of the VitaDock Online User and selects those that

  • have an Access Right for the VitaDock Online Module in question,
  • have read access and
  • allow monitoring.

If multiple valid and suitable Access Tokens were found for an Application then only the most recent one will be used for this Application.

After that, all the Monitoring URLs of the corresponding Applications of the selected Access Tokens are called with a signed GET request (i.e. VitaDock Online attaches a signed Authorization Header just as the Consumer usually does with requests to VitaDock Online). This way the Consumer can check the validity of the request and determine which user account on his side needs to be synchronized with VitaDock Online. This can be done by the Consumer by searching through his user database for the connected Access Token. See Figure 1 for a diagram of the process.

Please note that Access Tokens are only for identifying the user on the part of the Consumer and might already be invalid (e.g. it reached its maximum number of read accesses, the user has changed his password or the user has revoked the access rights from your application in the meantime). It is up to your application to check if there is an 401 Not Authorized error when accessing VitaDock Online and redirect the user to the login/permission request page.

Be advised that the push/subscription functionality currently only works in connection with a Consumer providing a web service (i.e. a running server with a real URL). Later versions will support the Apple Push Notification service, email notification and SMS notification.

Unsubscription (partly under construction, March 2013)

Invalidating an Access Token can be done from two sides. You can invalidate (delete) the Access Token in your database and stop synchronizing with VitaDock Online or the user (or VitaDock Online) can invalidate the Access Token on the server side. For the former case you are advised to call VitaDock Online yourself to invalidate the Access Token, for the latter case, instead of waiting for a 401 error to occur, you can add a service to your Monitoring URL. This service is called whenever the Access Token becomes invalid on the VitaDock Online side.

TODO under construction See Figure 2 for a diagram of the process.

Subscription process

Subscription business process Figure 1 - Subscription process

Unsubscription process

Unsubscription business process Figure 2 - Unsubscription process