Scanbo Health Developer Platform

Back

Rely

BETA

API Docs

Overview

Endpoints

⚡ Example data only — replace with real credentials

Exposed API Documentation

Two endpoints for external integrators: authenticate with app credentials, then call the health gateway with the returned JWT.

https://dev-relay-backend.agent.scanbo.ai/api/v1

Getting Started

Before calling any API, complete these 3 steps on the Rely platform.

Create your account on the Rely platform. Use the link below to open the portal.

https://dev-relay-backend.agent.scanbo.ai ↗

Create an Application

Go to Dashboard → Applications → New Application and fill in the required fields:

App Name — A unique name to identify your application

Webhook URL — Your server endpoint to receive health data events

Redirection URL — OAuth callback URL after user authorizes a device

Select Devices — Choose which health providers to enable (Apple Health, Oura, Fitbit, etc.)

Generate OAuth / API Credentials

Inside your application, go to OAuth / API Keys and generate credentials. You will get a Client ID and Client Secret — use these in the two APIs documented below.

✅

Once you have your credentials, proceed to the App Credentials endpoint below to get your JWT token and start calling the Health Gateway.

Common Requirements

All requests under /api/v1 require tenant headers unless noted otherwise.

Header	Required	Example	Description
`Content-Type`	Yes (POST)	`application/json`	JSON request body
`x-country-code`	Yes	`IN`	ISO country code (IN, US, EU, AE…)
`x-tenant-id`	Yes*	`rely-health-default`	Tenant slug or ObjectId

* In development, server may fall back to DEFAULT_TENANT_ID from environment.

Standard response envelope

JSON

{
  "success": true,
  "code": 200,
  "message": "Human-readable message",
  "data": { }
}

Get User by App Credentials

Authenticate a registered application with client credentials. Returns user profile, JWT tokens, and active connector sources.

POST

/api/v1/

Auth

None (body credentials)

Dispatcher field

routname

Value

get-user-by-app-credentials

Request

HTTP

POST /api/v1/ HTTP/1.1
Host: dev-relay-backend.agent.scanbo.ai
Content-Type: application/json
x-country-code: IN
x-tenant-id: rely-health-default

Body parameters

Field	Type	Required	Description
`routname`	string	Yes	`get-user-by-app-credentials`
`clientId`	string	Yes	App client ID
`clientSecret`	string	Yes	App client secret
`applicationId`	string	Yes*	Registered application ID

JSON · Request

{
  "routname": "get-user-by-app-credentials",
  "clientId": "rely_app_client_7f3a9c2e1b",
  "clientSecret": "sk_live_fake_8Qm2pL9xR4vN6wK1",
  "applicationId": "674a1b2c3d4e5f6789012345"
}

Success Response

JSON

200 OK

{
  "success": true,
  "code": 200,
  "message": "User retrieved successfully",
  "data": {
    "user": {
      "id": "674901234567890123456789",
      "firstName": "Priya",
      "email": "[email protected]",
      "role": "user",
      "userStatus": "active"
    },
    "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "activeDevices": [
      { "key": "strava", "name": "Strava",    "status": "active" },
      { "key": "oura",   "name": "Oura Ring", "status": "ACTIVE" }
    ]
  }
}

Use data.accessToken as the Bearer token for Health API calls.

Error Responses

JSON

422

{ "success": false, "message": '"clientId" is required.', "code": 422 }

JSON

401

{ "success": false, "message": "Invalid client credentials.", "code": 401 }

JSON

403

{ "success": false, "message": "App credentials are inactive.", "code": 403 }

cURL

Bash

curl -X POST 'https://dev-relay-backend.agent.scanbo.ai/api/v1/' \
  -H 'Content-Type: application/json' \
  -H 'x-country-code: IN' \
  -H 'x-tenant-id: rely-health-default' \
  -d '{
    "routname": "get-user-by-app-credentials",
    "clientId": "rely_app_client_7f3a9c2e1b",
    "clientSecret": "sk_live_fake_8Qm2pL9xR4vN6wK1",
    "applicationId": "674a1b2c3d4e5f6789012345"
  }'

Health API Gateway

Unified entry for wearable health operations. Uses routeName (camelCase), not routname.

POST

/api/v1/health

Auth

Bearer accessToken

Public routes

connectOura, connectStrava…

Supported routeName values

routeName	Auth	Purpose
`getAllHealthData`	Yes	Aggregated health metrics from connected providers
`getUserProfile`	Yes	Profile data per connected source
`getConnectionStatus`	Yes	Provider link status and last sync
`connectOura`	No	Start Oura OAuth flow
`connectStrava`	No	Start Strava OAuth flow
`connectFitbit`	No	Start Fitbit OAuth flow
`disconnectConnector`	Yes	Disconnect one or more sources
`getOuraCompleteHealthData`	Yes	Full Oura health payload

Authenticated headers

HTTP

POST /api/v1/health HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
Content-Type: application/json
x-country-code: IN
x-tenant-id: rely-health-default

getConnectionStatus

Request

{ "routeName": "getConnectionStatus", "sourceType": ["strava","oura","fitbit"] }

Response

200 OK

{
  "success": true,
  "data": {
    "connections": [
      { "sourceType": "strava", "connected": true,  "lastSyncAt": "2026-05-21T18:45:00.000Z" },
      { "sourceType": "oura",   "connected": true,  "lastSyncAt": "2026-05-22T06:12:00.000Z" },
      { "sourceType": "fitbit", "connected": false, "lastSyncAt": null }
    ]
  }
}

getAllHealthData

Request

{
  "routeName": "getAllHealthData",
  "sourceType": ["oura", "strava"],
  "startDate": "2026-05-01",
  "endDate":   "2026-05-21",
  "categories": ["ALL"],
  "useCache": true
}

Field	Type	Description
`sourceType`	string \| string[]	Provider key(s) or `all`
`startDate`	string	`YYYY-MM-DD`
`endDate`	string	`YYYY-MM-DD`
`categories`	string[]	`ALL`, `Sleep`, `Activity`…
`useCache`	boolean	Use cached provider data
`isFhirConvert`	boolean	FHIR-shaped payloads when supported

Response

200 OK

{
  "success": true,
  "data": {
    "providers": {
      "oura":   { "Sleep": { "summary": [{ "day": "2026-05-20", "score": 82 }] } },
      "strava": { "dailyActivity": [{ "date": "2026-05-20", "distance": 5200.3 }] }
    }
  }
}

♥

Service Liveness

Simple process check — not the wearable gateway.

GET

/health

Auth

None

JSON

200 OK

{ "success": true, "message": "Service is running", "data": { "status": "healthy", "version": "1.0.0" } }

↻

Integration Flow

Authenticate with app credentials

POST /api/v1/ · routname: get-user-by-app-credentials

→ Receive accessToken, user, activeDevices

Check connections (optional)

POST /api/v1/health · routeName: getConnectionStatus

→ Authorization: Bearer <accessToken>

Fetch health data

routeName: getAllHealthData with date range and sourceType

→ providers { oura, strava, … }

…

Notes for Integrators

→

Case: routname is normalized; getuserbyappcredentials also works.

→

Tokens: accessToken and token in the response are identical.

→

Dates: Use YYYY-MM-DD for startDate / endDate.

→

Data residency: x-country-code selects the regional database — match user registration region.

Rely Matrix Health Connector · Dev documentation