My favorites | English | Sign in

Google Health Data API

Getting Started Guide

The Google Health Data API allows client applications to view and update Health content in the form of a Google Data API feed. Depending on the type of application you are developing (web or an installed application), your client can post new health data to a user's profile, edit or delete entries, request a list of existing entries, and query for specific health data that match a certain criteria.

Contents

  1. Audience
  2. Integrating your application with Google Health
    1. Information for all Developers
    2. Information for Third-party Health Applications/Services)
    3. Information for Data Providers
  3. The H9 Developer's Sandbox
    1. Creating an account
    2. Accessing a profile
    3. Differences between Google Health and H9
  4. Authentication with the Google Health API
  5. Domain Registration & Signing Requests
    1. Registering your domain with Google
    2. Registering your domain with Google Health
    3. Creating a self-signing X.509 certificate
    4. Signing Requests
  6. Development Tools
    1. Sample Applications
    2. Mt Tabor Data Exchange
  7. Troubleshooting Errors

Audience

This document is intended for developers looking to get started using the Google Health API. This document outlines the necessary steps to begin integration with Google Health.

To aid in development, Google Health offers a developer's sandbox called H9 (https://www.google.com/h9). We recommend first developing your application against H9 because it has fewer restrictions than the production version, Google Health (https://www.google.com/health). The differences between the two platforms are noted later on in this document.

Important: Your application can not interact with the production version of Google Health until you have first tested and integrated with the H9 developer's sandbox. To integrate with Google Health and become listed in the directory of available services to users, you must follow a set of guidelines for developing and deploying your application.

Integrating your application with Google Health

You must agree to and fill out API Terms of Service. In addition, please follow these guidelines for a successful integration:

The H9 Developer's Sandbox

Creating an account

The developer's sandbox (H9) uses normal Google Accounts, so if you already have a Google account, you're all set.

Accessing a profile

The H9 sandbox is located at https://www.google.com/h9.

Differences between Google Health and H9

Important: Throughout the Google Health Data API documentation, feed URIs, AuthSub parameters, and inline code snippets reference /health. As a general rule of thumb, you should replace all instances of /health with /h9 in order to develop against the sandbox. To help you get started, the sample applications found in the developer guides are set to work with H9.

There are a few important differences between Google Health and the H9 development sandbox. The table below should help to clarify the requirements for each platform.

H9 Sandbox
https://www.google.com/h9		Google Health
https://www.google.com/health		Comments
Do API requests need to be digitally signed? NO YES Also for testing purposes, the sandbox does not require the use of secure=1 AuthSub tokens. You must register your domain with both Google and Google Health.
Where should I request an AuthSub token from? https://www.google.com/h9/authsub https://www.google.com/health/authsub Both Google Health and H9 use their own AuthSub handler to issue tokens.
Note: The other Google Data APIs use /accounts/AuthSubRequest.
Can I use http://localhost as AuthSub's next parameter? YES NO http://localhost has already been registered as a domain on /h9. On /health, you must register your domain with both Google and Google Health and upload an X.509 certificate to sign requests.
What is the value for AuthSub's scope parameter? https://www.google.com/h9/feeds/ https://www.google.com/health/feeds/ Both platforms require the scope parameter be for HTTPS (SSL).
What is the service name for ClientLogin? weaver health

Back to top

Authentication with the Google Health API

Whether you're developing on H9 or integrating with Google Health, accessing a data feed requires authentication. For detailed information on the different authentication methods see Authenticating to the Health service in the API's Protocol Guide.

Domain Registration & Signing Requests

Google Health requires using AuthSub in "Registered with enhanced security" mode. To obtain secure tokens and sign requests to Google Health, you must register your domain(s) and upload a public certificate.

1. Register your domain with Google
The H9 developer's sandbox does not require signed requests; meaning you may use http://localhost and secure=0 AuthSub tokens to speed initial development. To migrate your app to Google Health, you must register the domain(s) with Google and Google Health. These steps are also necessary if you want to test your H9 implementation with signed requests and/or use a domain other than http://localhost as an AuthSub next URL.
2. Register your domain(s) with Google Health
You must read agree to the API Terms of Service. That form includes an area for listing each domain your system will use as the value of AuthSub's next parameter. Each subdomain must be registered separately (e.g. if you plan to use both http://www.example.com and http://dev.example.com for testing, these need to be enumerated).
3. Creating a self-signing X.509 public certificate
Once you have a certificate, use the same Manage Domains Tool to upload the cerficate to Google. For the most versatility, set the 'Target URL path prefix' to the domain that you registered. For example, if you registered dev.example.com, the 'Target URL path prefix' should be set to http://dev.example.com/.
4. Signing AuthSub requests (AuthSub)
    Signing OAuth requests (OAuth)
Constructing a digital signature differs between AuthSub and OAuth. Depending on which authentication method you use, please refer to the correct documentation.

Back to top

Development Tools

Sample Applications

Sample code can be found in the developer's guides for each language or by visiting the Libraries & Code page.

Mt Tabor Data Exchange

Google Health has partnered with Mt Tabor Online Services to create two applications to assist developers with Google Health integration:

H9 Data Exchange:https://h9demo.mttaboronline.com/ca
Google Health Data Exchange:https://h9demo.mttaboronline.com/health/

Each tool requires you to create a separate account. Note, these accounts are separate from your Google Health account.

These applications demonstrate successful Google Health integration and permits developers to interact with Google Health services in a number of ways:

  • You may manage (create/revoke) a list of AuthSub tokens.
  • You may paste and post a CCR (and Google Health's subset of CCR) document to Google Health notices.
  • You may validate a CCR document.
  • You may view HTTP request and response values and header data when posting notices to Google Health.
  • You may view request/response values, raw feed data, and CCR documents when reading from a Google Health profile.

Using the tools

As an example of how to use this site with the Google Health platform, do the following:

  1. Create a H9 Data Exchange account by filling out the enrollment form (the email account used to bind to Google Health will be the one you are signed into your browser, not the one you enter into the account information).
  2. Attempt to post a notice to Health or read from a Health profile.
  3. When prompted, generate an AuthSub token (this works best when you are already logged into your Google Health-enabled account).
  4. To post a notice to the H9 development sandbox, paste in CCR XML or select a CCR text file, and optionally include non-CCR text. Click "Post to H9 Notices" (you may choose to validate the CCR before sending should you choose).
  5. To read from an H9 profile, choose which AuthSub token you would like to use and click "Read from H9 Profile".

Caution: Although these tools are hosted over SSL, you should only use test/development data.

Back to top

Troubleshooting Errors

403 Error (unauthorized)
- Make sure your AuthSub token was requested with the correct scope (https://www.google.com/health/feeds/ to interact with Google Health, https://www.google.com/h9/feeds/ to interact with H9). The protocol is https.
- Also make sure the token has the right access privileges by setting the permission parameter on the Link Accounts page. For example, permission=1 should be set if your application is reading a user's profile data.
"Invalid Usage, Sharing denied: unregistered provider" Error
Your domain has not been registered. Please refer to the domain registration section of this document.
My feeds are empty
A user can have multiple profiles. Is your token linked with the correct profile?

For more troubleshooting tips, see the Google Health API FAQ.

Back to top