Google Health (Fitbit) Integration

Fitbit Web API deprecation — action required

The legacy Fitbit Web API is deprecated and will stop serving traffic on 2026-05-31. Every Fitbit user must be re-linked through the Google Health API before that date or their data will stop flowing. vitalera runs both integrations in parallel during the migration window so you can migrate users on your own schedule.

Google acquired Fitbit in 2021 and is consolidating the old Fitbit Web API under Google's platform APIs. The new Google Health API authenticates via Google OAuth 2.0 (not Fitbit OAuth) and delivers push notifications through Google Cloud Pub/Sub.

What changes for you

Concern	Legacy Fitbit Web API	Google Health API (`google_health`)
OAuth provider	`fitbit.com`	`accounts.google.com`
Scopes	Fitbit-specific (`activity`, ...)	Google Health-specific
Push transport	Fitbit subscriptions	Pub/Sub push with verification token
Identifier	Fitbit `user_id`	Google `sub` + linked Fitbit account
Data model	Same (activity, HR, sleep, SpO2)	Superset — adds weight, height, exercise log
Deprecation deadline	2026-05-31	—

Coexistence strategy

During the migration window, both services (fitbit and google_health) are available simultaneously. vitalera deduplicates observations by time + measurement type so a user can be linked via either path without double-counting.

Connection

curl -X POST https://api.vitalera.io/api/connected-accounts/google_health/oauth/initiate/ \
  -H "Authorization: Bearer <user_token>"

The OAuth redirect goes to accounts.google.com — users authenticate with Google, then consent to Health API access.

Pub/Sub push

Google Health notifications arrive via Google Cloud Pub/Sub push subscriptions. vitalera verifies each push using the Bearer token Pub/Sub signs the request with (JWT audience = vitalera's verification endpoint) before fetching deltas.

Authorization: Bearer eyJhbGciOi... (JWT, iss=accounts.google.com, aud=<verification url>)

Migrating existing Fitbit users

Prompt affected users with an in-app "Upgrade your Fitbit connection" banner.
Call POST /api/connected-accounts/google_health/oauth/initiate/ — keep the old fitbit connection alive until the callback succeeds.
On successful google_health link, vitalera automatically disables the legacy fitbit connection and merges history.
Monitor completion via GET /api/connected-accounts/status/ and the connected_accounts:fitbit → connected_accounts:google_health transition metric.

Next steps

Fitbit legacy notes (marked deprecated)
Connected Accounts Overview

What changes for you​

Coexistence strategy​

Connection​

Pub/Sub push​

Migrating existing Fitbit users​

Next steps​