ROOK now offers seamless integration with Strava, one of the world’s leading platforms for fitness tracking and activity data. This integration allows users to securely connect their Strava accounts directly within the ROOK health platform using your own credentials (Bring Your Own – BYO), ensuring direct and reliable access to their activity data.
To enable this integration, you must create and manage your own Strava developer credentials. This includes registering a Strava application, configuring the appropriate permissions (scopes), and securely sharing the required credentials with ROOK for setup.
This guide provides a step-by-step walkthrough on how to create a Strava developer account, register an application, and connect it to the ROOK platform.
Important: This process can take several weeks and partly depends on the timelines of Strava’s review and approval process. We strongly recommend starting early to avoid any delays to your launch. Please note that approval is determined solely by Strava and does not depend on ROOK.
Prerequisites
Before integrating with the Strava API, you must register your application on the Strava developer portal.
To follow the step-by-step process on how to create your app, click here.
Authentication Flow
1. Registering the Application
To begin the authentication process, you first need to register your application on the Strava developer portal. This will provide you with the Client ID and Client Secret required for authentication.
2. Authorization Redirect
When the user interacts with your application, it should redirect them to Strava's authorization page. The user must log in to Strava and grant permission for your application to access their information.
Authorization URL for web applications:
GET https://www.strava.com/oauth/authorize
3. Granting Permissions and Redirection
After the user logs in and grants access, Strava will redirect the user to a URL specified by your application. If the user authorizes the request, this URL will include an authorization code, which will be used to obtain tokens.
4. Exchanging the Authorization Code for Tokens
Once your application receives the authorization code, it must exchange it for two tokens:
Access Token: Allows the application to access and modify Strava data on behalf of the authenticated user. This token has a limited lifespan.
Refresh Token: Allows the application to obtain a new access token when the current one expires.
5. Using the Tokens
Access Token: Used to make requests to the Strava API, allowing access to and modification of the authenticated user's resources.
Refresh Token: Used to generate new access tokens when the existing ones expire.
Important Considerations
Google Sign-in: Please note that Google Sign-in does not work for applications that use a mobile webview. You can consult Google's blog for more information on how to handle this limitation.
Token Generation and Refresh: Be sure to follow Strava’s recommendations for generating and refreshing tokens. Refer to the official documentation for more details.
Useful Links
For a detailed overview of the mobile authentication process, including best practices and implementation guidance, please click on the following article: What is the mobile authentication flow for integrating Strava with ROOK on Android and iOS
If you have any questions about the integration or need assistance at any stage, please don’t hesitate to contact our Customer Success (CS) support team, we’re here to help.