Skip to main content
RapidDev - Software Development Agency
bubble-integrationsBubble API Connector

Withings

Withings Health API v2 uses OAuth 2.0 and a self-serve developer portal — but every API call, including data retrieval, uses POST (not GET) with an action parameter in the body. Bubble's API Connector handles this with a Private Bearer token header. OAuth token exchange and Withings push notification reception both require Backend Workflows (paid Bubble plan). When a user syncs their Withings device, Withings POSTs to your Backend Workflow URL — reducing the need for polling.

What you'll learn

  • Why every Withings API call uses POST (not GET) and how to configure this in the Bubble API Connector
  • How to register at developer.withings.com and set up an OAuth 2.0 application
  • How to implement the Withings OAuth authorization code flow using Bubble Backend Workflows (paid plan required)
  • How to configure the measurement data call (POST /measure action=getmeas) with a Private Bearer token header
  • How to subscribe to Withings push notifications and receive them via a Bubble Backend Workflow URL
  • How to build a biometric health dashboard displaying weight, blood pressure, and heart rate trends
Book a free consultation
4.9Clutch rating
600+Happy partners
17+Countries served
190+Team members
Intermediate21 min read3–5 hoursHealth & FitnessLast updated July 2026RapidDev Engineering Team
TL;DR

Withings Health API v2 uses OAuth 2.0 and a self-serve developer portal — but every API call, including data retrieval, uses POST (not GET) with an action parameter in the body. Bubble's API Connector handles this with a Private Bearer token header. OAuth token exchange and Withings push notification reception both require Backend Workflows (paid Bubble plan). When a user syncs their Withings device, Withings POSTs to your Backend Workflow URL — reducing the need for polling.

Quick facts about this guide
FactValue
ToolWithings
CategoryHealth & Fitness
MethodBubble API Connector
DifficultyIntermediate
Time required3–5 hours
Last updatedJuly 2026

How to Connect Bubble to Withings: The POST-Only Health API

Withings occupies a unique niche in the consumer health space: while Fitbit and Garmin focus on fitness activity (steps, workouts, GPS), Withings focuses on biometric monitoring — the numbers you track at home with clinical-grade devices. Weight trends from a smart scale. Blood pressure readings from a connected cuff. Sleep quality scored by a sensor under your mattress. SpO2 levels from a sleep-tracking device. For health tech founders building corporate wellness platforms, chronic disease management tools, or personal health dashboards, Withings is the data source that covers these medically relevant biometrics.

The Withings Health API v2 is accessible via a self-serve developer portal at developer.withings.com. No partner program approval, no lengthy application — register, create an application, and receive OAuth 2.0 credentials within minutes. This puts Withings ahead of Garmin (partner approval required) in ease of access.

The one thing that trips up nearly every developer integrating Withings for the first time: the API uses POST for everything. Fetching measurements? POST. Listing connected devices? POST. Subscribing to push notifications? POST. There are no GET endpoints. The operation is specified via an action parameter in the request body or query string. Anyone who configures a GET call in Bubble's API Connector will receive a 400 Bad Request response and incorrectly conclude the API is broken.

In Bubble, the integration has two paths: outbound polling (your app calls Withings on demand to fetch measurements) and inbound push (Withings calls your Backend Workflow URL when a user syncs their device). The push model is preferable — it eliminates polling, reduces WU consumption, and delivers data immediately when the device syncs rather than on the next app load. Both models require a paid Bubble plan for the Backend Workflows needed for OAuth token exchange. If you want the push notification model as well, you need the Backend Workflow that acts as the push receiver.

This guide covers both models so you can choose based on your use case.

Integration method

Bubble API Connector

Bubble calls https://wbsapi.withings.net via POST for all Withings API operations. The Bearer token (OAuth 2.0) lives in a Private Authorization header. OAuth token exchange and Withings push notification reception run in Backend Workflows (paid plan required).

Prerequisites

  • A paid Bubble plan (Starter at $32/month or higher) — Backend Workflows for OAuth token exchange and push notification reception are not available on the free plan
  • A Withings developer account registered at developer.withings.com — create an application to receive your client_id and client_secret
  • A Withings device (smart scale, blood pressure monitor, or sleep analyzer) or a Withings Healthmate account with some data for testing the API responses
  • The Bubble API Connector plugin installed in your app (Plugins tab → Add plugins → API Connector by Bubble)
  • Basic familiarity with OAuth 2.0 concepts (authorization code, access token, refresh token) — the Withings OAuth flow follows the standard pattern

Step-by-step guide

1

Step 1: Register at developer.withings.com and Get OAuth Credentials

Withings uses OAuth 2.0 with an authorization code flow. You need a client_id and client_secret before configuring anything in Bubble. Create a Withings developer account Go to developer.withings.com. Click Sign up (or use your existing Withings account credentials). Once logged in, navigate to Applications and click Create an application. Fill in: - Application name: a name describing your Bubble app - Application description: brief description of how you will use Withings data - Callback URL: the URL where Withings will redirect users after authorization. This will be your Bubble Backend Workflow URL — pattern: https://your-app.bubbleapps.io/api/1.1/wf/withings_oauth_callback. You will create this Backend Workflow in Step 2. For now, enter a placeholder or your expected URL. After creating the application, note your client_id and client_secret. Keep client_secret confidential — it will go in a Private header in the Bubble API Connector and never appear in client-side code. Understand the Withings API base pattern All Withings API calls go to https://wbsapi.withings.net. The service (category of endpoint) and action (specific operation) are specified as parameters. For example: - POST https://wbsapi.withings.net/measure with action=getmeas in the body fetches measurements - POST https://wbsapi.withings.net/notify with action=subscribe sets up push notifications - POST https://wbsapi.withings.net/v2/oauth2 with action=requesttoken exchanges an authorization code for tokens The base URL is always https://wbsapi.withings.net — what changes is the path segment and the action value. In Bubble's API Connector, you can either use a single base URL and add path segments per call, or configure each call's full URL separately. The latter is clearer for beginners.

withings-api-patterns.json
1{
2 "Withings API base patterns": {
3 "all_methods": "POST",
4 "base_url": "https://wbsapi.withings.net",
5 "examples": [
6 { "endpoint": "/measure", "action": "getmeas", "purpose": "Fetch measurements (weight, BP, etc.)" },
7 { "endpoint": "/notify", "action": "subscribe", "purpose": "Subscribe to push notifications" },
8 { "endpoint": "/v2/oauth2", "action": "requesttoken", "purpose": "Exchange auth code for tokens" },
9 { "endpoint": "/v2/oauth2", "action": "refreshtoken", "purpose": "Refresh access token" }
10 ]
11 }
12}

Pro tip: The most important thing to internalize before setting up the API Connector: every Withings call is POST, including data reads. Setting any call to GET will return a 400 Bad Request error regardless of other configuration details. This is the leading cause of failed Withings integrations.

Expected result: You have a Withings developer application with a client_id and client_secret. You understand that all Withings API calls use POST with an action parameter. You have a callback URL planned for the OAuth flow.

2

Step 2: Enable Backend Workflows and Set Up the OAuth Callback

The OAuth 2.0 token exchange must happen server-side — your client_secret cannot appear in client-side code. In Bubble, server-side processing that receives incoming HTTP requests requires Backend Workflows, which are only available on paid plans. Enable the Workflow API In Bubble's editor, go to Settings → API. Check the box labeled This app exposes a Workflow API. This makes your app's Backend Workflow URLs publicly accessible as HTTPS endpoints. This feature requires a paid Bubble plan (Starter $32/month or higher). Without enabling this, the OAuth callback URL cannot receive Withings' redirect. Add token fields to the User Data Type Go to Data → User → click Edit fields. Add: - withings_access_token (Text) - withings_refresh_token (Text) - withings_token_issued_at (Date) - withings_user_id (Text): the Withings user ID returned during token exchange Go to Data → Privacy → User. Add a rule: When Current User is This User — ensure the four fields above are checked as visible. Token data must not be readable by other users. Create the OAuth callback Backend Workflow Click Backend Workflows in the left panel. Click New API Workflow. Name it withings_oauth_callback. Add URL parameters: - code (Text): the authorization code Withings sends after user approval - state (Text): the Bubble user identifier passed through the OAuth flow to link the token to the right user (see tip below) Inside the workflow, add: Step 1: API Connector action → Exchange Withings Token (you will create this call in Step 3). Pass code from the URL parameter. Step 2: Make changes to a thing → find User where Unique ID = URL parameter state, set withings_access_token, withings_refresh_token, withings_token_issued_at, and withings_user_id from Step 1's response. This Backend Workflow URL is: https://your-app.bubbleapps.io/api/1.1/wf/withings_oauth_callback. Copy this URL and update your Withings developer application's Callback URL to match.

withings-oauth-callback-workflow.json
1{
2 "OAuth callback Backend Workflow": {
3 "name": "withings_oauth_callback",
4 "url_params": ["code", "state"],
5 "steps": [
6 "Call API Connector: Exchange Withings Token (POST /v2/oauth2 action=requesttoken)",
7 "Make changes to User where unique_id = state param: set tokens from Step 1 response"
8 ]
9 }
10}

Pro tip: The state parameter in the OAuth flow is how you link the returned token to the correct Bubble user. When building the Connect Withings button in Step 4, include state=Current User's unique ID in the authorization URL. Withings passes this state value unchanged to the callback URL, where the workflow uses it to identify the user record to update.

Expected result: The Workflow API is enabled. The User Data Type has withings_access_token, withings_refresh_token, withings_token_issued_at, and withings_user_id fields with Privacy rules. The withings_oauth_callback Backend Workflow is created and ready to receive the authorization code from Withings.

3

Step 3: Configure the Bubble API Connector for Withings

Now configure the API Connector with all the Withings calls your app needs. Create the Withings API group In the Plugins tab, click API Connector → Add another API. Set: - API Name: Withings - Authentication: None or self-handled - Shared headers: - Authorization: Bearer <access_token> — check the Private checkbox Do not put client_secret or client_id in the shared headers — those are only needed for token exchange and refresh calls and should be added as private fields on those specific calls. Add the Token Exchange call Click Add another call. Configure: - Call name: Exchange Token - Method: POST (required for all Withings calls — never GET) - URL: https://wbsapi.withings.net/v2/oauth2 - Body type: JSON or Form data - Body fields: - action: requesttoken (static) - client_id: your Withings client_id (can be non-private) - client_secret: your Withings client_secret — mark as a Private body parameter - code: the authorization code (dynamic — from the callback URL parameter) - grant_type: authorization_code (static) - redirect_uri: your callback URL (static) - Use as: Action Click Initialize call. The Initialize call will fail because authorization codes expire immediately — this is expected. After the failure, Bubble may not detect the response shape. Manually define the expected fields in the API Connector response section: access_token (text), refresh_token (text), userid (text). Add the Get Measurements call Click Add another call. Configure: - Call name: Get Measurements - Method: POST (all Withings calls are POST) - URL: https://wbsapi.withings.net/measure - Body type: JSON - Body: - action: getmeas (static) - meastype: 1 (for weight — see meastype reference below) - category: 1 (real measurements, not objectives) - Use as: Data Click Initialize call with a real access token for a test Withings account that has measurement data. Bubble detects the response structure: a measuregrps array where each item has a date field and a measures array with value, type, and unit sub-fields. Withings meastype reference: - 1 = weight (kg × 10^unit) - 4 = height - 6 = fat mass % - 9 = diastolic blood pressure (mmHg) - 10 = systolic blood pressure (mmHg) - 11 = heart pulse (BPM) - 54 = SpO2 (%) Add the Refresh Token call Click Add another call. Configure: - Call name: Refresh Token - Method: POST - URL: https://wbsapi.withings.net/v2/oauth2 - Body: - action: refreshtoken - client_id: your client_id - client_secret: your client_secret — Private - refresh_token: the user's stored refresh_token (dynamic) - Use as: Action

withings-api-calls.json
1{
2 "Get Measurements call": {
3 "method": "POST",
4 "url": "https://wbsapi.withings.net/measure",
5 "headers": {
6 "Authorization": "Bearer <access_token_PRIVATE>",
7 "Content-Type": "application/json"
8 },
9 "body": {
10 "action": "getmeas",
11 "meastype": "<meastype_number>",
12 "category": "1"
13 }
14 },
15 "Refresh Token call": {
16 "method": "POST",
17 "url": "https://wbsapi.withings.net/v2/oauth2",
18 "headers": {
19 "Content-Type": "application/json"
20 },
21 "body": {
22 "action": "refreshtoken",
23 "client_id": "<your_client_id>",
24 "client_secret": "<your_client_secret_PRIVATE>",
25 "refresh_token": "<user_refresh_token>"
26 }
27 }
28}

Pro tip: The meastype parameter in the getmeas call determines which measurement category you retrieve. Create separate API Connector calls for different measurement types (weight, blood pressure, heart pulse) rather than one call returning all types — this makes it easier to bind each call to the correct page element and display the right units.

Expected result: The Withings API group is configured in the API Connector with Private Bearer token shared header. Exchange Token, Get Measurements, and Refresh Token calls are added. Get Measurements is initialized with real measurement data.

4

Step 4: Add the Connect Withings Button and OAuth Flow

With the Backend Workflow and API Connector configured, build the user-facing authorization flow. Build the Connect Withings button On your app's settings or profile page, add a Button element labeled Connect Withings. In its workflow, add a Navigate to an external website action with this URL: https://account.withings.com/oauth2_user/authorize2?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=YOUR_CALLBACK_URL&scope=user.metrics,user.activity,user.sleepevents&state=CURRENT_USER_UNIQUE_ID Replace: - YOUR_CLIENT_ID with your actual Withings client_id - YOUR_CALLBACK_URL with your Backend Workflow URL (URL-encoded) - CURRENT_USER_UNIQUE_ID with a dynamic expression: Current User's Unique ID The scope parameter specifies which data types the user is authorizing. Common scopes: - user.metrics: weight, blood pressure, and other body measurements - user.activity: activity data (steps, calories) - user.sleepevents: sleep tracking data Verify current scope names at developer.withings.com as they may be updated. Store a Connected state on the User Add a boolean field withings_connected to the User Data Type. In the withings_oauth_callback Backend Workflow, after storing the tokens, add a step: Make changes to User → set withings_connected = yes. On the settings page, show a Connected badge if Current User's withings_connected is yes and a Connect Withings button if it is no. Handle the post-connection redirect After Withings redirects to your callback URL and the Backend Workflow fires, the user ends up on a blank URL. Add a redirect at the end of the withings_oauth_callback Backend Workflow: Navigate to the health dashboard page. This gives users a smooth experience after authorization.

withings-authorization-url.json
1{
2 "Authorization URL": "https://account.withings.com/oauth2_user/authorize2?response_type=code&client_id=<CLIENT_ID>&redirect_uri=<CALLBACK_URL_ENCODED>&scope=user.metrics,user.activity,user.sleepevents&state=<CURRENT_USER_UNIQUE_ID>"
3}

Pro tip: The state parameter (set to Current User's Unique ID) is critical for security — it prevents CSRF attacks on the OAuth callback and lets the callback workflow identify which Bubble user account to update with the Withings tokens. Never use a static or predictable state value.

Expected result: Clicking Connect Withings redirects users to Withings' authorization screen. After approval, Withings redirects to the Backend Workflow callback, tokens are stored on the User record, and the user is redirected to the health dashboard with withings_connected set to yes.

5

Step 5: Set Up Withings Push Notifications via Backend Workflow

Withings supports a push notification model: once subscribed, Withings POSTs a notification to your Backend Workflow URL whenever the user syncs a device measurement. This is more efficient than polling and delivers data to your app within seconds of a sync. Create the push notification receiver Backend Workflow In Backend Workflows, click New API Workflow. Name it withings_measurement_push. This workflow will receive POST requests from Withings whenever a user syncs a device. Withings push notifications do not send the full measurement — they send a notification containing the user's Withings user ID (userid) and a notification type (appli). You must make a separate API call to fetch the actual measurement after receiving the notification. Configure the workflow: Step 1: Add a URL parameter userid (Text) — Withings sends this in the push body. Step 2: Find the Bubble User where withings_user_id = URL parameter userid. Step 3: Call API Connector → Get Measurements using that User's withings_access_token as the Bearer token. Fetch the latest measurement (meastype 1 for weight, or whichever types you are tracking). Step 4: Create a HealthMeasurement record in Bubble with the measurement values and link it to the User found in Step 2. Create the HealthMeasurement Data Type In Data → New type → HealthMeasurement. Add fields: - measurement_date (Date) - type (Text): weight, systolic_bp, diastolic_bp, heart_pulse, spo2 - value (Number): the numeric measurement value - unit (Text): kg, mmHg, BPM, % - user (User) Add a Privacy rule: HealthMeasurement visible only when Current User is HealthMeasurement's user. Subscribe to push notifications After the user's OAuth token is stored, call the Withings notification subscribe endpoint to register your Backend Workflow URL. Add this to the withings_oauth_callback Backend Workflow as an additional step after storing tokens: Call API Connector → Subscribe Notifications (POST /notify action=subscribe): - callbackurl: your withings_measurement_push Backend Workflow URL - appli: 1 (for body measurements — verify current appli codes at developer.withings.com) - Bearer header: the new access_token just stored Withings will then POST measurement notifications to that URL every time the user syncs their device. RapidDev's team has implemented complete Withings push notification pipelines for health monitoring Bubble apps — if you need help with the full notification → fetch → store chain, book a free scoping call at rapidevelopers.com/contact.

withings-subscribe-notifications.json
1{
2 "Subscribe Notifications call": {
3 "method": "POST",
4 "url": "https://wbsapi.withings.net/notify",
5 "headers": {
6 "Authorization": "Bearer <access_token_PRIVATE>",
7 "Content-Type": "application/json"
8 },
9 "body": {
10 "action": "subscribe",
11 "callbackurl": "https://<your-app>.bubbleapps.io/api/1.1/wf/withings_measurement_push",
12 "appli": "1"
13 }
14 }
15}

Pro tip: The Withings notification push delivers a notification ID and user hash, not the full measurement values. Your Backend Workflow must always make a follow-up API call (GET Measurements or the equivalent POST) to fetch the actual measurement data after receiving a push. Design the two-step flow: receive push → identify user → fetch measurement → store in Bubble.

Expected result: The withings_measurement_push Backend Workflow is created and receives Withings push notifications. Each notification triggers a measurement fetch via the API Connector and stores a HealthMeasurement record linked to the correct Bubble user. Push notification subscription is called during the OAuth completion flow.

6

Step 6: Build the Health Dashboard and Handle Token Refresh

With data flowing into Bubble via push notifications, build the health dashboard and implement token refresh. Build the dashboard page Create a page called health-dashboard. Add: - A section for the latest weight reading: Do a search for HealthMeasurements where user = Current User and type = weight, sorted by measurement_date descending, limit 1. Display the value and date. - A Repeating Group for weight trend (last 30 readings, one row per reading, sorted by date): bind to HealthMeasurement search filtered to type = weight. - A blood pressure section: two separate searches for systolic_bp and diastolic_bp, each displaying the most recent reading with a visual indicator for healthy vs. elevated ranges. - A chart plugin (ApexCharts by Zeroqode or similar) for the weight trend line. Handle token refresh Create a Backend Workflow called refresh_withings_token. Inside: - Call API Connector → Refresh Token (POST /v2/oauth2 action=refreshtoken) with the User's stored refresh_token as a dynamic value - Update User's withings_access_token with the response access_token - Update withings_token_issued_at to Current date/time On the health-dashboard page load workflow, add a conditional: If Current User's withings_token_issued_at is more than X hours ago (verify Withings access token TTL at developer.withings.com) — Schedule API Workflow: refresh_withings_token. This keeps the access token fresh for API calls made from the dashboard. Verify Privacy rules for HealthMeasurement Go to Data → Privacy → HealthMeasurement. Confirm the rule: When Current User is HealthMeasurement's user — all fields visible. Without this rule, any authenticated Bubble user can query another user's biometric data through Bubble's data API. Health measurement data is sensitive personal information and must be protected.

Pro tip: Display a Last synced badge on the dashboard showing the most recent HealthMeasurement's measurement_date formatted as a time-ago string (e.g., Last synced 2 hours ago). This helps users understand whether their Withings device is syncing correctly and whether the dashboard data is current.

Expected result: The health dashboard displays the user's latest weight, blood pressure readings, and trend chart from stored HealthMeasurement records. Token refresh runs automatically based on token age. Privacy rules prevent cross-user data access. The dashboard populates automatically when the user syncs their Withings device.

Common use cases

Weight and Body Composition Tracker

Build a Bubble health dashboard that shows a user's weight trend, fat mass percentage, and muscle mass over time — all synced from their Withings smart scale. Subscribe to Withings measurement push notifications so new weigh-in data appears in the app within seconds of the user stepping off the scale, without any manual refresh or polling.

Bubble Prompt

Build a Bubble weight tracking page: after the user connects their Withings account via OAuth, display a line chart of their weight over the past 90 days (using a chart plugin), their current body fat percentage, and a weekly average weight trend. Use Withings push notifications to automatically add new weight readings to a HealthMeasurement Data Type without polling.

Copy this prompt to try it in Bubble

Blood Pressure Monitoring Dashboard

Display a user's systolic blood pressure, diastolic blood pressure, and heart pulse from Withings blood pressure monitor readings. Flag readings that fall outside healthy ranges (above 130/80 mmHg) with a visual indicator. Suitable for corporate wellness programs tracking cardiovascular health or personal health monitoring apps.

Bubble Prompt

Build a Bubble blood pressure tracking page: show the user's last 30 blood pressure readings (systolic, diastolic, heart pulse) in a table sorted by date, with color coding (green for normal, yellow for elevated, red for high). Pull data from Withings meastype 9 (diastolic), 10 (systolic), and 11 (heart pulse) via the POST /measure endpoint.

Copy this prompt to try it in Bubble

Corporate Wellness Biometrics Dashboard

Aggregate health metrics across a team for a corporate wellness program. Each employee connects their own Withings account, and their anonymized biometric trends (weight, sleep quality, blood pressure averages) roll up into a team dashboard visible to HR. Each employee's raw data is protected by Bubble Privacy rules and only visible to themselves and authorized HR staff.

Bubble Prompt

Build a Bubble corporate wellness portal: an employee-facing page where each user connects their Withings account and sees their own biometric trend charts, and an HR admin dashboard showing anonymized team averages for weight trend, average sleep hours, and blood pressure category distribution.

Copy this prompt to try it in Bubble

Troubleshooting

All Withings API calls return 400 Bad Request

Cause: The most common cause is configuring the API call as GET instead of POST. Every Withings API call uses POST, including data retrieval. A secondary cause is a malformed JSON body or missing action parameter.

Solution: In the API Connector, open the problematic call and confirm the Method is POST. Verify the request body contains the action parameter (e.g., action: getmeas for measurement fetches). Check the Logs tab in Bubble for the full request details to confirm the body is being sent correctly.

OAuth callback Backend Workflow fires but tokens are not stored on the User record

Cause: The state parameter containing the Bubble user ID is not being passed through the OAuth flow correctly, or the workflow is matching the wrong User record.

Solution: Verify that the Connect Withings authorization URL includes state=Current User's Unique ID as a dynamic expression. In the callback Backend Workflow, log the state parameter value (use a temporary display on a test page) to confirm it is arriving correctly. Verify the Make changes to User workflow step is filtering by the correct condition (Unique ID = URL parameter state).

The API Connector Initialize call for Get Measurements returns 'There was an issue setting up your call'

Cause: The Initialize call requires a real successful response with measurement data. If the test user account has no Withings measurements, the response body is empty and Bubble cannot detect the field structure. A secondary cause is using a GET method instead of POST.

Solution: Use a Withings test account that has actual measurement data synced from a real device or the Withings Healthmate app. Confirm the call method is POST. Verify the Bearer token in the Authorization header is valid and not expired. Check the Logs tab for the HTTP status code returned during initialization.

Withings push notifications arrive at the Backend Workflow but measurement values are missing or zero

Cause: The Withings notification push does not include measurement values directly — it only notifies your endpoint that new data is available. The measurement fetch step (calling POST /measure action=getmeas) after the push notification is either missing or failing.

Solution: Confirm that the withings_measurement_push Backend Workflow includes a follow-up API Connector call to fetch the measurement after receiving the notification. Check the Logs tab to verify the measurement fetch call is executing and returning data. The two-step flow (receive notification → fetch measurement) is required for the Withings push model.

Workflow API is not enabled error when setting up the Backend Workflow

Cause: The Workflow API is only available on paid Bubble plans. The free plan does not support Backend Workflows, making the OAuth callback and push notification receiver unavailable.

Solution: Upgrade to the Bubble Starter plan ($32/month or higher) to enable the Workflow API. Go to Settings → API and check the box labeled This app exposes a Workflow API after upgrading.

Best practices

  • Remember and internalize: every Withings API call uses POST, including data retrieval. Write this on a sticky note during setup. The single most common Withings integration error is configuring a GET call. Always verify the method is POST before debugging anything else.
  • Store the Withings client_secret only in the API Connector as a Private body parameter, never in visible page elements, database fields, or URL parameters. Exposure of client_secret allows someone to impersonate your app in the Withings OAuth flow.
  • Protect all HealthMeasurement records with a Bubble Privacy rule: When Current User is HealthMeasurement's user — all fields visible. Biometric data (weight, blood pressure, SpO2) is sensitive personal health information and must be inaccessible to other users.
  • Use Withings push notifications rather than polling wherever possible. Push notifications deliver data immediately after a device sync, consume less WU than regular polling, and require no scheduling overhead. Subscribe during the OAuth completion flow.
  • Implement proactive token refresh on page load rather than reactive refresh after a 401 error. Check withings_token_issued_at on the dashboard page load and trigger the refresh_withings_token Backend Workflow before the token expires, not after a failed API call.
  • Configure separate Get Measurements API Connector calls for each measurement type you need (weight, blood pressure, heart pulse) rather than one call returning all types. This makes it easier to bind each data type to the correct page element and handle different unit conversions.
  • Display the last sync time prominently on the health dashboard. Users with Withings devices need to know whether their latest reading is reflected in the app. A Last synced timestamp from the most recent HealthMeasurement record provides this context at a glance.
  • Monitor WU consumption in the Bubble Logs tab for the two-step push notification flow: push received + measurement fetch. Each user device sync consumes two API call WU events. Project monthly WU usage based on expected user count and device sync frequency before launch.

Alternatives

Frequently asked questions

Why do all Withings API calls use POST instead of GET?

Withings designed their API with POST for all operations, using an action parameter in the request body to specify the operation type. This is an unconventional choice compared to standard REST API design, but it is intentional — it allows complex query parameters to be passed in structured JSON bodies rather than URL query strings. There is no technical workaround: you must configure every API Connector call to Withings as POST.

Do I need a paid Bubble plan to use the Withings API?

Yes. OAuth 2.0 token exchange requires a Backend Workflow to receive the authorization code server-side and keep the client_secret private. Backend Workflows are only available on paid Bubble plans (Starter at $32/month or higher). The free plan cannot complete the Withings OAuth flow. If you also want push notifications (Withings notifying your app when a device syncs), that also requires a Backend Workflow.

Does a Withings push notification include the actual measurement value?

No. A Withings push notification only includes a notification identifier, the Withings user ID, and the notification type (which category of measurement was updated). It does not include the measurement value itself. After receiving a push notification, your Backend Workflow must make a separate API call (POST /measure action=getmeas) to fetch the actual measurement value. Design your Backend Workflow to handle this two-step process.

How do I know which meastype number to use for each measurement?

Withings uses numeric meastype codes to identify measurement categories. The most common ones: 1 = weight (kg), 4 = height, 6 = fat mass percentage, 9 = diastolic blood pressure (mmHg), 10 = systolic blood pressure (mmHg), 11 = heart pulse (BPM), 54 = SpO2 percentage. A complete list is available at developer.withings.com — verify current codes there as Withings may add new measurement types with new devices.

What Withings devices are supported by the Health API?

The Withings Health API supports all current Withings connected hardware: Body+ and Body Scan smart scales (weight, fat mass, muscle mass), BPM Connect and BPM Core blood pressure monitors, ScanWatch and ScanWatch Light (sleep, SpO2, heart rate), Thermo thermometer, and Sleep sleep analyzer. All data synced from these devices to the Withings Healthmate app is accessible via the API after the user authorizes your application.

Can I build a Withings integration without Backend Workflows (on the free Bubble plan)?

Not for a complete integration. The OAuth 2.0 token exchange requires a Backend Workflow to receive the callback and keep client_secret private — this cannot be done client-side without exposing your secret. However, if you have a way to obtain Withings access tokens through another means (not possible without the callback flow), you could theoretically make outbound API calls from the API Connector without Backend Workflows. In practice, a paid plan is required. The push notification model also requires a Backend Workflow endpoint.

RapidDev

Talk to an Expert

Our team has built 600+ apps. Get personalized help with your project.

Book a free consultation

Integrations are where projects stall

We wire Bubble integrations like this one every week — auth, webhooks, edge cases included. Fixed-price builds from $13K, delivered in 6–10 weeks.

Talk to an integration engineer

We put the rapid in RapidDev

Need a dedicated strategic tech and growth partner? Discover what RapidDev can do for your business! Book a call with our team to schedule a free, no-obligation consultation. We'll discuss your project and provide a custom quote at no cost.