Validic Connect Old

Validic Connect Partner API

Validic Connect allows developers of health apps and devices to push data seamlessly and safely through our platform API and eliminates the need to build and maintain a custom solution.

Tech Overview of Validic

  • REST API returning JSON
  • Standardized and normalized data
  • HIPAA/PHI compliant data storage and transfer (we only store de-identified data)
  • FDA-listed Class I MDDS
  • Extremely flexible deployment options
  • Hands-on developer support
  • Works with all platforms (currently deployed in systems built with .NET, Ruby, PHP, JBOSS, iOS, and more)
  • Physical servers hosted in carrier-grade data center with full backup and failover
  • SLA and Data Security Policy

Upon acceptance, your product will be featured in the Validic Marketplace and will be visible to millions of users actively looking for health applications to use. As a Validic Connect Partner we make it simple for users who engage with your app to share their data safely with outside health and wellness providers.

Most of the calls you make to the Validic REST API will use POST requests to push information created by your users. All information pushed from your app will be de-identified in accordance with HIPAA “safe harbor” standards, giving your app the benefit of HIPAA/PHI compliant data transfer. As such, certain identifiable user information cannot be pushed from your app into Validic.

Validic supports two types of partner health applications: Web-based (or web-integrated) health apps and Mobile-only health apps (with no cloud or browser-based interfacing component).

How it Works

An application integrated with Validic Connect must allow the end user to authorize the use of their data by a 3rd party as well as POST data to Validic once the user authorization has been made.

The user experience is similar to a typical OAuth implementation:

  1. A third-party application presents a user the Validic Marketplace of apps with the option to begin authorization
  2. Upon clicking “Connect”, the user is pointed to your application for Authentication
  3. After authenticating with your application, you redirect the user back to Validic for final authorization
  4. After authorization, the user is sent back to the App Marketplace

Once this authorization is complete, your application should begin sending that user’s data to Validic which in turn will be sent to the 3rd party application.

Key Terminology


  • Partner: A partner (you) in Validic refers to an organization building to our API and who wants to push their data to our customers.
  • Consumer: An “enterprise customer” in Validic refers to the organization integrating with our Core API and wants to pull data from our partners (you).
  • User: A user in Validic is sometimes referred to as the “third-party user”.  A user is shared by the “customer” and “partner”.  They will have their own marketplace in Validic where they can connect to a partner’s application.


  • Sync URL: This is where your application will send a POST request (see “creating your authentication page” below) to confirm successful authentication
  • Notification URL: This is the url that you will provide to us after being given Validic Connect Credentials.  We will send POSTs to this address to notify partners of a successful sync and disconnects
  • Signature:  url encoded signature from Validic to verify your POST request back to Validic
  • UID: unique identifier in your system which you will submit to Validic during authentication
  • Marketplace: The custom market for each user where they sync to a partners application
  • Partner Organization ID: Your Validic Connect Organization ID
  • Consumer Organization ID: Third Party Testing Organization ID


Overview Implementing Validic Connect with your Application At the end of the implementation process, your application will appear in our Validic App Marketplace and your users will be able to authorize their data to be shared with our growing list of health and wellness customers. Important Concepts Before you Begin your Integration Once you have your Organization Credentials, we recommend reviewing our Enterprise API Documentation to understand the basic concepts of Validic Organizations, User Provisioning and the Validic App Marketplace. You may also want to review the documentation in the Objects section for reference on how to send your users’ health data to Validic. Step 1: Apply for Validic Connect Credentials In order to get started with Validic Connect, you’ll need to Apply for API…

Read More »
Comments Off on Overview

Working with the Validic Connect API

Working with the Validic Connect API Receiving Sync Notifications Because the authorization is completed on a Validic hosted page, we will send a sync notification in the form of an HTTP POST to your designated Notification URL. This is a url that you will provide to us after being given Validic Connect Credentials and will be where Validic sends http POSTs to notify of successful syncs and disconnects. Example # Example Notification URL Below is the format for a sync notification.  { “data”: { “type”: “sync”, “message”: “Confirmed authorization”, “third_party”: “NAME_OF_THIRD_PARTY”, “connected_third_parties”: [“ARRAY_OF_CONNECTED_THIRD_PARTIES”], “user”: { “_id”: “VALIDIC_USER_ID”, “uid”: “YOUR_USER_ID” } } } NAME_OF_THIRD_PARTY is the name of the organization for which the user has just given access to his or her data….

Read More »
Comments Off on Working with the Validic Connect API

Best Practices

Best Practices Managing a User’s Connected Status It is important to mark users in your system as connected to Validic for as long as they have at least one authorized “consumer” through Validic. Because of this, your user table should include some kind of “connected_to_validic” flag that is set to true once you receive that user’s first sync notification and false once you receive that user’s last disconnect notification. This is evident in the connected_third_parties array present on both sync and disconnect notifications. For example, if you receive a sync notification and that array only contains one “consumer” name, then that represents a user’s first sync notification and their “connected_to_validic” flag should be set to true. Conversely, if you receive a disconnect…

Read More »
Comments Off on Best Practices

Validic Objects

  Using Validic Objects Each object being sent to Validic Connect has requirements. Below you can review the requirements and what fields we are expecting to receive from your application.  This will allow you to structure POST requests accordingly. If you need assistance with mapping your data attributes to Validic’s please email us at  We provide support to help make sure your data is mapped appropriately and we communicate the mapping structure to customers who will be consuming your data.  If you are having trouble finding a standard endpoint or attribute that makes sense to map to, you can always choose to add custom attributes as “extras” to any of our standard objects.  See our section below for additional information for “handling…

Read More »
Comments Off on Validic Objects

Testing Your Integration

Testing When integrating with Validic, we ask that you continually test your integration, including both the authentication process and the flow of new data. Below we walk through how to test the Authentication and Authorization process as well as the correct flow of data from your system to Validic. Testing Authentication and Authorization Before building your integration you should be able to manually test the authentication and authorization process. With the “consumer” testing organization_id and user access_token you should begin by navigating to a Validic Marketplace. These will be in the form of a link provided to you once registered with Validic Connect and are given so you can emulate the full end to end user experience from a “consumer” marketplace, to…

Read More »
Comments Off on Testing Your Integration

Mobile Apps

Mobile Apps Integrating with Validic Connect as a mobile app is the same as for a web app with the exception of authorization. Authorization for a mobile app is a Pincode based process rather than a signature based one. Authorization User Experience for Mobile Apps The user experience for authorization with a mobile app includes the following steps: A third-party application presents a user the Validic Marketplace of apps with the option to connect them to their application. Upon clicking “Connect”, the user is presented a PIN code and told to input that PIN within the mobile app. The user navigates to your app’s Input Pin Page and enters the PIN A correct submission will confirm the user’s connection between…

Read More »
Comments Off on Mobile Apps

View More >