Thrive AI Health
Api reference

OAuth provider callback (path-suffixed) — proxy to Junction

Junction's documented BYOA `redirect_url_override` convention is `https://yourdomain.com/oauth_callback/{provider}` — provider as a path segment. This route matches that convention, which works with providers that strict-match redirect URIs without query params (WHOOP, Fitbit, etc.). The slug is injected into request.query_params before the shared proxy logic runs.

GET
/v1/devices/auth/callback/{provider_slug}

Path Parameters

provider_slug*Provider Slug

Header Parameters

org-id?string|null
x-user-id?string|null
x-request-id?string|null
traceparent?string|null
Idempotency-Key?|null

Response Body

application/json

application/json

curl -X GET "https://loading/v1/devices/auth/callback/string"
null
{
  "detail": [
    {
      "loc": [
        "string"
      ],
      "msg": "string",
      "type": "string"
    }
  ]
}

OAuth provider callback (tenant-agnostic, query-slug) — proxy to Junction

Same as the per-user callback, but without `{user_id}` in the path. `provider_slug` is read from the query string, which OAuth providers preserve when redirecting if the override URL declared it. Most providers (WHOOP, Fitbit, Oura, ...) only allow exact-match redirect URIs without query params, in which case use the path-suffixed variant `/v1/devices/auth/callback/{provider_slug}` below.

Connect a credential-based provider

Username/password flow for non-OAuth providers (Dexcom G6, 8Sleep, Peloton, Zwift). On success, the connection is established and historical backfill begins. If the provider requires MFA, `connection_state=pending_provider_mfa` and the partner must collect a code and call `POST /v1/users/{user_id}/devices/auth/connect/mfa` to complete.