Device Setup WebView
The Device Setup WebView allows the end-users to setup his device.
To ensure that your mobile application is authorized to display this WebView, the access_token and csrf_token provided during the User Creation process must be used.
When redirecting to the Device Setup WebView the access_token needs to be added as a secure cookie and the csrf_token set as the URL parameter.
As the access_token is valid for three hours, you must ensure to refresh it using the refresh_token provided during the User Creation process. You need to manage the API tokens and refresh them when required or when your mobile app is requesting fresh tokens using the web service OAuth 2.0 - Refresh your access token.
Base URL
The base URL for the Withings Device Setup WebView is:
https://inappviews.withings.com/sdk/setup
The base URL for the Withings Device Setup WebView on the HIPAA Cloud is:
https://inappviews.us.withingsmed.com/sdk/setup
Available parameters
| Name | Type | Required | Comments |
|---|---|---|---|
csrf_token | string | yes | The CSRF token is provided when retrieving a new access_token using the refresh service. |
device_model | integer | no | Withings device model to be installed. If not provided, the end user will be prompted to choose the model manually from the available models. Possible values are listed below. |
List of available device models
When opening the Device Setup WebView, you can select a model to open the specific flow directly. Please use the device_model id listed below to do so:
| Device model | device_model |
|---|---|
| Body+ | 6 |
| Body | 7 |
| Body Pro | 9 |
| BPM Connect | 45 |
| BPM Connect Pro | 46 |
| Pulse HR | 58 |
| Sleep | 63 |
| Thermo | 70 |
| Move | 90 |
Example of a URL:
https://inappviews.withings.com/sdk/setup?csrf_token=j34de463gecje...689jhg6&device_model=6
Example of a URL for the HIPAA Cloud:
https://inappviews.us.withingsmed.com/sdk/setup?csrf_token=j34de463gecje...689jhg6&device_model=6
Cookie
Cookie details:
domain: ".withings.com"securemax-age: 10,800 (seconds)key: "access_token"value:access_token
Cookie details for the HIPAA Cloud:
domain: ".us.withingsmed.com"securemax-age: 10,800 (seconds)key: "access_token"value:access_token
We strongly recommend that you remove all cookies prior to setting new ones in order to avoid any cookie conflicts.