Vital Sign-In Token is a new authentication scheme for Vital Mobile SDKs.
Documentation and migration guide for Vital Sign-In Token is available at https://docs.tryvital.io/wearables/sdks/authentication
With Vital Sign-In Tokens:
This means you can now keep your API Keys strictly a server-side secret, and therefore restrict full data access only to your internal systems.
Vital is planning to roll out stricter API rate limiting in early 2024.
If you use Vital API exclusively with server-to-server traffic or the Vital Connect apps, you should prepare for 429
(Too Many Requests) responses from the Vital API as a result of rate limiting. IETF Draft compliant rate limit headers would be included in 429
(Too Many Requests) responses. Though in absence of the headers, you can fallback to the assumption that the Vital API rate limit are minute-based.
If you use Vital Mobile SDKs with API Key authentication, any Mobile SDK data push traffic competes for rate limit quota against your server-to-server traffic. Vital Sign-In Token avoids this caveat, since SDK installations would be authenticated to the Vital API as individual Vital users rather than a Vital team (API Key) and thereby enjoying a per-user rate limit.