# ROOK — Full Documentation
> ROOK is a B2B platform that connects applications to wearable and health data through a single unified API and SDK. It ingests data from 400+ wearables and health data sources (Garmin, Whoop, Oura, Fitbit, Polar, Withings, Apple Health, Health Connect, Samsung Health, and more), then validates, normalizes, and standardizes it into one consistent, ready-to-use data model delivered via webhooks or queries. ROOK abstracts away fragmented formats, multiple auth methods, and consent management so teams can integrate health data in days instead of months. It is HIPAA, GDPR, and FHIR compliant, signs BAAs, and is trusted by Fortune 50 companies, government entities, and research institutions across digital health, fitness, insurance, corporate wellness, pharma, and clinical research.
This file contains the full content of ROOK's core product pages and technical documentation. For the complete REST API reference and OpenAPI specification, see https://docs.tryrook.io/api/. For the live catalog of all data sources, see https://docs.tryrook.io/data-sources/.
---
# OVERVIEW
## What ROOK is
ROOK is a health data integration platform designed to simplify the connection between applications and external sources such as wearable devices and third-party apps. Instead of integrating multiple APIs independently (which entails high maintenance costs), ROOK acts as a unified API that connects with multiple data providers simultaneously, standardizes and normalizes the received information, and exposes the data through a consistent API.
The problem it solves. Integrating health data — whether from a single source or many — involves complex technical challenges: different data formats, multiple authentication methods, webhooks and asynchronous synchronization, and user permission/consent management. ROOK abstracts this complexity through a structured data model and an architecture designed for scalability.
How it works (simplified flow):
1. The application integrates the ROOK API and SDKs.
2. The end user connects their data provider (e.g., Fitbit).
3. ROOK manages authentication and authorization for application users.
4. ROOK receives and normalizes user data.
5. The application consumes data via the ROOK webhook.
Two integration paths, one solution:
- API — Perfect for backends and servers. Delivers processed, standardized health data directly into your systems via webhooks or queries. Integrates with API-based sources like Garmin, Whoop, Oura, and Fitbit.
- SDK — Built for mobile applications. Enables a direct connection from the user's device to health data sources, handling permissions and synchronization. Connects SDK-based sources like Apple Health, Health Connect, and Samsung Health.
Combining both unlocks the widest possible data coverage; they are complementary, not mutually exclusive.
Common use cases: Digital Health (remote monitoring, telemedicine), Fitness & Sports (training and performance apps), Corporate Wellness (employee wellness platforms), Insurtech (behavior-based variable premium programs), and Clinical Research (decentralized digital data collection).
Security & compliance. ROOK adheres to top industry standards (GDPR, FHIR, HIPAA) and is happy to sign a BAA. Robust safeguards enable trusted partnerships with Fortune 50 companies, government entities, and top research institutions. ROOK is categorized as "Medical testing services, namely, fitness evaluation."
Company. ROOK's mission is to enable everyone with the data they need to unlock a healthier world. It started as a heart-rate monitoring platform connecting coaches and gyms with their users, then evolved into a unified way to connect apps and health data. What began in fitness now empowers healthcare, insurance, wellness, gaming, and more. ROOK is operated by Rookeries Development Corp (RookDev).
---
# PRODUCTS
## ROOK Connect — Wearable Health Data API & SDK
With ROOK's API and SDK you access multiple wearables and health data sources in one place. The platform centralizes the connection to wearables and health apps through a single API and SDK: it ingests events, validates and normalizes data, and delivers personalized health information aligned with each product's needs.
Value proposition:
- One integration for multiple data sources.
- Validated, normalized, and ready-to-use data.
- Modular tools and features.
- Reduced costs and accelerated innovation.
Data quality pillars: harmonization (easy comparison), clean data (eliminate duplicates), standardization (fill in the blanks), and normalization (unify scales).
## ROOK Score
ROOKScore is one unified scoring system across all data sources — a health reference point that's as easy to understand as it is to use. It standardizes data from wearables like Whoop, Oura, and others into one unified score, letting you compare all users — regardless of device — on key metrics like sleep and readiness.
Benefits: standardized health indicator, multivariate evaluation, compatibility with all data sources, and personalization of the score according to the client's needs.
Example payload:
```json
{
"data_structure": "health_score",
"version": 2,
"document_version": 1,
"user_id": "example",
"client_uuid": "example",
"health_score_data": {
"physical_health_score": 95.0,
"sleep_health_score": 70.0,
"body_health_score": 90.0
}
}
```
## ROOK Extraction App
The ROOK Extraction App is a ready-to-use mobile solution that simplifies health data extraction from mobile sources — no development of your own app required. It empowers users to securely link their health data (Apple Health, Health Connect, wearables, and wellness apps) directly to your platform in a few taps.
Benefits: effortless data connection, background data synchronization, secure and privacy-compliant delivery, and instant integration with your platform.
How it works: users download the app and securely connect to your organization and their data sources using a QR code. ROOK then delivers the data directly to your backend via webhook.
## Features & Add-ons
ROOK's modular add-ons let you activate only what you need. Goals they support: accelerate time to market, enhance user engagement, ensure data accuracy, and scale without limits. (Full technical detail in the Add-ons documentation section below.)
---
# PRICING
ROOK uses usage-based pricing across four tiers. Add-ons are billed separately.
Core — $399 USD/month. Up to 750 active users. All integrations in ROOKConnect, multiple data sources per user, Developer & Admin Portal, Sandbox environment, Email & Intercom support, basic SLAs.
Core+ — $999 USD/month. Up to 5,000 active users. Everything in Core, plus 3 free add-ons of your choice (excludes Branded Auth Process, Basic Auth & Okta Token).
Business — $1,999 USD/month. Up to 15,000 active users. Assisted onboarding with a CS Engineer, advanced SLAs, Notifications webhook, unstructured data ingestion, continuous steps events, white-labeled authentication, ROOKScore, granular data, SDK or End-user App. Includes all features and add-ons.
Enterprise — Custom pricing. Unlimited users, everything in Business, enterprise SLAs, dedicated CS Engineer + expert groups, dedicated servers, custom integrations, FHIR-compliant data, enterprise contracting process.
Add-on price list (for Core / Core+ tiers; included in Business and Enterprise): Notifications Webhook $99 · Data source proprietary & unstructured data $149 · Continuous steps events $249 · ROOKScore $249 · Granular data $249 · Multiple accounts & instances $249 · End-user app for data extraction $499 · Branded auth process $249 · Basic auth & Okta token $249 (all USD/month).
---
# USE CASES & INDUSTRIES
ROOK's wearable integrations and smart recommendations provide the foundation for innovation across Fitness & Wellness, Healthcare, Insurance, Corporate Wellness, and Pharma.
Representative outcomes cited by ROOK: +30% better risk modeling, 10% healthier risk pool, 10% reduction in hospital readmission, +20% user retention.
Selected customers and applications: Trainingym (smarter training plans, gamified fitness), Gentherm (wearable data in automotive), PEAR Health Labs (AI-ready data for Training Intelligence), NASM (wearable data for personal training), Novos Lab (optimizing aging), Physmodo (movement intelligence), ThyForLife (multi-wearable integration + health score for 50,000+ users), and Advanta Health Solutions (10x expansion of validated activities like biking and hiking).
---
# DOCUMENTATION
## Portal Configuration
The ROOK Portal lets you create API access credentials and configure/manage integrations. This is the first mandatory step before using the API. It supports two independent environments — Sandbox and Production — each with its own credentials and configuration, so testing never affects live data.
Step 1 — Create your account. Register an organizational account, providing email/password, company name, industry, project manager information, and estimated number of users. The project is automatically enabled in Sandbox.
Step 2 — Generate credentials. In settings, generate your `client_uuid` and `secret_key`. Sandbox and Production use different credentials. The Secret Key is displayed only once and must be stored securely.
Step 3 — Configure the Ready-to-Use connections page (Sandbox only). ROOK provides a connections page for quickly linking API-based sources. You can customize basic visual elements (e.g., colors) to simulate branding. It is for testing only — production requires a custom connections page or app view built with the appropriate endpoints.
Step 4 — Configure the data webhook. Register a public URL that accepts POST requests; this endpoint receives data sent via the ROOK Data Webhook. Optionally configure a Notification Webhook for integration-status events (connections, errors). Webhooks are the primary mechanism for receiving health data; the API is for specific queries and debugging, not continuous retrieval.
## Definitions (Glossary)
Actors.RookDev (Rookeries Development Corp) is the company behind ROOK. ROOK is the platform of APIs, SDKs, apps, and portal that aggregates, standardizes, and delivers health data. Clients are enterprises/developers integrating ROOK. Users are individuals who use client apps and consent to share their data.
Health data sources.Health Data Providers manufacture wearables or build apps that collect metrics (e.g., Polar, Oura, Garmin, Withings, Whoop). Health Data Collectors aggregate data from multiple providers (e.g., Google Fit, Health Connect, Apple Health, Samsung Health, Strava).
Products. ROOK Connect (multi-source health data collection), ROOK Portal (management interface for API keys, connections, activity), ROOK Score (quantifiable health assessment), and ROOK Extraction App (pre-built, neutrally branded mobile app; users link via QR code).
Health aspects.Health Metrics are quantifiable indicators (steps, calories, glucose, heart rate). Health Data Pillars organize data into Physical Health (daily activity, exercise, movement), Body Health (body composition, physiological variables, nutrition), and Sleep Health (sleep quality, recovery). Events are updates over specific intervals; Summaries are daily collections categorized as physical, sleep, or body.
Data types.Health Data covers physiological and activity elements. Unstructured Data is raw data before processing. Structured Data has been harmonized, standardized, cleansed, and normalized. Harmonized Data uses consistent units/formats (e.g., miles→kilometers). Standardized Data is formatted uniformly across providers. Clean Data is free of duplicates/inconsistencies. Normalized Data is adjusted to consistent scales.
Components.ROOK Webhook delivers real-time updates (summaries, health scores) to a URL. ROOK API allows on-demand retrieval (polling available, webhooks recommended). ROOK Connections Page is a demo/testing page. ROOK SDKs are available for Android, iOS, Flutter, React Native, and Capacitor.
Environments. Production (stable, live) and Sandbox (testing).
Key variables. `client_uuid` — UUID4 client identifier. `secret_key` — confidential API authentication key. `user_id` — unique user identifier (1–50 chars; alphanumeric with hyphens; may be numerals, UUID4, emails, or custom; avoid PII like emails in HIPAA/GDPR contexts — use anonymized identifiers). `api_url` — Production `api.rook-connect.com`, Sandbox `api.rook-connect.review`. Units follow the UCUM metric standard.
## ROOK Connect — Introduction
ROOKConnect is the central health data integration platform within the ROOK ecosystem. It simplifies connecting to many external providers (API-based platforms and SDK-based mobile apps) and delivers structured data through a unified model. It acts as an intermediate layer that standardizes authorization, extraction, normalization, and delivery, giving a consistent and scalable architecture.
Architectural benefits: broad compatibility (API-based platforms like Dexcom, Fitbit, Garmin, Oura, Polar, Whoop, Withings; mobile kits like Apple Health, Health Connect, Samsung Health), streamlined data management (raw → harmonized/standardized/normalized), and flexible delivery (real-time webhooks plus on-demand REST API).
General integration flow (four phases):
1. Authorization — obtain explicit user consent via per-provider endpoints.
2. Extraction — connect to the source and retrieve historical and recent data.
3. Processing — apply harmonization and normalization under a unified schema.
4. Delivery — transmit processed data to the client backend, primarily via webhooks.
Data model. Three pillars (Physical, Body, Sleep), each delivered as Summaries (data around the day) and Events (granular, timestamped points). The engineering team must always validate `document_version` and `datetime` to update records correctly and prevent duplication.
Integration tools.Connections Page (simplifies authorization in sandbox; production uses the `/authorizer` endpoint for custom branding) and ROOK Extraction App (pre-built mobile solution for SDK-based sources). The Connections Page is sandbox-only; production must implement the individual authorization endpoint.
## ROOK Connect — Prerequisites for Integration
The primary requirement is a backend capable of receiving and processing webhooks. Depending on selected sources, frontend or mobile teams may also be needed.
Backend engineering. Build a secure, public API endpoint to receive webhook payloads; implement secure storage and efficient update logic; build internal APIs to serve processed data to your apps.
Frontend engineering (optional). Build a branded user-facing authorization page; build dashboards/visualizations.
Mobile engineering. For mobile sources (Apple Health, Samsung Health, Health Connect), either integrate ROOK's iOS/Android SDKs into your app, or use the pre-built ROOK Extraction App (no custom mobile development).
Testing prerequisites. Acquire test hardware or active test accounts; ensure test users have pre-existing historical data; use the portal's JSON simulator when real data isn't available.
Recommended architecture. Ingestion layer (webhook endpoint) → Storage layer (store payloads; validate `document_version` and `datetime`) → Consumption layer (serve structured data via internal APIs) → Authorization layer (SDKs or Extraction App for consent).
Security policies (WAF). All API requests are protected by AWS WAF; non-compliant requests are blocked with HTTP 403.
- Required headers: `User-Agent` (MANDATORY — missing = 403), `Content-Type: application/json` (for POST/PUT), `Authorization: Bearer <token>` or API key method.
- Prohibited values/patterns in parameters: `localhost`, local IPs (`127.0.0.1`, `192.168.x.x`, `10.x.x.x`), SQL injection patterns (SELECT, DROP, INSERT, UNION), script/JS (`<script>`, `javascript:`), path traversal (`../`, `%2e%2e%2f`), command injection (`|`, `;`, `&&`, `||`), and file inclusion (`file://`, `php://`).
## ROOK Connect — Quickstart
After portal configuration, execute and validate the end-to-end pipeline in Sandbox before going live.
Step 1 — Connect users. With credentials and webhook configured, test user connection. Clients build a custom web connection page using the data source's `/authorizer` endpoint for full brand control.
- API-based sources (Fitbit, Garmin, Oura): present an authorization view; on consent, extraction begins.
- Mobile-based sources (Apple Health, Health Connect, Samsung Health): integrate ROOK SDKs, which handle authorization and extraction natively.
- ROOK Extraction App: pre-built alternative that manages authorization and synchronization without custom mobile development.
- A sandbox-only test connections page is available for API-based sources (not for production).
Step 2 — Validate the data flow. Confirm payloads arrive at the configured webhook and match the documented schema (see Data Types). On-demand API queries are possible but not recommended as the primary continuous-retrieval method in production. The portal's JSON Simulator (Tools → JSON Simulator) is the fastest way to validate the pipeline without physical wearables: select data source, health pillar, and data structure, then generate a realistic payload and "Send to Data Webhook" for end-to-end validation. Requires an active data webhook.
Step 3 — Transition to production. Request production enablement, generate production-specific credentials, configure live webhooks, and update backend environment variables. Using sandbox credentials in production returns 401 Unauthorized — keep environments strictly separated.
## ROOK Connect — Data Authorization
Authorization is the mandatory first step to accessing health data. Two methods, recommended together:
API-based sources (Fitbit, Garmin, Oura, etc.). Users authorize via a browser. Clients build a connections page that interacts with the `/authorizer` endpoint:
- Step 1 — design a page/view with a button per source, each linking to the `authorization_url`.
- Step 2 — call the authorizer endpoint:
```
GET /api/v1/user_id/{user_id}/data_source/{data_source}/authorizer
Authorization: Basic {Base64Encoded(client_uuid:secret_key)}
```
Allowed `data_source` values: Garmin, Oura, Polar, Fitbit, Withings, Whoop, Dexcom. Optional `redirect_url`. Example response:
```json
{ "data_source": "Fitbit", "authorized": false, "authorization_url": "https://www.fitbit.com/oauth2/authorize?response_type=code&client_id=23R2..." }
```
- Step 3 — handle redirection to the callback URL after authorization.
- A pre-configured ROOK Connections Page exists for Sandbox testing only. Whoop and Dexcom require additional integration steps.
Mobile-based sources (Apple Health, Health Connect). Authorization occurs on-device. Use ROOK SDKs to invoke authorization pop-ups (iOS = Apple Health, Android = Health Connect), or use the ROOK Extraction App where users scan a QR code generated via the API.
Revoking authorization:
```
POST /api/v1/user_id/{user_id}/data_sources/revoke_auth
Authorization: Basic {Base64Encoded(client_uuid:secret_key)}
```
Revoking disconnects the user from all associated sources for that client. If an account is shared across clients, each must revoke separately. Revocation may not be immediate — some providers take hours, during which data may still arrive.
## ROOK Connect — Data Extraction
Two architectures: API-based (centralized platforms) and mobile-based (on-device via SDKs).
API-based extractions. ROOK combines polling and webhooks for redundancy. Key features:
- Pre-existing data: up to 7 days retrieved on authorization.
- Custom extraction times: defaults are 00:01 for physical summaries and 12:00 for sleep summaries (user local time); custom times available via the Time Zone feature.
- Retry logic: if a summary is unavailable, ROOK retries — Day 1: 23 attempts (hourly); next 30 days: one daily attempt at the configured time; success stops retries.
- Duplication handling: ROOK sends the most complete version with an incremented `document_version`.
Mobile-based extractions. Rely on ROOK SDKs or the Extraction App. SDKs extract roughly hourly, subject to app state (foreground/background), device settings (e.g., locked screen), and quotas. Pre-existing data: up to ~30 days depending on platform. Some metrics (e.g., step events) are available locally via the SDK.
`document_version` logic. Valid only for the same `datetime`: if a higher version arrives and the datetime matches, replace the dataset; if the datetime differs (e.g., a previous day), do not replace; if a lower version arrives, discard it.
API vs mobile comparison. API: sources like Fitbit, Garmin, Polar, Oura; tools = Connections Page / `/authorizer`; pre-existing ≈ 7 days. Mobile: Apple Health, Health Connect, Android/iOS; tools = SDKs / Extraction App; pre-existing ≈ 29 days.
## ROOK Connect — Data Processing
After extraction, data passes through a five-stage pipeline before delivery:
1. Harmonization — consistency across formats, units, definitions (e.g., distances → kilometers; timestamps → user local time).
2. Standardization — apply industry standards (e.g., map sleep stages and heart-rate intervals to a common standard).
3. Cleaning — eliminate inconsistencies and resolve duplicates. Data prioritization ranks sources by quality (wearable device data takes precedence over SDK/health-kit extractions). Non-Null Value Rule: valid non-null values from lower-priority sources override nulls from higher-priority sources. Higher Value Rule: for metrics like `steps_number` and `calories_expenditure_kilocalories`, the highest value is retained. Events within a ±10-minute window are merged or prioritized by source ranking; summaries use the highest-priority source and are versioned via `document_version`. Summaries are held 15 minutes before delivery to incorporate delayed updates; all data is reported in UTC.
4. Normalization — adjust to uniform scales/formats (e.g., calories → kilocalories; consistent step intervals).
5. Structuring — organize into unified schemas for the Physical, Sleep, and Body pillars with predefined, cross-source keys.
## ROOK Connect — Data Delivery
Two delivery methods sharing the same JSON schemas:
ROOK Webhooks (preferred). Deliver events and summaries in real time across sleep, physical, and body pillars; triggered by new events or generated summaries. Configured in the ROOK Portal.
- Security: `X-ROOK-HASH` header for HMAC validation confirms payloads originate from ROOK.
- Retry logic: failed deliveries retried at 2 hours, 24 hours, and 48 hours. If all fail, data is stored in buckets — Sandbox 3 days, Production 10 days.
- Setup: prepare a URL that accepts POST and processes JSON; configure separately per environment; respond with 200/201/202 to confirm receipt (other responses trigger retries). Notification Webhooks require manual setup via ROOK Support.
ROOK API (on-demand, complementary). For specific queries; responses match webhook payloads. Sandbox `https://api.rook-connect.review`, Production `https://api.rook-connect.com`. Important: not real-time; rate-limited (typical limits ~60 requests/minute and ~10,000 requests/day, varying by plan); not a storage/backend solution — build your own backend to store data received from ROOK and query that, not ROOK's API. Maximum supported JSON file size is 16 MB. Full reference and OpenAPI spec at the API Reference.
Notification Webhooks (add-on). Provide updates on integration actions (user creation/deletion, source connections/disconnections, failed retrievals). Manual setup via ROOK Support.
## ROOK Connect — Data Types
Data is organized into three pillars, each with Summaries (daily aggregates) and Events (timestamped records).
User information included for context: name, date of birth, gender, height, weight.
Physical Health.Physical Summary (total steps, active minutes, calories burned). Events: Activity (type, duration, intensity), Heart Rate (min/max, time in zones), Oxygenation (SpO₂, respiratory rate), Stress (levels and stressors).
Sleep Health.Sleep Summary (total duration; time in each stage — REM, light, deep).
Body Health.Body Summary (blood glucose, blood pressure, hydration, calorie intake, macronutrients). Events: Blood Glucose, Blood Pressure (systolic/diastolic), Heart Rate, Hydration, Mood, Nutrition (protein/carbs/calories), Oxygenation, Temperature.
Datetimes. Format `YYYY-MM-DDTHH:MM:SS.MS+-TZ` (e.g., `2023-08-09T15:30:50.456700Z`). All timestamps align to UTC (Z) unless otherwise specified; microseconds rounded to six digits; ISO 8601 compliant. Timestamps without a timezone are assumed UTC. Full schemas are in the API Reference and on ROOK's GitHub datasets.
## ROOK Connect — Add-ons
Some add-ons are on by default; others require activation (contact your account manager).
| Add-on | Feature | Default |
|---|---|---|
| Time Zone | Local-time delivery | Yes |
| Data Cleaning | Improves accuracy | Yes |
| Connections Page | Simplifies authorization | Yes (sandbox) |
| Pre-Existing Data | Historical retrieval | Yes |
| Granular Data | Minute-level metrics | No |
| Notification Webhook | Real-time integration events | No |
| Callback URL Setup | Post-connection redirect | No |
| Steps Events in API | Hourly step polling | No |
| Branded Auth | Fully personalized flow | No |
- Time Zone — daily summaries extracted/delivered per the user's local time zone.
- Data Cleaning — prioritizes and de-duplicates data from multiple sources for the same user.
- Granular Data — minute-level readings such as heart rate, HRV, and blood pressure; increases payload depth.
- Notification Webhook — non-health integration events (user creation, source connect/disconnect, failed extractions). Example payload:
```json
{ "client_uuid": "123456789", "user_id": "UserTest12345", "data_source": "garmin", "action": "user_connected", "level": "info", "message": "A new user has been successfully linked", "action_datetime": "2024-06-03T19:10:43.419390", "environment": "production" }
```
- Callback URL Setup — redirect users back to your app after authorization, e.g. `.../data_sources/authorizers?redirect_url=https://www.yourapp.com`.
- Connections Page — pre-configured authorization interface using `/authorizers`; ideal for sandbox; production should use a custom interface built on `/authorizer` per source.
- Pre-Existing Data — up to 7 days (API-based) or 29 days (mobile-based) on first connection, delivered via the Data Webhook in the same JSON structure. A ROOK Score is calculated per extracted day (up to 7 or 29 scores), delivered within ~24 hours. Source-specific notes: Polar provides no physical/body summaries in pre-existing data; Whoop returns the same body summary for the past 7 days; Garmin sends pre-existing data only on the first link per account. Enabled by default in Sandbox; off by default in Production.
- Steps Events in API — hourly polling of API sources (Whoop, Oura, Garmin, Fitbit, Withings, Polar) to mirror SDK-style step granularity; ascending values only, highest value across sources, zero/null falls back to last valid value; delivered exclusively via the Data Webhook in `steps_event` format. Example payload:
```json
{
"version": 2,
"data_structure": "steps_event",
"client_uuid": "",
"user_id": "",
"document_version": 1,
"auto_detected": false,
"physical_health": {
"events": {
"steps_event": [
{
"metadata": {
"datetime_string": "2025-02-27T21:29:26.747000+05:00",
"user_id_string": "10053949724",
"sources_of_data_array": ["Garmin"],
"was_the_user_under_physical_activity_bool": false
},
"steps": { "accumulated_steps_int": 8546 },
"non_structured_data_array": []
}
]
}
}
}
```
- Branded Auth — replace ROOK's logo with your own across all connection screens for a native, branded flow. Setup can take several weeks depending on data-source timelines.
## ROOK Score
ROOK Score 2.0 analyzes key health data points and scores each variable from 0–100%, giving equal weight to each pillar and producing a final score that estimates the user's health status. The scoring system is based on global health standards endorsed by the World Health Organization (WHO).
Data inputs.Physical Health — from physical summaries; reflects activity %, calories, steps; requires age, sex, weight, height. Body Health — from body summaries; BMI indicator; requires height, weight. Sleep Health — from sleep summaries; sleep quality, duration, recovery; requires age, sex.
Output scores.Global Score (average of the three pillar scores); Seven-Day Score (average Global over 7 days); Physical Health Score (activity, calories, steps sub-scores); Body Health Score (BMI sub-score); Sleep Health Score (readiness, sleep duration, sleep quality sub-scores).
Implementation. ROOK Score 2.0 is webhook-only — the ROOK Score 1.0 query endpoint does not apply. After activation, customize each pillar and its variables in the ROOK Portal (active variables per pillar must total 100%, and pillars must sum to 100%). Flow: user generates data → ROOK receives, structures, and normalizes it → ROOK generates a score → score is sent to the Data Webhook → a JSON is generated per user as new data arrives. The score recalculates continuously; track updates via `document_version`.
When providers don't supply demographics (gender, age, weight, height), the payload includes `calculated_with_missing_user_info` (bool) and `missing_user_info` (array). Wearables that don't capture certain inputs yield null sub-scores, and composite scores exclude those nulls. Abbreviated payload shape:
```json
{
"data_structure": "health_score",
"version": 2,
"document_version": 1,
"user_id": "testUserAllDemographics",
"client_uuid": "019240e3-64ff-7195-a487-c4728502b190",
"health_score_data": {
"metadata": { "datetime_string": "2023-12-28T00:00:00.000000Z", "sources_of_data_array": ["Polar"], "user_id_string": "testUserAllDemographics" },
"overall_scores": { "global_score_0_100_int": 100, "seven_days_avg_score_0_100_int": 100 },
"physical_health_score": { "score_0_100_int": 100, "calories_score": { "score_0_100_int": 100 }, "activity_score": { "score_0_100_int": 100 }, "steps_score": { "score_0_100_int": 100 } },
"sleep_health_score": { "score_0_100_int": 100, "sleep_duration_score": { "score_0_100_int": 100 }, "sleep_quality_score": { "score_0_100_int": 100 }, "readiness_score": { "score_0_100_int": 100 } },
"body_health_score": { "score_0_100_int": 100, "bmi_score": { "score_0_100_int": 100 } }
}
}
```
## ROOK Extraction App — Introduction
A ready-to-use mobile app that accelerates health data collection without native mobile development. It supports both mobile-based sources (Apple Health, Health Connect, Samsung Health) and API-based platforms (Fitbit, Garmin, Oura) through a unified Connections View. Built on ROOK SDKs.
Why use it: quick start for data collection; versatile (temporary tool during custom development, or permanent infrastructure); streamlined connection process; no development required (neutral branding).
Core features: unified Connections View, pre-built solution, cross-platform (iOS 14+ and Android 9+), neutral branding (minimal config like terms and support links), and flexible deployment.
Workflow: User binding (scan a QR code or click a universal link to securely bind to your system) → Connections View (API sources via OAuth; mobile sources via on-device permissions) → Data delivery (real-time via Data Webhooks). Available on Google Play and the Apple App Store, or via QR codes / universal links generated through ROOK's API.
## ROOK Extraction App — Implementation
Prerequisites. Obtain `client_uuid` and `secret_key` from the Portal and register your Data Webhook; prepare a backend endpoint to receive data.
User binding. Initialize the app with client-specific settings via QR codes or universal links.
- Endpoint — Sandbox `https://api.rook-connect.review/api/v1/extraction_app/binding/`, Production `https://api.rook-connect.com/api/v1/extraction_app/binding/`.
- Headers — `Authorization: Basic <base64_encoded_credentials>`, `Content-Type: application/json`.
- Request body:
```json
{
"user_id": "unique-user-identifier",
"metadata": { "client_name": "Your Organization Name", "tyc_url": "https://example.com/terms", "support_url": "https://example.com/support", "complete_log_out": false },
"salt": "unique-security-string"
}
```
`salt` is a 4–6 character encryption string used for on-device decryption; it is not stored by ROOK. `metadata.complete_log_out` controls whether logging out disconnects all linked sources.
- Response: `qr_code` (Base64 PNG) and `universal_link`.
Using the app. Share the QR code or link; the user scans/clicks to bind; the app auto-configures with your metadata. Users then connect sources (API via OAuth, mobile via on-device permissions). The app calculates and displays a per-day ROOK Score. Users can log out, unlink, or switch profiles (logout disconnects from the client system but doesn't unlink sources unless `complete_log_out` is enabled).
Security & delivery. The salt enables end-to-end encryption (decryption happens on the device); the QR code holds no sensitive data; a device binds to one environment at a time. Health data is sent to your registered Data Webhook as events or summaries; the app inherits the capabilities and limitations of the ROOK SDKs for mobile sources.
---
# DATA SOURCES
ROOK is a single integration for 400+ wearables and health data sources, classified by extraction method.
API-based (direct integration with centralized providers): Fitbit, Garmin, Oura, Polar, Withings, plus Dexcom, Strava, and Whoop (these require the client to provision and manage their own developer accounts; setup can take several weeks).
SDK-based (on-device): Android, Apple Health, Health Connect, and Samsung Health (Samsung requires a client developer account).
Indirect via ROOK SDKs (collected through Apple Health / Health Connect; 60+ sources), including: Mi Fitness (Xiaomi), Zepp, Abbott Lingo, Accu-Chek, Adidas Running, AllTrails, Ascensia Contour, Bayer, BetterSleep, Beurer, Biostrap, boAt, SleepWatch, CardioMood, Clue, COROS, Cronometer, Eight Sleep, Eversense, FatSecret, Fire-Boltt, Fitbod, Flo, Hammerhead, Huawei Health, iFit, iHealth, InBody, Komoot, Life Fitness, Lifescan, Lifesum, Lose It!, MapMyFitness/Ride/Run/Walk, Medtronic, MyFitnessPal, MyZone, Nike Run Club, NoiseFit, Omron, Peloton, Ride with GPS, Runtastic, Sony, Suunto, Technogym, Tempo, Titan, Tonal, TrainingPeaks, Ultrahuman, Under Armour, Wahoo, WeightWatchers, Welltory, Zwift.
Health pillars per source vary across Body, Physical, and Sleep. SDKs integrate directly with Health Connect (Android) and Apple Health (iOS) to collect activity, sleep, heart rate, and more. The live, authoritative list is maintained at https://docs.tryrook.io/data-sources/.
---
# SUPPORT & RESOURCES
- Knowledge Base: https://support.tryrook.io/en/
- Changelog: https://rook.canny.io/changelog
- GitHub (open-source SDKs, demo apps, datasets): https://github.com/RookeriesDevelopment
- API Reference & OpenAPI spec: https://docs.tryrook.io/api/
- About: https://www.tryrook.io/about-us
- Partners: https://www.tryrook.io/partners
- Blog: https://www.tryrook.io/blog
- Podcast & Media: https://www.tryrook.io/podcast-media
- Media Kit: https://www.tryrook.io/media-kit