First-party connect is available when
GET /capabilities reports
first_party_oauth: true for wearables.oura. Otherwise use your own Oura
app credentials in the bring-your-own flow below.First-party flow
Start the connection with no provider credentials:authorization_url. Oura returns to the ForeverBetter
dashboard, which completes the connection automatically. Do not ask the user
to copy a code or state back to an agent; poll
GET /connections/wearables/status until Oura is active.
The API stores the first-party token encrypted when WHOOP_TOKEN_ENC_KEY is
configured (the same AES-256-GCM key used for provider credentials). An agent
can then pull normalized Oura readings without seeing a provider token:
Oura developer-console setup
- Sign in at Oura Cloud API Applications.
-
Create an OAuth API application and add this exact redirect URI:
-
Add these production environment values (do not expose the secret in the dashboard):
-
Keep
WHOOP_TOKEN_ENC_KEYset to a 32-byte base64 key so first-party Oura refresh tokens are encrypted at rest. Oura refresh tokens rotate on use.
daily,
heartrate, personal, and workout by default.
Bring your own Oura app
For an integration that owns its own Oura app, passclient_id,
client_secret, and the exact redirect_uri to the same start/callback calls.
The dashboard exposes this under Developer: use your own Oura app when the
first-party integration is not configured.
See Oura’s OAuth documentation
for scope and application-review requirements. New Oura API applications are
limited to 10 users until approved.