API Programs > Balance Rewards for Healthy Choices API

Healthy Choices API

The Balance Rewards API enables qualified partners to connect into Walgreens to share individual member health and wellness information to be eligible to receive Balance Rewards points for completing 4-week physical activity and healthy lifestyle challenges. The API is designed to enable partners to seamlessly share individual health and lifestyle activity (Data Sharing), and create or validate user memberships (Authentication).

Data Sharing:

In order for Balance Rewards members to receive points for data recorded using pre-qualified partners applications, devices, or platform, partners must share full activity information with Walgreens. In no way is Walgreens able to reward activity without supporting aggregate or transaction level information. Currently, Balance Rewards members are eligible to receive the following rewards:

  • 100 points each week a healthy challenge is completed; maximum of 400 points total per challenge
  • NOTE: Members can join two challenges (one lifestyle challenge and one healthy activity challenge) simultaneously
  • BONUS: Complete all 4 challenge weeks to earn a prize wheel spin worth up to 2000 points
  • BONUS: 250 points for connecting a compatible health & fitness device/app; up to 2 per month

Authentication:

In order for individuals to receive points for completing healthy challenges, they must be a Balance Rewards member and have successfully completed a Walgreens OAuth login or registration. Further instructions on prerequisites and how to obtain required authentication credentials are contained with the API Documentation.

Below are the technical steps you will need to go through in order to get your integration configured and branded correctly:


The following API endpoints can be used to programmatically integrate all functions of the Digital Offers experience:

Authorization Code

  • Request:
    POST /oauth/authorize.jsp

OAuth Token

  • Request:
    POST /api/oauthtoken/v1
  • Deactivate:
    POST /api/oauthtoken/delete/v1

Refresh Access Token

  • Request:
    POST /api/oauthtoken/v1

Post Activity Data

  • Request:
    POST /api/steps/activity/v1?apiKey=[YOUR_API_KEY]

Total Points

  • Request:
    POST /api/steps/brpoints/v1?apiKey=[YOUR_API_KEY]

Request Authorization Code:

Your application will navigate to the authorization code URL, while passing parameters outlined below in order to complete the required Walgreens.com login or registration process.

Endpoint URL

Sandbox:
https://m-qa2.walgreens.com/oauth/authorize.jsp
Production:
https://www.walgreens.com/oauth/authorize.jsp 

Open a Webview/Browser:
AuthURL
? client_id=YOUR_AFFILIATE_ID
& response_type=code
& scope=steps
& redirect_uri=YOUR_REDIRECT_URI
& channel=1,5, or 6
& transaction_id=1234567890123456
& state=abcd1234xyz

Response Authorization Code

Upon successfully logging into Walgreens.com or registering with Walgreens.com, the authorization server validates the incoming parameters, verifies the client registration, and then the authorization server issues an authorization code. The authorization code will be embedded within the redirect URI as a URL parameter.

Example Request

Sample URL redirect response:
YOUR_REDIRECT_URI
? code=AUTHORIZATION_CODE
& scope=steps
& transaction_id=ONE_PASSED_IN_REQUEST_AUTH
& state=ONE_PASSED_IN_REQUEST_AUTH

Sample Error Response:
YOUR_REDIRECT_URI
? error_code=ERROR_CODES_BELOW
& error=ERROR_NAMES_BELOW
& error_description=ERROR_DESCRIPTIONS_BELOW
& transaction_id=ONE_PASSED_IN_REQUEST_AUTH
& state=ONE_PASSED_IN_REQUEST_AUTH

Request OAuth Access Token

Your application requests the authorization server for access to the token by sending the authorization code, along with other parameters detailed below, which is shared by authorization server using the application/x-www-form-urlencoded format.

Endpoint URL

Sandbox:
https://services-qa.walgreens.com/api/oauthtoken/v1
Production:
https://services.walgreens.com/api/oauthtoken/v1

Example Request

TOKEN_URL
Content-Type: application/x-www-form-urlencoded
? grant_type=authorization_code
& act=getOAuthToken
& client_id=YOUR_AFFILIATE_ID
& client_secret=YOUR_API_KEY
& code=AUTHORIZATION_CODE
& redirect_uri=YOUR_REDIRECT_URI
& channel=1,5, or 6
& transaction_id=ONE_PASSED_IN_REQUEST_AUTH
& state=ONE_PASSED_IN_REQUEST_AUTH

Response OAuth Access Token

If the authorization token request is valid and authorized, the authorization server issues an access token and refresh token.

Sample Success response: 
Content-Type: application/json
    {
	"scope":"steps",
	"token_type":"BEARER",
	"access_token_expires_in": "2020-09-17T18:19:18.000Z",
	"refresh_token_expires_in": "2020-12-15T18:19:18.000Z"
	"access_token":"USER_ACCESS_TOKEN",
	"refresh_token":"USER_REFRESH_TOKEN",
	"transaction_id":"ONE_PASSED_IN_REQUEST_AUTH"
    }

Sample Error Response:
 Content-Type: application/json
    {
	"error_code":"ERROR_CODES_BELOW",
	"error":"ERROR_NAMES_BELOW",
	"error_description":"ERROR_DESCRIPTIONS_BELOW",
	"transaction_id":"ONE_PASSED_IN_REQUEST_AUTH"
    }

Request Refresh Access Token

If the authorization token request is valid and authorized, the authorization server issues a new access token and refresh token.

Endpoint URL

Sandbox:
https://services-qa.walgreens.com/api/oauthtoken/v1
Production:
https://services.walgreens.com/api/oauthtoken/v1

Example Request

curl --request POST \ 
TOKEN_URL
Content-Type: application/x-www-form-urlencoded
? grant_type=refresh_token
& act=getOAuthToken
& client_id=YOUR_AFFILIATE_ID
& client_secret=YOUR_API_KEY
& refresh_token=USER_REFRESH_TOKEN
& redirect_uri=YOUR_REDIRECT_URI
& channel=1,5, or 6
& transaction_id=ONE_PASSED_IN_REQUEST_AUTH
& state=ONE_PASSED_IN_REQUEST_AUTH

Response Refresh Access Token

If the authorization token request is valid and authorized, the authorization server issues a new access token and refresh token.

 Sample Success Response:
 Content-Type: application/json
    {
	"scope":"steps",
	"token_type":"BEARER",
	"access_token_expires_in": "2020-09-17T18:19:18.000Z",
	"refresh_token_expires_in": "2020-12-15T18:19:18.000Z"
	"access_token":"USER_ACCESS_TOKEN",
	"refresh_token":"USER_REFRESH_TOKEN",
	"transaction_id":"ONE_PASSED_IN_REQUEST_AUTH"
    }

Sample Error Response:
 Content-Type: application/json
    {
	"error_code":"ERROR_CODES_BELOW",
	"error":"ERROR_NAMES_BELOW",
	"error_description":"ERROR_DESCRIPTIONS_BELOW",
	"transaction_id":"ONE_PASSED_IN_REQUEST_AUTH"
    }

Request Deactivate OAuth Token

If the deactivate token request is valid and authorized, the authorization server deactivates the access token and refresh token

Endpoint URL

Sandbox:
https://services-qa.walgreens.com/api/oauthtoken/delete/v1
Production:
https://services.walgreens.com/api/oauthtoken/delete/v1 

DEACTIVATE_TOKEN_URL
Content-Type: application/x-www-form-urlencoded
? act=deactivateToken
& client_id=YOUR_AFFILIATE_ID
& client_secret=YOUR_API_KEY
& token=USER_ACCESS_TOKEN
& channel=1,5, or 6

Response Deactivate Access Token

If the deactivate token request is valid and authorized, the authorization server deactivates the access token and refresh token.

 Sample Success Response:
 Content-Type: application/json
    {
    "status":"success",
    "transaction_id":"ONE_PASSED_IN_REQUEST_AUTH"
    }

Sample Error Response:
 Content-Type: application/json
    {
    "error_code":"ERROR_CODES_BELOW",
    "error":"ERROR_NAMES_BELOW",
    "error_description":"ERROR_DESCRIPTIONS_BELOW",
    "transaction_id":"ONE_PASSED_IN_REQUEST_AUTH"
    }

Request Post Activity Data

Once the oAuth process has been completed, your app is ready to send activity data whenever new data has been received by the user from a device or when the user has entered a manual entry of data. You have the option to post the activity immediately upon receiving the data from the user, or in can be posted in batches on a scheduled basis.

Endpoint URL

Sandbox:
https://services-qa.walgreens.com/api/steps/activity/v1?apiKey=[YOUR_API_KEY]
Production:
https://services.walgreens.com/api/steps/activity/v1?apiKey=[YOUR_API_KEY] 

POST_ACTIVITY_URL
Content-Type: application/json
    {
    "creates": [ {
    "access_token":"USER_ACCESS_TOKEN",
    "affiliate_id":"YOUR_AFFILIATE_ID",
    "transaction_id":"RANDOM_NUMBER_16_LENGTH",
    "date":"YYYY_MM_DD *(THE DATE OF THIS POST REQUEST)",
    "user_device_id":"Either user_id from their account in your app, or the UUID",
    "manufacturer_name":"YOUR_COMPANY_NAME" (20 MAX LENGTH),
    "device_name":"YOUR_DEVICE_NAME"  (20 MAX LENGTH,This is displayed on the Walgreens Health Dashboard),
    "data": [
        {
        "id":"UNIQUE_ID (This must be 100% unique for every user/activity/entry)",
        "device_tracked":"true or false",
        "timestamp":"YYYY-MM-DD HH:MM:SS *(THE TIME THE HEALTHY ACTIVITY IS COMPLETED)",
        "type":"ACTIVITY_TYPE" (Listed below),
        "value": {"EXPLAINED BELOW" }
        } ]
    } ]
}
Sample Success Response:
 Content-Type: application/json
    {
    "success_code":"2000",
    "transaction_id":"ONE_PASSED_IN_REQUEST_AUTH"
    }

Sample Error Response:
 Content-Type: application/json
    {
    "error_code":"ERROR_CODES_BELOW",
    "error":"ERROR_NAMES_BELOW",
    "error_description":"ERROR_DESCRIPTIONS_BELOW",
    "transaction_id":"ONE_PASSED_IN_REQUEST_AUTH"
    }

Activity Posting Types: "creates" / "updates" / "deletes"

  • "creates": This would be used for new activity data that is being posted for the first time.
  • "updates": This would be used for updating an activity data previously posted, ensure the same "id" is used to update the value for the correct activity./li>
  • "deletes": This would be used for deleting an activity data previously posted, ensure the same "id" is used to delete the value for the correct activity./li>

Activity Value Definitions

The below table defines what "value" parameters are currently available to pass. We are always updating with new activity types!

 

Type Example Description Units Range
total_steps 
{
"id":"MjAxNS0wOS0wOCAxODoyOTaksdf", 
"device_tracked":"true",
"timestamp":"2015-09-08 18:29:28"
"type":"total_steps",
"value":1000,
}
 Number of Steps taken the entire day. Steps 0-100000
walking 
{
"id":"MjAxNS0wOS0wOCAxODoyOTaksdf",
"device_tracked":"false",
"timestamp":"2015-09-08 18:33:06",
"type":"walking",
"value": {
	"duration":600,
	"distance":1,
	"steps":2000
}
}
 Duration of Exercise

Distance Traveled

Number of Steps

 Seconds

Miles

Steps

 0-86400

0-1400

0-100000
running 
{
"id":"MjAxNS0wOS0wOCAxODoyOTaksdf",
"device_tracked":"false",
"timestamp":"2015-09-08 18:33:06",
"type":"running",
"value": {
	"duration":600,
	"distance":1,
	"steps":2000
}
}
 Duration of Exercise

Distance Traveled

Number of Steps

 Seconds

Miles

Steps

 0-86400

0-1400

0-100000
biking 
{
"id":"MjAxNS0wOS0wOCAxODoyOTaksdf",
"device_tracked":"false",
"timestamp":"2015-09-08 18:33:06",
"type":"biking",
"value": {
	"duration":3600,
	"distance":5
}
}
 Duration of Exercise

Distance Traveled

 Seconds

Miles

 0-86400

0-1400
general_exercise 
{
"id":"MjAxNS0wOS0wOCAxODoyOTaksdf",
"device_tracked":"false",
"timestamp":"2015-09-08 18:33:06",
"type":"general_exercise",
"value": {
	"duration":3600,
	"type":"NAME_OF_ACTIVITY"
}
}
 Duration of Exercise

Name of Activity

 Seconds

String

 0-86400

Ex. "Yoga"
weight 
{
"id":"MjAxNS0wOS0wOCAxODoyOTaksdf",
"device_tracked":"true",
"timestamp":"2015-09-08 18:29:28"
"type":"weight",
"value":168,
}
 Total Weight Measured Pounds 0-1500
blood_pressure 
{
"id":"MjAxNS0wOS0wOCAxODoyOTaksdf",
"device_tracked":"true",
"timestamp":"2015-09-08 18:33:06",
"type":"blood_pressure",
"value": {
	"systolic":120,
	"diastolic":80
}
}
 Systolic Blood Pressure

Diastolic Blood Pressure

 MmHg

 

MmHg

 0-300

 

0-300
blood_oxygen_ratio 
{
"id":"MjAxNS0wOS0wOCAxODoyOTaksdf",
"device_tracked":"true",
"timestamp":"2015-09-08 18:33:06",
"type":"blood_glucose",
"value": 10
}
 Blood Oxygen Saturation Precent Oxigenated 0-100
blood_glucose 
{
"id":"MjAxNS0wOS0wOCAxODoyOTaksdf",
"device_tracked":"true",
"timestamp":"2015-09-08 18:33:06",
"type":"blood_glucose",
"value": {  
	"value":56.2,
	"medicine_relation":"Pre-Medicine",
	"meal_relation":"Pre", 
	"meal":"Breakfast"
}
}
 Blood Glucose Value

Medicine Relation

Relation To Meal

Meal Type

 Mg/dL

 

String

 

String

 

String

 0-1000

"Pre-Medicine", "Post-Medicine"

"Pre" || "Post"

Ex. "Lunch"
sleep 
{
"id":"MjAxNS0wOS0wOCAxODoyOTaksdf",
"device_tracked":"true",
"timestamp":"2015-09-08 18:33:06",
"type":"sleep",
"value": {
	"duration":34552,
	"quality":"Normal"
}
}
 Duration of Sleep

 

Quality of Sleep

 Seconds

 

 

String

 

 0-86400

 

Examples: "Good", "Normal", "Bad"

Request Balance Rewards Points Totals:

With this endpoint we have introduced the ability for your integration to retrieve the points total for a connected Walgreens Balance Rewards user by leveraging the access token that is gained in the oAuth process.

Endpoint URL

Sandbox:
https://services-qa.walgreens.com/api/steps/brpoints/v1?apiKey=[YOUR_API_KEY]
Production:
https://services.walgreens.com/api/steps/brpoints/v1?apiKey=[YOUR_API_KEY]

Example Request

 
GET_POINTS_URL
Content-Type: application/json
  {
  "access_token":"USER_ACCESS_TOKEN",
  "affiliate_id":"YOUR_AFFILIATE_ID",
  "act":"getBRPoints",
  "transaction_id":"RANDOM_NUMBER_16_LENGTH"
}

Response Balance Rewards Points Totals:

If the authorization token is valid, the server issues the points total for that user. The points comes back with the Total Balance Rewards points, and the points earned from doing healthy choices.

Example Response

Sample Success response: 
Content-Type: application/json
    {
    "total_rewards_points":"Total Balance Rewards points",
    "healthy_choice_points":"Balance Rewards points earned by healthy choices.",
    "transaction_id":"ONE_PASSED_IN_REQUEST"
    }
Sample Error Response:
 Content-Type: application/json
    {
    "error_code":"ERROR_CODES_BELOW",
    "error":"ERROR_NAMES_BELOW",
    "error_description":"ERROR_DESCRIPTIONS_BELOW",
    "transaction_id":"ONE_PASSED_IN_REQUEST"
    }

Error Codes

Obviously we don't want any errors to happen, but sometimes they do and as a result we respond the following error codes. The table below helps explain why each of the error codes could occur:

Code Type Message
1001 invalid_request Any missing parameters in the request. Invalid response_type. Invalid grant_type. Invalid value in the request params.
1011 unauthorized_client The client_id is invalid or not registered. The redirect_uri is invalid.
1021 access_denied When the Authorization Code already exists for the user.
1031 invalid_scope The requested scope is invalid or not authorized to that client.
1041 invalid_authcode The authorization code which is in the request is invalid or expired.
1051 invalid_token The access token or refresh token which is in the request is invalid or expired.
1061 temporarily_unavailable The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.
1071 application_error Unable register user in Walgreens.com (Balance Rewards registration) due to some internal issues.
1081 process_activity_error Token validation success but unable process one or more activities. Only failed activity ids will be sent in the response object.