Cloudflare Workers + D1

Vital Logger API

Authentication, email verification, password recovery, profile completion, optional vital measurement sync, report generation, cloud health-data deletion, and JWT key rotation.

Base URLs

Production: https://vital-logger.sirjhep.dev
Local development: http://localhost:8787
Privacy policy: https://vital-logger.sirjhep.dev/privacy
Account deletion: https://vital-logger.sirjhep.dev/delete-account

Authentication

Most data endpoints require Authorization: Bearer <token>. Tokens are HS256 JWTs signed with rotating keys stored in Workers KV. Registering a user sends an email verification link; login is blocked until verification succeeds.

Endpoints

MethodPathPurpose
GET / Public landing page with Android pre-beta APK download and Apple preview status.
GET /health Public health check.
GET /docs This human-readable documentation page.
GET /docs/openapi.json Machine-readable OpenAPI 3.1 JSON.
GET /privacy Human-readable privacy policy for app-store and user disclosure.
GET /delete-account Human-readable account deletion instructions and email request path.
GET /assets/vital-logger-logo.png Public PNG logo used by transactional emails.
GET /verify-email Browser-friendly email verification link target.
GET /reset-password Browser-friendly password reset form target.
POST /auth/register Create account, hash password, send verification email.
POST /auth/login Create a JWT session after email verification.
POST /auth/verify-email Verify email and return a session.
POST /auth/resend-verification Send a fresh verification email when needed.
POST /auth/forgot-password Send a password reset email when the account exists.
POST /auth/reset-password Consume reset token and update password.
GET /profile Fetch authenticated user's health reference profile.
PUT /profile Create or update authenticated user's health reference profile.
GET /vitals List authenticated user's vitals.
POST /vitals Create an idempotent vital entry.
PUT /vitals/:id Update a vital entry.
DELETE /vitals/:id Soft-delete a vital entry.
GET /vitals/:id/image/:file Fetch a private R2-backed vital image attachment.
POST /reports/generate Generate a report from stored vitals.
GET /reports List generated reports.
DELETE /account/cloud-data Delete cloud health data while preserving account identity.
DELETE /account Delete authenticated account and associated cloud data.
POST /admin/jwt/rotate Admin-only JWT signing key rotation.

Common Request Examples

POST /auth/register
Content-Type: application/json

{
  "name": "Jane",
  "email": "jane@example.com",
  "password": "password123",
  "confirmPassword": "password123"
}
POST /vitals
Authorization: Bearer <token>
Content-Type: application/json

{
  "id": "client-generated-id",
  "type": "heart_rate",
  "source": "manual",
  "value": 72,
  "unit": "bpm",
  "measuredAt": "2026-05-10T12:00:00.000Z"
}
PUT /profile
Authorization: Bearer <token>
Content-Type: application/json

{
  "dateOfBirth": "1990-05-14",
  "referenceSex": "female",
  "heightCm": 165.5
}

Machine-Readable Spec

OpenAPI JSON is available at /docs/openapi.json.