Skip to main content
Question

Athlete Limit Increase request (Client ID: 231604)

  • May 13, 2026
  • 0 replies
  • 7 views
D

Hello good people of Strava,

I'd like to request an athlete cap increase for my application VerticalTraining (Client ID: 231604).

What it does: It's a training planner for runners. Athletes set a weekly mileage goal, mark their preferred long-run and rest days, and the app generates a structured week of workouts. Strava is used as the source of truth for completed activities — when a run syncs in, the app marks the planned session as done and adjusts the rest of the week.

How we use the Strava API

  • Scope: activity:read_all only. The app does not request read_all, profile:read_all, or any write scopes.
  • Sync window: last 30 days on initial connect, then webhook-driven from that point on. No historical bulk pulls.
  • Endpoints: /athlete/activities (initial 30-day backfill) and the webhook aspect_type=create|update|delete events for ongoing sync. No polling.
  • Data stored: activity id, start date, sport type, distance, moving time, elevation gain, average heart rate. The app is not interested in any of the social aspects or location data.

Compliance specifics

  • Tokens are refreshed only when within 5 minutes of expiry; the latest refresh_token returned by Strava is always persisted (old ones are never reused).
  • On 401 from any Strava endpoint the app force-refreshes once and retries, to handle out-of-band token invalidation.
  • Disconnect in-app calls POST /oauth/deauthorize and deletes the stored tokens.
  • The app subscribes to the athlete-deauthorize webhook: when an athlete revokes access from strava.com, the app deletes their strava_connections row and all Strava-sourced workouts as soon as possible.
  • Branding follows the Strava Brand Guidelines — "Connect with Strava" / "View on Strava" buttons, "Powered by Strava" attribution on any screen showing Strava-sourced data.
  • Privacy policy (https://verticaltraining.app/privacy) discloses the exact scope, the 30-day window, the data fields stored, and the deauth-deletion behaviour, and links to Strava's Privacy Policy.

Current usage I've hit the 1-athlete default cap and would like to open the app up to some friends and fellow runners and Strava users. I'd be more than happy to provide screenshots, a demo account or whatever else you'd like, if that would help.

Thanks for taking a look.

Dominic Riordan,

VerticalTraining https://verticaltraining.app

 

Attached are some screenshots

Terms & ConditionsAccessibility statement