The proliferation of mobile health (mHealth), namely, mobile applications along with wearable and digital health devices, enables generating the growing amount of heterogeneous data. To increase the value of devices and apps through facilitating new data uses, mHealth companies often provide a web application programming interface (API) to their cloud data repositories, which enables third-party developers to access end users’ data upon receiving their consent. Managing such data sharing requires making design and governance decisions, which must allow maintaining the tradeoff between promoting generativity to facilitate complementors’ contributions and retaining control to prevent the undesirable platform use. However, despite the increasing pervasiveness of web data sharing platforms, their design and governance have not been sufficiently analyzed. By relying on boundary resource theory and analyzing the documentation of 21 web data sharing platforms, the paper identifies and elaborates 18 design and governance decisions that mHealth companies must make to manage data sharing, and discusses their role in maintaining the tradeoff between platform generativity and control.