Authentication
PerfectGym API uses token-based authentification as an authentification protocol.
Requests that require authentication will return 401 Unauthorized
if no valid token
is provided.
Prerequisites
PerfectGym API can work in employee or end user mode. In employee mode API works on behalf of a club employee. In end user mode API works on behalf of a club member.
To access API in employee mode, you need a special API user in your Perfect Gym instalation. Please contact Perfect Gym and we will provide you user name and password used to authenticate your app with PerfectGym API employee mode.
To access API in end user mode, user needs to sign up for an end user account. End user account can be created with an email or Facebook account. After signing up for an end user account, user's credentials can be used to access API in end user mode. For details see signing up for end user account
Each method described in PerfectGym API documentation is marked as working in employee mode, end user mode or both.
Authentication flow
1. Request access token
POST https://yoursubdomain.perfectgym.com/Api/oauth/authorize
Access token with email - body parameters
Name | Type | Description |
---|---|---|
username |
string |
Required. User name you received from PerfectGym (employee mode) or club member email address (end user mode). For details see prerequisites. |
password |
string |
Required. User password you received from PerfectGym (employee mode), or club member password (end user moded). For details see prerequisites. |
grant_type |
string |
Required. This has to be explicitly set to password . |
Access token with Facebook - body parameters
Name | Type | Description |
---|---|---|
facebookToken |
string |
Required. Facebook account associated with club member email address (end user mode). |
grant_type |
string |
Required. This has to be explicitly set to password . |
Authentication parameters must be encoded using application/x-www-form-urlencoded
content type.
Request example
curl -i -X POST -H "Content-Type: application/x-www-form-urlencoded" -d "password=yourpassword &username=yourusername &grant_type=password" https://yoursubdomain.perfectgym.com/Api/oauth/authorize
Response
Status: 200 OK
{
"access_token": "abcdefgh12345678",
"token_type": "bearer",
"expires_in": 7775999
}
Token expiration time is presented in seconds.
2. Use the access token to access the API
The access token allows you to make authenticated requests to the API. You can pass the token by including it in the Authorization header.
Authorization: bearer OAUTH-TOKEN
Authorization header should be included in all subsequent API requests.
Authenticated request example
curl -i -H "Authorization: Bearer abcdefgh12345678" https://yoursubdomain.perfectgym.com/Api/Classes/Classes/1