Skip to main content

Authenticate with API keys

The Trainingym API v2 authenticates requests with a Bearer token (JWT) — the API calls it an API key. You generate it with the integration credentials (user and password) that the integrations team issued for your center.

1. Get integration credentials

Credentials are issued per center by the integrations team. Request yours at integraciones@trainingym.com. Treat them as a secret — anyone holding them can act on your center's data.

2. Generate an API key

Call the identity service using Basic authentication (user:password encoded in Base64 — curl -u builds the header for you):

curl https://api.trainingym.com/api/v2/identity/apikey \
-u "YOUR_USER:YOUR_PASSWORD"

The response contains the JWT and its expiry:

{
"accessToken": "eyJhbGciOi...",
"expirationDate": "2026-07-15T10:30:00Z",
"tokenType": "Bearer"
}

API keys are valid for 24 hours and can be used any number of times. Generation is rate-limited to 5 keys per 10 minutes.

3. Call the API

Send the accessToken on every request as a Bearer header:

curl https://api.trainingym.com/api/v2/members/list \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
tip

Cache the key and reuse it until expirationDate (or until a 401), rather than generating a new one per call — remember generation is rate-limited.

Webhooks don't use this token

Outbound webhooks are the reverse direction — Trainingym calls your endpoint. They are not authenticated with the API token. If you need to verify the caller, append a secret to your webhook URL as a query string; see Configure webhooks.