Authenticate with API keys
The Trainingym API v2 authenticates requests with a Bearer token (JWT) — the API calls it an API key. You generate it with the integration credentials (user and password) that the integrations team issued for your center.
1. Get integration credentials
Credentials are issued per center by the integrations team. Request yours at integraciones@trainingym.com. Treat them as a secret — anyone holding them can act on your center's data.
2. Generate an API key
Call the identity service using Basic authentication (user:password encoded in
Base64 — curl -u builds the header for you):
curl https://api.trainingym.com/api/v2/identity/apikey \
-u "YOUR_USER:YOUR_PASSWORD"
The response contains the JWT and its expiry:
{
"accessToken": "eyJhbGciOi...",
"expirationDate": "2026-07-15T10:30:00Z",
"tokenType": "Bearer"
}
API keys are valid for 24 hours and can be used any number of times. Generation is rate-limited to 5 keys per 10 minutes.
3. Call the API
Send the accessToken on every request as a Bearer header:
curl https://api.trainingym.com/api/v2/members/list \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Cache the key and reuse it until expirationDate (or until a 401), rather than
generating a new one per call — remember generation is rate-limited.
Webhooks don't use this token
Outbound webhooks are the reverse direction — Trainingym calls your endpoint. They are not authenticated with the API token. If you need to verify the caller, append a secret to your webhook URL as a query string; see Configure webhooks.