Getting Started

Authentication

The Gympass API authentication process utilities one token for both our Access Control and Booking APIs.

This gives you the ability to have one authentication credential stored in your code that will permit access to all of our APIs.

Gympass will provide you with the Authentication Token which will be used as the Authorization Bearer Token for authentication when calling our Access Control integration.

The below table illustrates which integration type will use which authentication method with the Gympass Authentication Token.

Authentication methods

IntegrationAuth MethodToken
Access controlAuthorization BearerGympass Auth Token

Authentication Token

NameDescription
Gympass Authentication TokenBearer Token provided to you to authenticate yourself when calling either the Gympass Access Control or Booking API

Access control Integration example

Request example
1curl
2 -X POST https://api.partners.gympass.com/access/v1/validate \
3 -H 'Content-Type: application/json' \
4 -H 'Authorization: Bearer {{Gympass Auth Token}}' \
5 -H 'X-Gym-Id: {{GYM_ID}}' \

Please note: Legacy Access Control integrations using the X-Api-key for authentication will still be valid for use. We will contact any partner using this method of authentication when this method is moved into deprecation.

User Registration

In order to integrate check-in and validation, the user needs first to be registered in your system.

Required Data:

  • Gympass ID

Optional Data:

  • Name
  • E-mail

The user can find Gympass ID on the Gympass app, at the top left corner.

Plan Platinum.png

By the first time a user goes to your facility, they need to be registered on your system with the information described above. This allows us to integrate their first and following check-ins with our Access Control API.

You must adapt your system to support Gympass user definition so the integration works smoothly.

Automate this User Registration by utilizing our check-in webhook. See here for more info.

Access Control API

Quick Start Guide

Use this Quick Start Guide to get familiar with Access Control.

Gympass has a check-in process that ensures that partners are able to validate legitimate Gympass subscriber visits to their facilities.

Check-in is a core part of the Gympass customer UX and is essential for the correct payment of completed check-ins to our partners.

For this reason;

  1. Check-ins must be done through the Gympass app for all visits by subscribers
  2. Check-ins must be validated

Once the user performs a check-in on the Gympass app your system can use our Access Control API to confirm it.

A check-in has an expiration time, which means that it must be validated in this given interval. When called, this API needs to send the gympass_id, which is the user’s unique number.

Non-integrated systems

For non-integrated validations, Gym partners will use a combination of subscriber check-ins via the Gympass App and the Gympass Partners Portal.

text

Integrated Flow

When integrated with Access Control API we allow for a streamlined and seamless check-in validation process through the access terminals at our partner's facilities.

The Access control integrated flow is broken down into three parts:

  1. Authentication
  2. First-time visit.
  3. Subsequent visits.

First Time visits

Under first-time visits, the Gympass subscribers will need to register into the Gym partner CRM system and have a profile built. In addition, you will need a method of connecting an entry medium to that user. (RFID, Finger Print, PIN, etc.)

Subsequent visits

For all subsequent visits, Gympass subscribers will simply need to Check-in via the Gympass app and then interact with the Access Control terminal at the gym partner location.

Subsequent visit flow:

Subsequent Visit

With Access Control API our partners leverage a seamless check-in validation process for legitimate Gympass subscribers and provide a fully integrated user experience with your access system.

Access Control Implementation Methods

We have designed our Access Control API to be implementable across three different access requirements based on our partner's operational needs. Below you will see all three implementation methods and the ideal workflow for each method.

Gate System Trigger

The Gate System Trigger is our traditional implementation of the Gympass Access Control API. It relies on a physical barrier to entry to confirm to our API that a Gympass user has successfully entered our partner's facility after checking in on the Gympass App.

Gate Trigger.png

You can learn more about Profile Automation here

Attendance Trigger

The Attendance Trigger is designed to call our Access Control API to validate a Gympass visit by marking the user as attended in your Club Management Software. This operation should follow the same workflow as it would do for any member being marked as attended inside your solution. The Gympass user should appear in your attendance roster after checking in on the Gympass App.

Attendance Trigger.png

Automated Trigger

The Automated Trigger has been designed to be used when there is no physical barrier to entry and there is no possibility to mark Gympass users as attended inside of your system. This method relies on you consuming the Gympass check-in event webhook and synchronously calling the Access control API once a Gympass user has Check-in via the Gympass app.

AC implementations (1).png

To allow all of our Gym Partners to utilise the Access Control API and to facilitate greater coverage we require you to implement two of the above method of Access control.

One of the implementation models must be the Automated Trigger.

  1. Gate System trigger + Automated trigger
  2. Attendance trigger + Automated trigger