- Equipment Vendor API (for server-to-server cases)
Equipment Vendor API (for server-to-server cases) (1.1.1)
At EGYM, we believe that fitness is the soul of healthy living. Work together with partners to help us bringing new ways of working out to millions of gym members, and new ways of prescribing exercises to hundred of thousands of gym trainers, all around the world.
EGYM provides a Fitness Platform for the Connected Gym so you can help us with the mission to make the gym work for everyone. EGYM provides a global account that is not scoped for a specific tenant, brand or gym. The account is called EGYM ID. The EGYM ID allows users to use different services of the gym. The EGYM ID is used for the login to EGYM hardware and software products and conneceted equipment.
EGYM works with the best of breed of the fitness industry. In this documentation, we provide tools and info needed to build a variety of workout experiences that integrate directly with the EGYM Ecosystem. We are happy to welcome you as a partner of EGYM.
The EGYM Equipment Vendor API Server is an open Web service specification that defines methods to connect and save measurements between the Partner's Cloud and the EGYM Cloud Platform.
Use the resources below to create, test, and submit your integration to EGYM.
| Version | Changes |
|---|---|
| 1.1.1 | 🔐 Introduced NFC-based login via Apple/Google Wallet — see POST /api/v1/oauth/token |
| 1.1.0 | ✅ Update of Introduction |
The Equipment Vendor API Server client authentication is based on the API Key.
Currently, different methods for obtaining the Access Token are made available, one by specifying the EGYM User ID (encrypted or obfuscated) and another one by specifying the user RFID.
To integrate your equipment with the EGYM platform, follow this sequence:
Authenticate via OAuth
The standard and recommended method is using RFID-based login (RFID) or NFC wallet-based login (NFC).Logins using
ENCRYPTED_USER_ID,OBFUSCATED_USER_ID, orREFRESH_TOKENare only for special use cases and require prior alignment with EGYM.Retrieve User Details
Use the/api/v1/gyms/{gymId}/usersendpoint with the token to get enriched user data.Submit a Measurement
Post workout data (body, cardio, flexibility) to the/api/v1/measurements/...endpoint.
All subsequent requests after login must include the
Authorization: Bearer <accessToken>header.
[Authenticate (POST /oauth/token)]
↓
[Get User Details (GET /gyms/{gymId}/users)]
↓
[Submit Measurements (POST /measurements/*)]
The /api/v1/oauth/token endpoint supports multiple login methods via the grantType field. Select the appropriate grant method and use the corresponding request payload.
{
"grantType": "RFID",
"rfid": "AB1020CD",
"rfidFormat": "MIFARE",
"machineName": "scale"
}{
"grantType": "NFC",
"machineName": "scale",
"gymId": 130,
"payload": "nfc-token-data-abc123",
"transponderType": "GOOGLE",
"issuerId": {
"collector": "123456789"
}
}{
"grantType": "NFC",
"machineName": "scale",
"gymId": 130,
"payload": "nfc-token-data-abc123",
"transponderType": "APPLE",
"issuerId": {
"passTypeId": "example.apple.com"
}
}{
"grantType": "NFC",
"machineName": "scale",
"gymId": 130,
"payload": "nfc-token-data-abc123",
"transponderType": "GOOGLE",
"configurationIndex": {
"configurationIndex": "2"
}
}{
"grantType": "ENCRYPTED_USER_ID",
"userId": 4337273027797130000
}{
"grantType": "OBFUSCATED_USER_ID",
"obfuscatedUserId": "-1c2yqo37vn9m"
}{
"grantType": "REFRESH_TOKEN",
"refreshToken": "sample-refresh-token-123"
}Use the access token from login to fetch user profile data:
Returns:
{
"equipmentUser": {
"userId": "-1c2yqo37vn9m",
"firstName": "Max",
"lastName": "Mustermann",
"gender": "MALE",
"dateOfBirth": "1990-01-01",
"height": 180,
"weight": 75,
"locale": "en_US",
"trainingGoal": "MUSCLE_GAIN"
}
}{
"timestamp": 1693474800000,
"machineName": "smartscale123",
"gymId": 130,
"uniqueMeasurementId": "unique-id-xyz",
"data": {
"weight": 72.5,
"bodyFat": 15.3
}
}timestamp: Milliseconds since epochuniqueMeasurementId: Must be unique for deduplicationdata: Key-value pairs per registered metric
Similar structure is used for /measurements/cardio and /measurements/flexibility.
All requests must include one of:
x-api-key: For login endpointAuthorization: Bearer <accessToken>: For all other endpoints
This section addresses common technical integration questions specific to the Server-to-Server model.
- Use the API-Key provided by EGYM for your integration
- API-Key is issued per gym location
- Store securely in your backend; do not expose to client devices
- Your backend is responsible for mapping user IDs between your system and EGYM
- Identification methods can include:
- RFID/NFC data received from devices
- Account linking between your user database and EGYM
- Devices send data to your backend
- Backend sends authenticated API requests to EGYM Cloud
- Supports both real-time and batched submissions
- Authentication: via API-Key in request headers
- User details:
GET /users - Measurements:
POST /measurements/*
- 401 Unauthorized: Invalid/missing API-Key
- 403 Forbidden: Permission issue
- 429 Too Many Requests: Rate limit exceeded; retry after delay
- Implement retry logic with exponential backoff for transient errors
- Standard API limits apply – see API documentation
- Monitor usage to avoid hitting limits during batch processing
- Use the EGYM Sandbox environment for development
- Test credentials are prodvided by EGYM
- Test authentication, user mapping, data submission, and error handling