Getting Started

Authentication

The Wellhub API authentication process utilizes one token for both our Access Control and Booking APIs.

This gives you the ability to have one authentication credential stored in your code that will permit access to all of our APIs.

Wellhub will provide you with the Authentication Token which will be used as the Authorization Bearer Token for authentication when calling our Access Control integration.

The below table illustrates which integration type will use which authentication method with the Wellhub Authentication Token.

Authentication methods

IntegrationAuth MethodToken
Access controlAuthorization BearerWellhub Auth Token

Authentication Token

NameDescription
Wellhub Authentication TokenBearer Token provided to you to authenticate yourself when calling either the Wellhub Access Control or Booking API

Access control Integration example

Request example
1curl 
2 -X POST https://api.partners.gympass.com/access/v1/validate \
3 -H 'Content-Type: application/json' \
4 -H 'Authorization: Bearer {{Wellhub Auth Token}}' \
5 -H 'X-Gym-Id: {{GYM_ID}}' \

Please note: Legacy Access Control integrations using the X-Api-key for authentication will still be valid for use. We will contact any partner using this method of authentication when this method is moved into deprecation.

User Registration

In order to integrate check-in and validation, the user needs first to be registered in your system.

Required Data:

  • Wellhub ID

Optional Data:

  • Name
  • E-mail

The user can find Wellhub ID (Gympass ID) on the Wellhub app, at the top left corner.

Plan Platinum.png

By the first time a user goes to your facility, they need to be registered on your system with the information described above. This allows us to integrate their first and following check-ins with our Access Control API.

You must adapt your system to support Wellhub user definition so the integration works smoothly.

Automate this User Registration by utilizing our check-in webhook. See here for more info.

Access Control API

Quick Start Guide

Use this Quick Start Guide to get familiar with Access Control.

Wellhub has a check-in process that ensures that partners are able to validate legitimate Wellhub subscriber visits to their facilities.

Check-in is a core part of the Wellhub customer UX and is essential for the correct payment of completed check-ins to our partners.

For this reason;

  1. Check-ins must be done through the Wellhub app for all visits by subscribers
  2. Check-ins must be validated

Once the user performs a check-in on the Wellhub app your system can use our Access Control API to confirm it.

A check-in has an expiration time, which means that it must be validated in this given interval. When called, this API needs to send the gympass_id, which is the user’s unique number.

Non-integrated systems

For non-integrated validations, Gym partners will use a combination of subscriber check-ins via the Wellhub App and the Wellhub Partners Portal.

text

Integrated Flow

When integrated with Access Control API we allow for a streamlined and seamless check-in validation process through the access terminals at our partner's facilities.

The Access control integrated flow is broken down into three parts:

  1. Authentication
  2. First-time visit.
  3. Subsequent visits.

First Time visits

Under first-time visits, the Wellhub subscribers will need to register into the Gym partner CRM system and have a profile built. In addition, you will need a method of connecting an entry medium to that user. (RFID, Finger Print, PIN, etc.)

Subsequent visits

For all subsequent visits, Wellhub subscribers will simply need to Check-in via the Wellhub app and then interact with the Access Control terminal at the gym partner location.

Subsequent visit flow:

Subsequent Visit

With Access Control API our partners leverage a seamless check-in validation process for legitimate Wellhub subscribers and provide a fully integrated user experience with your access system.

Access Control Implementation Methods

We have designed our Access Control API to be implementable across three different access requirements based on our partner's operational needs. Below you will see all three implementation methods and the ideal workflow for each method.

Gate System Trigger

The Gate System Trigger is our traditional implementation of the Wellhub Access Control API. It relies on a physical barrier to entry to confirm to our API that a Wellhub user has successfully entered our partner's facility after checking in on the Wellhub App.

Gate Trigger.png

You can learn more about Profile Automation here

Attendance Trigger

The Attendance Trigger is designed to call our Access Control API to validate a Wellhub visit by marking the user as attended in your Club Management Software. This operation should follow the same workflow as it would do for any member being marked as attended inside your solution. The Wellhub user should appear in your attendance roster after checking in on the Wellhub App.

Attendance Trigger.png

Automated Trigger

The Automated Trigger has been designed to be used when there is no physical barrier to entry and there is no possibility to mark Wellhub users as attended inside of your system. This method relies on you consuming the Wellhub check-in event webhook and synchronously calling the Access control API once a Wellhub user has Check-in via the Wellhub app.

AC implementations (1).png

To allow all of our Gym Partners to utilize the Access Control API and to facilitate greater coverage we require you to implement two of the above methods of Access control.

One of the implementation models must be the Automated Trigger.

  1. Gate System trigger + Automated trigger
  2. Attendance trigger + Automated trigger