User Registration API
This document is a standard that we recommend our partners to follow. The unique custom information to be provided is below, although we do request that partners also specify their expected payload in their documentation:
<test_api_url>: to start the test of the partner API against a sandbox environment<production_auth_api_url>: to use whenever the integration is ready<production_registration_api_url><partner_api_key>: to request an access token
Environment Configuration
| Environment | Testing | Production |
|---|---|---|
| Host | https://<test_api_url> | https://<production_api_url> |
Registration Process
The registration flow occurs in two phrases:
- Get an access token using an
API Keyto authorize the request - Register a user with the generated access token
Get an Access Token
First, Wellhub needs to obtain the access_token to be able to call the Partner's User Registration endpoint.
Request
| Param | Type | Required | Type | Example | Description |
|---|---|---|---|---|---|
x-api-key | Header | required | string | arfjJbfh... | Wellhub's API Key |
content-type* | Header | required | string | application/json | Supported content type |
* Supported content types: application/json
Example1GET https:​//<production_auth_api_url>2HEADER3X-Api-Key: <partner_api_key>4Content-Type: application/json
Response
| Param | Type | Required | Type | Example | Description |
|---|---|---|---|---|---|
access_token | Body | required | string | eyJhbGciO... | Access Token to be used in the user registration call |
token_type* | Body | required | string | Bearer | Token type |
expires_at | Body | required | Int | 1571536335 | Expired at timestamp in SECONDS |
* Supported token types: Bearer
Example12002HEADER3 Content-Type: application/json4BODY5{6 "access_token": "eyJhbGciO...",7 "token_type": "Bearer",8 "expires_at": 15715363359}
Errors
Example1403 Forbidden. Missing API key or wrong API key2500 Internal Server Error
Register a User
Using the access_token from the previous step, it is possible to make a request to the User Registration service.
The response time to this request should not exceed 3000ms as this will result in an error for the Wellhub user.
Request
| Body param | Required | Type | Example | Description |
|---|---|---|---|---|
gympass_user_id | required | string | gpw-29caecdf-2d5e-40b8-82b4-d0a044fa4679 | Wellhub Wellness User ID that will be used as a reference to link the user in both Partner and Wellness side. Also, this id will be used to send the usage data. |
email | not recommended* | string | john@doe.com | Email in Wellhub |
first_name | not recommended* | string | John | First name in Wellhub |
last_name | not recommended* | string | Doe | Last name in Wellhub |
origin | optional | string | web,android, ios | OS of device used by user |
user_status | optional/required** | string | 1: basic, 2: premium... | User status based on Wellhub plan |
country_code | optional/required | string | GB | Location of the user |
* Ideally no PII should be shared via API, only the gympass_user_id (gpw_id). Users should then input their own personal information upon completing registration.
** user_status is an optional param for partners with a single offer, however, it is required for partners with a multi-offer
Important: When configuring the Authorization token it is important that you include " Bearer" before the access_token
Example1POST https://<production_registration_api_url>2HEADER3 Authorization​: Bearer <access_token>4 Content-Type: application/json5BODY6{7 "gympass_user_id": "gpw-29caecdf-2d5e-40b8-82b4-d0a044fa4679",8 "email": "user@example.com",9 "origin": "ios",10 "user_status": "1",11 "country_code": "GB"12}
Response
Example12002HEADER3 Content-Type: application/json4BODY5{6"redirect_link": "https://<partner_url>/path/to/signup/form"7}
Note: This redirect_link should allow to pre-fill the user data (email, first name, last name) once the user is redirected to the registration form. The redirect_link should follow the highest level of security practices in its format, for ex. https instead of http in the URL
If the user already exists, return 200 with the login page as redirect_link.
Errors
Example1401 Unauthorized Request. Missing or wrong access token2500 Internal Server Error
Attention: Always ensure that the TCP connection idle time is configured with a duration exceeding 300 seconds. Failing to do so may result in unexpected issues, such as one end abruptly closing the connection without notifying the peer, leading to errors characterized by a "connection reset by the peer" nature.