TrainerDay API Documentation

Upcoming API Changes

No change


Access

TrainerDay public API To use the API, you will need the application credentials provided to you by TrainerDay. All API requests require a valid OAuth token that identifies the application and the user account under which the application is accessing data.

All calls to the oAuth2 API TrainerDay require an "access token" that identifies the user and application making the call.
To get an access token, you need to register an application. A registered application will be assigned a client ID and client secret. You must never reveal your secret using it for authorization. To get application credentials, fill out the form HERE

Each application is assigned a client_id and client_secret and scopes. Your application can then request authorization for a user. Once a user has granted authorization, you will receive access token and a refresh token for each user. The access token is used by your application to make requests until it expires and the refresh token is used to get an un updated access token.

The access token must be valid.
Requests must be made over an HTTPS connection and include an authorization header "Bearer {your access token}"

Authorization: Bearer eyJhbGciOiJIUz...

Authenticate the app and get authorization code

Make GET request to authorize endpoint with following parameters. The user will be redirected to the TrainerDay authentication process.
After authorizing and providing scopes, the request will be redirected back to the redirect_uri passed with the authorization code as a URL request parameter.
Example: http://test.com/callback?code=123

GET: https://trainerday.com/oauth/authorize
Supported scopes: calendar:read calendar:write calendar:delete workout:read workout:write workout:delete athlete:read athlete:write
Example: https://trainerday.com/oauth/authorize/?client_id=&scope=calendar:read%20activities:read&response_type=code&redirect_uri=https://test.com/callback

Params:

  • client_id– The client ID making the request
  • redirect_uri – The URL which to redirect back to.
  • response_type – Must be set to “code”
  • scope – Space delimited scope
This endpoint is mostly used by the client to request an Authorization code that can then be exchanged for an access token.

Gaining an Access Token

Once you have the authorization code, you must make another request to obtain an access token. The authorization code is only valid for approximately 30 seconds.

POST: https://trainerday.com/oauth/token

Body:

  • grant_type– Must be “authorization_code”
  • code – The code returned from the authorization server
  • client_id – Your client id
  • client_secret – Your client secret
  • redirect_uri – URL to redirect the user back to


Response, JSON

  • access_token– The access token
  • expires_in – Time the access token expires in seconds from current time
  • token_type – Type of token. “Bearer” is only supported
  • scope – The scopes authorized for this access token
  • refresh_token – The refresh token
{ "access_token": "aph6jiiwsvgyt9j4fohayegypbo65f8fpjodpdckuiqho0p4wf", "expires_in": 3600, "token_type": "Bearer", "scope": "calendar:read", "refresh_token": "g1b4cph2kjnwojzofajvqsfzb2oltjthtermizvlnzsaqjl2o9" }

Refresh Token

POST: https://trainerday.com/oauth/token

Body:

  • grant_type– Must be “refresh_token”
  • refresh_token – A Valid Refresh Token
  • client_id – Your client id
  • client_secret – Your client secret
Refresh tokens are used as a way to gain a new access token after the original access token has expired.

Response, JSON

  • access_token– A new access token
  • expires_in – The length of seconds from the time the access token was issued until the access_token becomes invalid.
  • token_type – Type of token. “Bearer” is only supported
  • scope – The scopes authorized for this access token
  • refresh_token – A new refresh token
{ "access_token": "aph6jiiwsvgyt9j4fohayegypbo65f8fpjodpdckuiqho0p4wf", "expires_in": 3600, "token_type": "Bearer", "scope": "calendar:read", "refresh_token": "g1b4cph2kjnwojzofajvqsfzb2oltjthtermizvlnzsaqjl2o9" }

Destroy Token

POST: https://trainerday.com/oauth/revoke

Body:

  • token– Your access token
This endpoint is used to destroy an access token