Authorization with JWT

In order to allow your users to access FittyAI virtual trainer endpoints, you must get them a token issued by us. In addition to authorization these tokens also allow us to identify and track your users engagement and long-term progress.

Getting a token

During your onboarding procedure we will send you a client name and a secret key, that you will have to securely store on your serverside. This secret and client name will be used to issue a token that will be signed with your unique secret key.

The token that we issue is a standard JWT that you will have to send to our servers whenever you going to start a new session.

In order to receive a token you need to send a POST request at the:

https://38en04sov6.execute-api.us-west-2.amazonaws.com/authtoken

with the following payload (“body” field):

    {
        "clientName": "WE_WILL_SEND_YOU_THE_COMPANY_NAME_YOU_WILL_BE_ASSIGNED",
        "clientSecret": "WE_WILL_SEND_YOU_THE_SECRET_ACCESS",
        "userInfo": {
            "id": "unique user id",
            "name": "the name of the user"
        }
    }

Note: the userId that you have to provide inside the “userInfo” field will be used by you to identify the activities of your users. So make sure that this id is unique to a registered user in your app.

Note we will send you the clientName and clientSecret during your onboarding procedure to FittyAI. These value will have to be passed each time you want to generate a JWT for your user.

JWT (JSON Web Token) has a lifespan of 4 hours. After this period, it will expire, and users will lose access to our backend. It’s crucial to: Monitor the token’s expiry time. Regenerate and provide a new JWT for the user once the current one has expired.

You should get the following response:

    {
        "statusCode": 200,
        "body": {
            "JWT": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiJ1bmlxdWVfdXNlcl9pZCIsInVzZXJOYW1lIjoib3B0aW9uYWwiLCJleHAiOjE2ODIxNzU5MjguNTcyMjg3OH0.DJljMXuMrMiYUSPg0wZ5djiEEopIeX6B_TwFwN4JWxw"
        }
    }

The JWT after extraction will contain this information (make sure to monitor the exp time):

    {
      "userId": "unique_user_id",
      "userName": "optional",
      "exp": 1682175928
    }