2. Authentication & Authorization
Security and access control in the Exercise-Engine ecosystem are built around App Tokens.
While you use your personal credentials to log into the Platform website, your applications require their own dedicated tokens to securely interact with our APIs and the Portal.
2.1. Generating an App Token (Platform UI)
Notice: To ensure maximum security, root App Tokens cannot be generated via an API call. They must be created manually through the Platform Dashboard interface.
To register your application and get a token, log into the Platform, navigate to the token generation section, and provide the following configuration:
my-fitness-app-prod).Example UI Form
2.2. Securing and Using Your App Token
Once your App Token is generated in the Platform, you must store it securely in your backend environment variables.
⚠️ Security Warning: Never expose this token in your client-side code (frontend web apps, iOS, or Android applications).
This backend token acts as your master key. You will use it to:
- Authenticate API CallsPass this token in your headers to authorize server-to-server requests to the Platform APIs.
- Authorize Portal AccessUse this token to generate valid redirect URLs so your end-users can seamlessly access the Portal for exercise execution.