TechnologyBlogscareerleadershipcontact us
HEMSCap logo

Exercise Engine Docs

IntroductionAuthenticationExercise ObjectsPortal RedirectsAPI EndpointsZero-Angle OverviewZero-Angle Table (Front)Zero-Angle Table (Right)Zero-Angle Table (Left)

2. Authentication & Authorization

Security and access control in the Exercise-Engine ecosystem are built around App Tokens.

While you use your personal credentials to log into the Platform website, your applications require their own dedicated tokens to securely interact with our APIs and the Portal.

2.1. Generating an App Token (Platform UI)

Notice: To ensure maximum security, root App Tokens cannot be generated via an API call. They must be created manually through the Platform Dashboard interface.

To register your application and get a token, log into the Platform, navigate to the token generation section, and provide the following configuration:

Token NameA recognizable identifier for your application (e.g., my-fitness-app-prod).
Backurl (Callback URL)The URL on your domain where the Portal will redirect your users after they complete an operation.
WebhookThe endpoint on your backend server designed to receive asynchronous payload data, such as execution analytics and session metadata.

Example UI Form

2.2. Securing and Using Your App Token

Once your App Token is generated in the Platform, you must store it securely in your backend environment variables.

⚠️ Security Warning: Never expose this token in your client-side code (frontend web apps, iOS, or Android applications).

This backend token acts as your master key. You will use it to:

  • Authenticate API CallsPass this token in your headers to authorize server-to-server requests to the Platform APIs.
  • Authorize Portal AccessUse this token to generate valid redirect URLs so your end-users can seamlessly access the Portal for exercise execution.
HEMSCap logo representing SOAP Note generation service

HEMSCap

contact@hemscap.net

about us

  • our team
  • contact us

legal

  • privacy policy
  • terms & conditions
  • cookie setting

platforms

  • pivotalPT
  • HildaCoach
  • geniusPT

who we serve

  • individuals
  • healthcare systems
  • clinics
  • physical therapists
HIPAA Compliance certification badge indicating HEMSCap's commitment to healthcare data security© 2026 HEMSCap All rights reserved