Introduction

At Life Fitness, we commit to providing the best exercising experience by empowering others. With LFopen, developers and fitness facility owners can access the Life Fitness Application Programming Interfaces (API) to be able to extend the functionalities LFconnect has to offer.

LFopen provides two APIs - one for developers wishing to create powerful mobile Apple and Android applications using the Mobile API, and the Web API, allowing developers to utilize the data, such as exercisers' profile, workout results, and workout libraries. The LFopen Web API part of LFopen provides full REST web services intended for developers to utilize these data.

*

LFopen provides the Subscription API to get near real time notifications on LFconnect user's latest data.

In order for you to access these services, you need your application to be registered with LFopen. Check out Developer Registration section to register.

This document explains how you can utilize the web services as a developer. We conveniently divided this introduction into the following parts for your reference:

1. Developer Registration
2. Web Services Summary
3. Accessing the API Services with OAuth2
4. Disclaimer and License Agreement

Developer Application Registration

Developers wishing to access LFopen Web API web services must be registered in LFconnect as a third-party accessor before they will be able to access the web services.

Create an App with Web API as the Enrollment Type. The Redirect URL has to be provided.This is the URL of application where the OAuth2 will redirect after authentication. For more information about this, kindly check out Accessing the API Services with OAuth2 section.

Once registered, the App will issue OAuth Client ID and OAuth Client secret which is required for authentication with LFconnect and to access the services.

Once an app is created in the LFOpen the OAuth keys provide access to the sandbox environment for the thirdparty users to test their application. For this LFConnect users must be created in the sandbox environment.

The url for sandbox environment is https://vtqa.lfconnect.com/web

Once the app is moved to production and the production OAuth keys are recieved then the live environment and data can be accessed.

The url for live environment is https://lfconnect.com/web

The OAuth keys are not interchangable across the environments as are the LFConnect users created.

Summary on the Available Web Services

With LFopen Web API web services, applications can further extend the functionalities of LFconnect through the access of an exerciser's Profile, Workout Progress, and Workout Results.

For example, a developer can create an application that utilizes GPS functionalities to create a GPS-based workout result submission. The application then submits the data to LFopen and the exerciser can view his/her results online.

Service endpoints starting with /user/ pertains to all exerciser-related information. Updating the profile, retrieving the profile, updating and getting the profile photo, are some of the functionalities available.

To retrieve information on the exerciser's workout library (the presets, goals, etc), access the /workoutpreset/* services.

Submitting and retrieving workout results (Manual Cardio, Strength, GPS, and LifeFitness workouts)and the aggregated progress information can be done by accessing the /workoutresults/* services.

A whole new world of exciting possibilities are in store for developers with these web services. Utilize data, such as average heart rate, calories burned and time, to create workout result-based solutions and more. Check out each end points to further understand the usage and purpose of each method.

Accessing the API Services with OAuth2

LFopen Website API uses OAuth2 as authentication protocol in accessing the LFconnect account-specific services. All the services require following the OAuth2 protocol

The services require an Access Token to access the Web Services. To get an Access Token, the following flow is required to be followed:

To summarize, the following are the necessary steps to access OAuth2-secured services (each step is explained in detail):

1. Developer Application calls the Authorization Endpoint
2. Exerciser is asked to login to LFconnect and authorize
3. Developer exchanges code for access token
4. Accessing LFopen Website API services using the Access Token
5. Requesting a new Token after Access Token Expires
6. Revoking OAccess Tokens and Refresh Tokens

1. Developer Application calls the Authorization Endpoint

The Developer Application accesses the Authorization Endpoint, passing the Client ID and Redirection URI.

URL

https://vtqa.lfconnect.com/web/oauthAuthorize

Parameters

Parameter Name	Description
response_type	Type of the response type the server is expecting. Supported value: "code"
client_id	Valid OAuth ClientID.
redirect_uri	Redirection URI to be used by LFopen Web API server to provide the Authorization Code.

Sample Call

(Break lines below added for formatting only) GET https://vtqa.lfconnect.com/vt/oauthAuthorize? response_type=code& client_id=wwjkl21jhkj231& redirect_uri=https%3A%2F%2F...

2. Exerciser is asked to login to LFconnect and authorize

LFopen Website serves the Authorization Endpoint, requesting the exerciser to verify by logging in. The user authorizes to provide the Developer App access to users data. A screen with Username / Password is to be shown.

After a successful login, LFConnect Website redirects the screen to the Redirection URL provided, passing the Authorization Code.

Sample Screen

The Redirection URI recieves the code

Sample Output

(Break lines below added for formatting only) http://redirect uri ?code=f41bd32556eb1391745ad8ed38ccd25f|765304

If LFConnect login credentials provided are invalid the login screen shows related errors.

Sample Screen

If LFConnect is not authorized then LFConnect redirects to the Third party provided Redirection URL with error as access denied and additional error description.

Sample Output

(Break lines below added for formatting only) http://redirect uri ?error=access_denied&error_description=The+user+has+not+authorized+for+this+application.

If the login is cancelled then LFConnect redirects to the Third party provided Redirection URL with parameters error as access denied and additional error description.

Sample Output

(Break lines below added for formatting only) http://redirect uri ?error=access_denied&error_description=The+user+revoked+access+for+this+application.

3. Developer exchanges code for access token

Developer Application requests an Access Token from LFopen Website by calling the Token Endpoint, passing the Authorization Code retrieved in previous step , Client ID, Client Secret. Redirection URI is optional. If you want to pass the output to redirect url you can specify it, Otherwise you will get output in response.

URL

https://vtqa.lfconnect.com/web/authorizeresponse

Parameters

Parameter Name	Description
grant_type	Type of OAuth2 grant type used. Supported value: "authorization_code".	mandatory
client_id	Valid OAuth ClientID.	mandatory
client_secret	Valid OAuth Client Secret.	mandatory
code	Authorization code received in the previous step.	mandatory
redirect_uri	Redirection URI to be used by LFopen Website Server to provide the Access Token.	optional

Sample Call with redirect url

(Break lines below added for formatting only) POST https://vtqa.lfconnect.com/web/authorizeresponse? grant_type=authorization_code& code=24324j32kj4l32j& client_id=2ijkjsfrhwhejr4e& client_secret=sdfwerewrwerewrew& redirect_uri=https%3A%2F%2F...

The Redirection URI recieves the access token, refresh token and the expiry date

Sample Output

(Break lines below added for formatting only) http:redirect uri ?access_token=3fa6928e053ee37ece8ea7681dbe62ae|6c7cd904122e623ce625613d6af337c4 &token_type=bearer &refresh_token=6c7cd904122e623ce625613d6af337c4|31b51d3a6750a092a4286b321bbdf29a|391334 &expires_in=31622400

Sample Call without redirect url

(Break lines below added for formatting only) POST https://vtqa.lfconnect.com/web/authorizeresponse? grant_type=authorization_code& code=24324j32kj4l32j& client_id=2ijkjsfrhwhejr4e& client_secret=sdfwerewrwerewrew

Return a json response with access token, refresh token and the expiry date

Sample Output

(Break lines below added for formatting only) { "access_token":"3fa6928e053ee37ece8ea7681dbe62ae|6c7cd904122e623ce625613d6af337c4", "token_type":"bearer", "refresh_token":"6c7cd904122e623ce625613d6af337c4|31b51d3a6750a092a4286b321bbdf29a|391334", "expires_in":31622400 }

4. Accessing LFopen Web API services using the Access Token

Developer Application can now access the LFopen Web API services, passing the Access Token in every request. LFopen Website validates the access token every call.

Sample Service Call

GET https://vtqa.lfconnect.com/web/api2/user?access_token=324324324324324324

5. Requesting a new Token after Access Token Expires

The LFopen Website validates the access token is expiration on every service call, the service will then return an error indicating that the token is expired. The Developer Application can call the Refresh Token Endpoint passing the refresh token provided in (3). LFopen Website validates the Refresh Token and responds with a newly issued Access Token and Refresh Token. Redirection URI is optional. If you want to pass the output to redirect url you can specify it, Otherwise you will get output in response.

Sample Call with redirect url

(Break lines below added for formatting only) POST https://vtqa.lfconnect.com/web/refreshaccess? grant_type=refresh_token& client_id=2ijkjsfrhwhejr4e& client_secret=sdfwerewrwerewrew& refresh_token=dskjfksdjflksjdf32432jkjdkjksjdf& redirect_uri=https%3A%2F%2F...

The Redirection URI recieves the access token, refresh token and the expiry date

Sample Output

(Break lines below added for formatting only) http:redirect uri ?access_token=3fa6928e053ee37ece8ea7681dbe62ae|6c7cd904122e623ce625613d6af337c4 &token_type=bearer &refresh_token=6c7cd904122e623ce625613d6af337c4|31b51d3a6750a092a4286b321bbdf29a|391334 &expires_in=604800 *

Sample Call without redirect url

(Break lines below added for formatting only) POST https://vtqa.lfconnect.com/web/refreshaccess? grant_type=refresh_token& refresh_token=dskjfksdjflksjdf32432jkjdkjksjdf

Return a json response with access token, refresh token and the expiry date

Sample Output

(Break lines below added for formatting only) { "access_token":"3fa6928e053ee37ece8ea7681dbe62ae|6c7cd904122e623ce625613d6af337c4", "token_type":"bearer", "refresh_token":"6c7cd904122e623ce625613d6af337c4|31b51d3a6750a092a4286b321bbdf29a|391334", "expires_in":31622400 }

6. Revoking OAccess Tokens and Refresh Tokens

Revocation endpoint invalidates access and refresh tokens upon client request.The Developer Application can call (as a GET or POST call) to Token Revokation End point passing either to Token Revokation End point passing either an access token (the short-lived session token issued by LFOpen) or a refresh token (the long-lived persistent token). Revoking an access token is analogous to simply logging out, but revoking a refresh token terminates an app’s authorization to call APIs on behalf of the user and revokes all outstanding access tokens issued against that refresh token. After revoking an access token, the Developer Application can later retrieve a new access token using refresh token (by calling to /refreshaccess endpoint). However, when revoking the refresh token, the Developer Application has to start the OAuth flow from the beginning in-order to obtain a new access token.

URL

https://vtqa.lfconnect.com/web/revoke

Parameters

Parameter Name	Description
token	This parameter is mandatory. The Developer Application can send either an access token or a refresh token.
token_type_hint	This parameter is optional. A hint about the type of the token submitted for revocation. The Developer Application can pass this parameter in order to help the authorization server to optimize the token lookup. If the server is unable to locate the token using the given hint, it WILL extend its search across all of its supported token types. Supported values: "access_token", "refresh_token"

Sample Call

(Break lines below added for formatting only) POST https://vtqa.lfconnect.com/web/revoke? token=3fa6928e053ee37ece8ea7681dbe62ae4fs23sdgwew &token_type_hint=refresh_token

Disclaimer

You are free to use LFopen API as long as you agree to the terms of service. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

REST Resources

This API supports a Representational State Transfer (REST) model for accessing a set of resources through a fixed set of operations. The following resources are accessible through the RESTful model:

• UserOpenServiceImpl
• WorkoutPresetOpenServiceImpl
• WorkoutResultOpenServiceImpl

The REST resources expose a data model that is supported by a set of client-side libraries that are made available on the files and libraries page.

There is also a WADL document describing the REST API.

Data Model

All endpoints act on a common set of data. The data can be represented with difference media (i.e. "MIME") types, depending on the endpoint that consumes and/or produces the data. The data can described by XML Schema, which definitively describes the XML representation of the data, but is also useful for describing the other formats of the data, such as JSON.

This document will describe the data using terms based on XML Schema. Data can be grouped by namespace, with a schema document describing the elements and types of the namespace. Generally speaking, types define the structure of the data and elements are instances of a type. For example, elements are usually produced by (or consumed by) a REST endpoint, and the structure of each element is described by its type.

Namespace "user"

Namespace URI:	http://api.lfopen.lfconnect.com/v1/user
XSD:	user.xsd

Data Elements

• LFUser

Data Types

• LFUser

Namespace "workoutresult"

Namespace URI:	http://api.lfopen.lfconnect.com/v1/workoutresult
XSD:	workoutresult.xsd

Data Elements

• cardioDailyProgress
• cardioGPSProgress
• cardioLifefitnessProgress
• cardioWorkoutProgress
• GPSResultCoordinate
• GPSWorkoutResult
• lifefitnessChange
• manualCardioWorkoutResult
• manualStrengthWorkoutResult
• progressSummary
• resultProgressDaily
• resultProgressDailyData
• resultProgressGPSWorkout
• resultProgressGPSWorkoutData
• resultProgressLifefitnessWorkout
• resultProgressLifefitnessWorkoutData
• resultProgressManualCardioWorkout
• resultProgressManualCardioWorkoutData
• resultProgressManualStrengthWorkout
• resultProgressManualStrengthWorkoutData
• resultProgressWorkout
• resultProgressWorkoutData
• strengthWorkoutProgress
• userWorkoutInputVo

Data Types

• cardioDailyProgress
• cardioGPSProgress
• cardioLifefitnessProgress
• cardioWorkoutProgress
• GPSResultCoordinate
• GPSWorkoutResult
• lifefitnessChange
• manualCardioWorkoutResult
• manualStrengthWorkoutResult
• progressSummary
• resultProgressDaily
• resultProgressDailyData
• resultProgressGPSWorkout
• resultProgressGPSWorkoutData
• resultProgressLifefitnessWorkout
• resultProgressLifefitnessWorkoutData
• resultProgressManualCardioWorkout
• resultProgressManualCardioWorkoutData
• resultProgressManualStrengthWorkout
• resultProgressManualStrengthWorkoutData
• resultProgressWorkout
• resultProgressWorkoutData
• strengthDailyProgress
• strengthResultSet
• strengthWorkoutProgress
• userWorkoutInputVo
• workoutResultOpen

Namespace "workoutpreset"

Namespace URI:	http://api.lfopen.lfconnect.com/v1/workoutpreset
XSD:	workoutpreset.xsd

Data Elements

• activity
• equipmentData
• workouts

Data Types

• activity
• equipmentData
• WOParam
• workouts
• WOSegment