Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Lokhy87/gymApp/llms.txt

Use this file to discover all available pages before exploring further.

GymFlow uses JSON Web Tokens (JWT) for authentication. You register once to create an account, then exchange your credentials for a token at login. That token must be included in the Authorization header of every request that requires authentication.

Register

Create a new user account. No authentication is required for this endpoint. POST /api/register
email
string
required
A unique email address. Used as the login identifier and JWT subject.
username
string
required
A display name for the account.
password
string
required
Plain-text password. The API hashes it with Symfony’s password hasher before storage.
location
string
The user’s location. Defaults to "Valencia" if omitted.
Example request 
curl -X POST https://api.gymflow.example/api/register \
  -H "Content-Type: application/json" \
  -d '{
    "email": "alex@example.com",
    "username": "alex",
    "password": "s3cur3P@ssw0rd",
    "location": "Barcelona"
  }'
Example response — 201 Created 
{
  "message": "User registered successfully",
  "user": "alex@example.com"
}
Error responses
StatusMeaning
400One or more of email, username, or password is missing.

Log in

Exchange credentials for a JWT. This endpoint is handled by LexikJWTAuthenticationBundle; the controller stub is intercepted before execution. POST /api/login_check
username
string
required
The email address used during registration.
password
string
required
The account password.
Example request 
curl -X POST https://api.gymflow.example/api/login_check \
  -H "Content-Type: application/json" \
  -d '{
    "username": "alex@example.com",
    "password": "s3cur3P@ssw0rd"
  }'
Example response — 200 OK 
{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpYXQiOjE3MTYyMjQwMDAsImV4cCI6MTcxNjMxMDQwMCwidXNlcm5hbWUiOiJhbGV4QGV4YW1wbGUuY29tIn0.SIGNATURE"
}
token
string
A signed JWT. Include this value in the Authorization header for all protected requests.
Error responses
StatusMeaning
401Invalid credentials.

Make an authenticated request

Pass the token as a Bearer credential in the Authorization header. 
curl https://api.gymflow.example/api/me \
  -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9..."
Every endpoint that requires authentication will return 401 Unauthorized if the header is missing or the token is invalid.
JWTs have a fixed expiry (configured in config/packages/lexik_jwt_authentication.yaml, typically 3600 seconds). Once expired, the token is rejected with a 401 response. You must log in again to obtain a new token — there is no refresh endpoint.

Build docs developers (and LLMs) love

Get started for freeTalk to us