Contact
If you are interested in the Partner API, please send us an email and we will take the necessary steps to assign you access.
Onboarding of athletes
Athlete onboarding allows you, as a partner, to direct users to the Tredict user registration form and automatically link the user to your Tredict partner account in a secure and privacy-compliant way. Alternatively, existing user accounts can also be linked to the partner account.
If the user is linked to the partner account, the user will be authorised to access the partner's training plans and will automatically be assigned monthly Tredict write access, which Tredict will bill via the partner.
Procedure
The registration of a new Tredict user by the partner account is done by a 2-way handshake.
The partner requests a private and public code from the API for user registration, which are stored on the partner side in the backend. The Tredict user registration form is then called up with the public code. Once the user has registered, Tredict then redirects to a landing page of the partner and transfers the private code and the identification number of the newly or already registered user as parameters. The partner can now synchronise the private code, assign it to their athlete and save the Tredict user identification number.
Advantages of the 2-way handshake procedure:
- The partner has no knowledge of the user's access data.
GDPR compliance is guaranteed by Tredict. No contract for commissioned data processing needs to be concluded between the partner and Tredict. The partner does not need to take any additional security precautions.
- The registration form on the Tredict website is used.
All validation steps, such as password security or agreement to the Tredict terms of use and data protection policy, take place at Tredict.
- Protection against faulty or intentionally damaging processes.
If the partner API access data is stolen, it is more difficult for attackers to carry out malicious automated actions, as the handshake involves a human factor.
Flow
-
Generate the handshake codes by calling init-register-handshake and save the response on your server.
-
Direct the athlete to the Tredict registration form and pass the received
registerCodeas a parameter.https://staging.tredict.com/register/?registerCode=vrQc4sFaJGbpoga4AjuanCIf the user is not yet registered, the registration form will now be displayed. If the user is registered and logged in, they will be asked whether they would now like to link to the partner account.
-
Upon successful registration, your landing page that you specified when registering your partner account is called. The
authorisationCodethat you saved when initialising the handshake is transmitted as a parameter. Now compare the code to see if it matches. If not, then it is not an authorised response! TheuserIdof the Tredict user is passed as the second parameter. Save this. You need this to activate or remove the connection to the user account.If the connection is successful, your landing page will be called with these parameters:
https://www.yourlandingpage.com/hallo-user/?authorizationCode=9WXeX4kUBQrMrHHoTAKSAn&userId=aEen1VF4In the event of an unforeseen error, the landing page is called with an
errorparameter:
https://www.yourlandingpage.com/hallo-user/?error=could_not_connect_athlete_to_partner&userId=aEen1VF4 -
Activate the user with activate-user so that they are automatically assigned write access and can access your training plans. The monthly automatically assigned write access will be charged to the partner account under the negotiated conditions.
Endpoints
For every request to an endpoint, the Authorization header must be set, to which you transfer the partner client credentials. You will receive these from us.
The credentials are composed of clientId and clientSecret with a colon and are then encoded with Base64.
Example request:
Node.js
const base64_partner_credentials = Buffer.from(`${clientId}:${clientSecret}`).toString("base64");
const response = await fetch(`https://staging.tredict.com/user/partner/init-register-handshake`, {
headers: {
'Authorization': `Basic ${base64_partner_credentials}`,
},
});
const handshake_codes = response.json();
PHP WordPress
$response = wp_remote_request(
'https://staging.tredict.com/user/partner/init-register-handshake',
array(
'method' => 'GET',
'headers' => array(
'Authorization' => 'Basic ' . base64_encode( $clientId . ':' . $clientSecret )
),
)
);
echo wp_remote_retrieve_body( $response );
Register user - Generate handshake codes
GET https://staging.tredict.com/user/partner/init-register-handshake
Request headers:
- Authorization:
Basic ${base64_partner_credentials} - Accept: application/json;charset=UTF-8
Response JSON object entries:
- registerCode: This code must be passed as a parameter to the Tredict user registration form.
- authorizationCode: This code is returned as a parameter to the partner landing page after the user has successfully registered.
- expiresAt: Expiry of the code pair as an ISO date character string. The code pair has a validity of one hour.
Response JSON example:
{
"registerCode": "vrQc4sFaJGbpoga4AjuanC",
"authorizationCode": "9WXeX4kUBQrMrHHoTAKSAn",
"expiresAt": "2023-12-29T15:30:39.008Z",
}
Status return codes:
- 200: Request could be processed successfully.
- 401: Invalid authorization header.
- 429: Too many requests.
- 500: Something went wrong on our side.
- 503: Sorry, we went to the pub.
Activate user
By activating the user, the user is automatically assigned monthly write access and has access to all training plans in the partner account. The activation must be carried out after a new registration and the adjustment of the authorisationCode. The assigned write access will be invoiced under the negotiated conditions.
GET https://staging.tredict.com/user/partner/activate-user/${userId}
Request headers:
- Authorization:
Basic ${base64_partner_credentials}
Request path parameter:
- userId: The user identification number of the user to be activated. This was transferred when the user was registered.
Status return codes:
- 200: Request could be processed successfully. User got activated.
- 400: Bad parameter given.
- 401: Invalid authorization header.
- 403: No handshake was executed.
- 404: User could not be found.
- 429: Too many requests.
- 500: Something went wrong on our side.
- 503: Sorry, we went to the pub.
Remove user
The connection of the user account to the partner is completely removed. Write access is no longer billed and assigned via the partner account. To reconnect the user, onboarding must be carried out again.
DELETE https://staging.tredict.com/user/partner/remove-user/${userId}
Request headers:
- Authorization:
Basic ${base64_partner_credentials}
Request path parameter:
- userId: The user identification number of the user to be removed. This was transferred when the user was registered.
Status return codes:
- 200: Request could be processed successfully. User got disconnected.
- 400: Bad parameter given.
- 401: Invalid authorization header.
- 404: User could not be found or is already removed.
- 429: Too many requests.
- 500: Something went wrong on our side.
- 503: Sorry, we went to the pub.
Show user event list
Returns an object of all users who are or were connected to the partner account.
GET https://staging.tredict.com/user/partner/event-list
Request headers:
- Authorization:
Basic ${base64_partner_credentials}
Response JSON example:
{
"j6rJEmsr8": {
"activationDates": [ "2024-01-03T19:21:40.857Z" ],
"assignments": [{
"months": 1,
"assignedAt": "2024-01-03T19:21:41.857Z"
}]
},
"RVQmMnmi7": {
"activationDates": [ "2024-01-03T19:21:45.393Z" ],
"removalDates": [ "2024-01-06T20:21:45.480Z" ],
"assignments": [{
"months": 1,
"assignedAt": "2024-01-03T19:21:41.857Z"
}, {
"months": 1,
"assignedAt": "2024-01-04T19:21:41.857Z"
}]
}
}
Status return codes:
- 200: Request could be processed successfully.
- 401: Invalid authorization header.
- 429: Too many requests.
- 500: Something went wrong on our side.
- 503: Sorry, we went to the pub.