Authentication¶

All requests to the Health Fitness API require authentication via API key. Your API key allows the system to:

• Identify and authorize your application
• Track usage and quota
• Ensure secure access to sensitive health and fitness data

⚠️ Keep your API key confidential. Do not expose it publicly or embed it in client-side code.

User Types (HefitAPI Platform Only)¶

Each client (admin) can create two types of users on the HefitAPI platform:

1. Developer User
2. Created by the client (admin) to access API endpoints.
3. Can only use API features; all API hits are billed to the admin client.

4. Developer users make API calls using their own API key, just like the admin.

5. Finance User

6. Created by the client (admin) to manage financial operations.
7. Can view billing, top up API credits, and monitor usage for the client/org.
8. Cannot make API calls to endpoints; the finance API key is restricted to billing access.

⚠️ These roles and restrictions are specific to the HefitAPI platform.

Obtaining Your API Key¶

1. Sign up or log in at the Health Fitness API Dashboard.
2. Navigate to API Keys under your account settings.
3. Generate a new API key for your application or user.
4. Copy the key and store it securely.

How to Use Your API Key¶

Header Authentication (Recommended)¶

Include your API key in the request header:

curl -X GET "https://api.hefitapi.com/api/v1/bmi?weight=81&height=177" \
  -H "X-API-Key: YOUR_API_KEY"

Query Parameter Authentication (Optional)¶

You can also send the API key as a query parameter:

curl -X GET "https://api.hefitapi.com/api/v1/bmi?weight=81&height=177&apikey=YOUR_API_KEY"

⚠️ Query parameter authentication is less secure than headers. Use it only for testing or server-side scripts.

RapidAPI Method¶

You can also access the classic Health Calculator API via RapidAPI:

curl -X GET "https://rapidapi.com/dakidarts-dakidarts-default/api/health-calculator-api" \
  -H "X-RapidAPI-Key: YOUR_RAPIDAPI_KEY" \
  -H "X-RapidAPI-Host: health-calculator-api.p.rapidapi.com"

⚠️ Note: The new v1.0.0 Health Fitness API features (35+ new endpoints, 8 languages support) are not available via RapidAPI. Use the main API at https://api.hefitapi.com for all current endpoints and full language support.

Best Practices¶

• Never hard-code API keys in client-side apps or public repositories.
• Rotate API keys regularly for security.
• Use separate keys for development, testing, and production environments.
• Monitor your API usage through the Dashboard to avoid hitting quota limits.
• Ensure HTTPS is used for all API requests to protect the API key in transit.

Example Request¶

curl -X GET "https://api.hefitapi.com/api/v1/tdee?weight=81&height=177&age=36&gender=male&activity_level=moderately_active" \
  -H "X-API-Key: YOUR_API_KEY"

Example Response¶

{
  "tdee": 2762.15,
  "bmr": 1782.03,
  "activity_multiplier": 1.55,
  "profile": {
    "age": 36,
    "weight_kg": 81.0,
    "height_cm": 177.0,
    "gender": "male",
    "activity_level": "moderately_active"
  },
  "language": "en",
  "_api_metadata_": {
    "endpoint_name": "tdee",
    "authenticated": true
  }
}

Notes¶

• Every endpoint requires a valid API key.
• Invalid or missing keys will return a 401 Unauthorized response.
• API keys are tied to your account plan; check your quota for available requests.
• v1.0.0 endpoints are not supported via RapidAPI and require direct access to https://api.hefitapi.com.
• Developer users can make API calls; finance users cannot access API endpoints and are restricted to billing only.

Related Pages¶

• Getting Started
• DCN API
• BMI API
• TDEE API