Full reference: browse every endpoint and schema, and run live requests, in the interactive API reference. This page is the quickstart; everything else lives there.
The VeloPeak API is read-only. It exposes an authorizing athlete's planned workouts and completed activities, and lets your app subscribe to webhooks. Authentication is OAuth 2.0 (authorization code with PKCE).
Base URL: https://velo-peak.com/api/v1
1. Register your app
In VeloPeak, open Settings → Developer and create an app. You receive a client_id and a client_secret (shown once), and you choose:
- Redirect URIs, where athletes return after authorizing.
- Scopes your app needs:
athlete:read,workouts:read,activities:read,webhooks. Pick only what you use; the consent screen shows exactly these.
2. Get the athlete's authorization
Send the athlete to the authorize endpoint with a PKCE challenge:
GET https://velo-peak.com/api/auth/oauth2/authorize ?response_type=code &client_id=YOUR_CLIENT_ID &redirect_uri=YOUR_REDIRECT_URI &scope=athlete:read workouts:read &state=RANDOM &code_challenge=BASE64URL_SHA256_OF_VERIFIER &code_challenge_method=S256
They sign in, approve the consent screen, and return to your redirect_uri with a code. Exchange it for a token:
POST https://velo-peak.com/api/auth/oauth2/token Content-Type: application/x-www-form-urlencoded grant_type=authorization_code &code=THE_CODE &redirect_uri=YOUR_REDIRECT_URI &client_id=YOUR_CLIENT_ID &client_secret=YOUR_CLIENT_SECRET &code_verifier=YOUR_PKCE_VERIFIER
You receive an access_token and a refresh_token.
3. Call the API
Send the token as a Bearer header:
GET https://velo-peak.com/api/v1/workouts Authorization: Bearer ACCESS_TOKEN
The full list of endpoints, parameters and response shapes is in the API reference.
4. Receive events (optional)
With the webhooks scope, register a callback to be notified when workouts or activities change. Every delivery is signed with an X-VeloPeak-Signature header (HMAC-SHA256). The reference documents the subscription endpoint and the payload.
Open the API reference to try the endpoints with your token.