Mindbody · Authentication Profile

Mindbody Authentication

Authentication

Mindbody secures its APIs with apiKey and oauth2 across 2 declared security schemes, as derived from its OpenAPI definitions. OAuth 2.0 is offered via the authorizationCode flow(s).

FitnessWellnessBeautySchedulingBookingPoint of SaleStudiosSalonsSpasWebhooks
Methods: apiKey, oauth2 Schemes: 2 OAuth flows: authorizationCode API key in: header

Security Schemes

ApiKeyAuth apiKey
· in: header (API-Key)
OAuth2 oauth2
· flows: authorizationCode

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/mindbody-public-api-v6-openapi-original.yml, openapi/mindbody-webhooks-api-openapi-original.yml
summary:
  types:
  - apiKey
  - oauth2
  api_key_in:
  - header
  oauth2_flows:
  - authorizationCode
schemes:
- name: ApiKeyAuth
  type: apiKey
  in: header
  parameter: API-Key
  description: Mindbody-issued API key (server-to-server). Required on every request.
  sources:
  - openapi/mindbody-public-api-v6-openapi-original.yml
  - openapi/mindbody-webhooks-api-openapi-original.yml
- name: OAuth2
  type: oauth2
  flows:
  - flow: authorizationCode
    authorizationUrl: https://signin.mindbodyonline.com/connect/authorize
    tokenUrl: https://signin.mindbodyonline.com/connect/token
    scopes: 5
  description: OpenID Connect bearer token issued by Mindbody Identity Service (signin.mindbodyonline.com).
    Required for endpoints that act on behalf of a staff or client user.
  sources:
  - openapi/mindbody-public-api-v6-openapi-original.yml