Getting Started

Request a Key Update your Key FAQ Release Notes

Overview

Authentication

Tutorials

Intro to OAuth 2 OAuth 2 Tutorial OAuth 2 Client Credentials

References

Versioning Policy Compression Errors Paging Response Codes Units

Resources

User
OAuth 2 Grants OAuth 2 Revoke Privacy User User Profile Photo User Role User Stats
Social
Friendship Moderation Action Moderation Action Type Moderation Status Page Page Association Page Follow Page Type Role Suggested Friend
Workouts
Data Source Device Gear Heart Rate Zone Heart Rate Zone Calculation Map Marker Image Remote Connection Remote Connection Type Route Route Bookmark User Achievement User Gear Workout
Content
Image Webhook
User
OAuth 2 Grants Privacy User User Profile Photo User Role User Stats
Social
Friendship Moderation Action Moderation Action Type Moderation Status Page Page Association Page Follow Page Type Role
Workouts
Data Source Device Heart Rate Zone Heart Rate Zone Calculation Map Marker Image Remote Connection Remote Connection Type Route Route Bookmark User Achievement Workout
Content
Image Webhook
User
User User Stats
Social
Page Page Association Page Follow Page Type Role Suggested Friend
Workouts
Heart Rate Zone Heart Rate Zone Calculation Remote Connection Remote Connection Type Route User Achievement User Gear
Social
Page Page Association Page Follow Page Type Role
Workouts
Heart Rate Zone Heart Rate Zone Calculation Map Marker Image Remote Connection Remote Connection Type
24/7
Body Mass

Under Armour API Authentication Overview

Authentication Protocols

Under Armour supports the industry standard OAuth 2 protocols for authentication. We recommend using OAuth 2, as it is simpler for the client developer to implement and supports all use cases.

A word about supported application types

The Under Armour Connected Fitness Platform only supports OAuth 2 via authorization grant and client credentials. Because of this, any application that cannot protect its consumer key/secret pair is not supported. Notably, this includes browser-based applications (e.g. “single-page apps”). For these kinds of applications, we recommend that a server-side component handle any communication with the Under Armour API.

Under Armour cannot enforce the security of your application, and we reserve the right to shut off API access for any clients deemed to be operating insecurely.

Adding Under Armour branding to your application

If you’re having users connect your application with their Under Armour accounts, you are required to use the following images for the log in button:

xlarge logo large logo medium logo