Mindbody's API is gated behind a partner approval process and requires both a paid Mindbody subscription and developer application approval. Once approved, use OAuth 2.0 via Next.js API routes to fetch class schedules, check availability, and process bookings. For prototyping a fitness booking system before getting Mindbody API access, build with Supabase as the backend — the architecture is identical and you can switch to Mindbody later.
Integrating Bolt.new with Mindbody: API Access, OAuth, and the Booking Flow
Mindbody is the dominant platform for fitness studios, yoga centers, spas, and wellness businesses. Unlike most SaaS platforms with self-serve API keys, Mindbody's developer API requires a formal partner application and approval process. You cannot sign up for an API key independently — you need both an active Mindbody subscription for the business you are building for, and approval from Mindbody's partner team after submitting your application at developers.mindbodyonline.com. Approval typically takes 1-2 weeks and requires a description of your integration use case.
Once approved, the Mindbody API follows REST patterns with OAuth 2.0 client credentials for server-to-server authentication. The key concepts are: site_id (the unique identifier for the specific Mindbody business location), API key (your developer credential), and access tokens (short-lived JWTs obtained via OAuth). The API provides everything needed for a custom booking experience: class schedules, service availability, client profiles, enrollment and reservations, and payments.
For teams that need to prototype and demonstrate the booking interface before Mindbody approval comes through, Supabase provides an excellent stand-in backend. Design your database schema to mirror Mindbody's data model (classes, sessions, bookings, clients), build the full UI against Supabase, and swap the data layer to Mindbody once access is granted. The React components and overall architecture remain identical — only the API routes change. This approach also reduces risk: if Mindbody approval is denied or takes too long, you have a working alternative backend.
Integration method
Mindbody's API requires partner application approval and uses OAuth 2.0 with a site_id and API key. Bolt generates the frontend booking UI and Next.js API routes that proxy Mindbody API calls — keeping credentials server-side and handling the OAuth client credentials flow. During development in Bolt's WebContainer, outbound calls to Mindbody's API servers work correctly. Incoming webhooks from Mindbody for real-time booking confirmations require a deployed URL and cannot be tested in the WebContainer.
Prerequisites
- An active Mindbody subscription for the business you are integrating (Mindbody API requires a paying business account)
- A submitted and approved Mindbody developer partner application at developers.mindbodyonline.com
- Your Mindbody API key, site_id, and OAuth client credentials from the Mindbody Developer Portal
- A Bolt.new project using Next.js for API routes
- Alternatively: a Supabase account for prototyping while waiting for Mindbody API approval
Step-by-step guide
Apply for Mindbody API Access and Understand the Partner Program
Apply for Mindbody API Access and Understand the Partner Program
Before writing any integration code, you must apply for Mindbody API access through their developer partner program. Mindbody's API is not self-serve — it requires formal approval. Go to developers.mindbodyonline.com and click 'Get API Access'. You will be asked to describe your integration use case, the business(es) you are building for (must be existing Mindbody customers), your expected API usage volume, and technical details about your implementation. The application process takes approximately 1-2 weeks. Mindbody reviews applications to ensure the integration serves a legitimate business need and that the developer understands the platform. During this time, you can access Mindbody's API documentation and sandbox environment (limited) using a test API key, but full production access requires approval. Mindybody's API has several subscription tiers that affect which endpoints are available. The Consumer API (public-facing, limited) allows reading class schedules and staff information. The Partner API (requires approval) adds client management, bookings, sales, and reporting. Ensure your Mindbody subscription tier supports the API features you need — contact Mindbody sales if you are unsure. Key credentials you will receive upon approval: API Key (a static key sent in the Api-Key header), Site ID (a negative integer identifying the business location, sent as SiteId in requests), and OAuth 2.0 client credentials (client_id and client_secret) for obtaining access tokens. Store all of these in your Bolt .env file. Never expose them in client-side code. While waiting for approval: start building your Bolt app with the Supabase prototype approach described in use case 3. Design your components and user flows now — the data shape returned by Mindbody's API is well-documented, so you can build to spec even before having access.
Create a .env file with Mindbody API credentials as placeholders: MINDBODY_API_KEY=your_api_key, MINDBODY_SITE_ID=-12345 (note: Mindbody site IDs are negative integers), MINDBODY_CLIENT_ID=your_oauth_client_id, MINDBODY_CLIENT_SECRET=your_oauth_client_secret. Create lib/mindbody.ts with a getMindbodyToken function that calls the Mindbody OAuth endpoint, caches the token in memory, and exports a mindbodyRequest helper for authenticated API calls. The base URL is https://api.mindbodyonline.com/public/v6.
Paste this in Bolt.new chat
1// Mindbody API endpoints reference2// Base URL: https://api.mindbodyonline.com/public/v63//4// Authentication:5// POST /usertoken/issue — OAuth client credentials token6// Headers: Api-Key, SiteId, Content-Type: application/json7// Body: { "Username": "Siteowner", "Password": "YOUR_API_KEY" }8//9// Key endpoints:10// GET /class/classes — class schedule11// GET /class/classschedules — recurring class schedule templates12// GET /staff/staff — staff list13// GET /site/sessiontypes — available session/service types14// GET /appointment/staffappointmentavailabilities — appointment slots15// POST /class/addclienttoclass — enroll client in class16// POST /appointment/bookappointment — book appointment17//18// Note: All requests require:19// - Api-Key header: your developer API key20// - SiteId header: the business site ID (negative integer)21// - Authorization: Bearer {access_token} (for write operations)Pro tip: Mindbody sandbox environment uses Site ID -99 for testing. You can test read operations against the sandbox before your production site is configured. Ask your Mindbody partner contact for sandbox access details when your application is approved.
Expected result: Mindbody API access application is submitted. .env file has credential placeholders ready. The lib/mindbody.ts skeleton is in place. If you need to start building immediately, proceed with the Supabase prototype approach in parallel.
Implement OAuth Authentication for Mindbody
Implement OAuth Authentication for Mindbody
Mindbody's API uses a unique OAuth implementation that is slightly different from standard OAuth 2.0 client credentials. The token endpoint at /public/v6/usertoken/issue accepts a JSON body with Username and Password. For a staff-level or site owner token (needed for admin operations), Username is 'Siteowner' and Password is your API key. For a specific staff user token, use their Mindbody credentials. The token response includes an AccessToken (a JWT string) and a TokenType ('Bearer'). Access tokens expire after 60 minutes. Cache the token and its expiry time in a module-level variable to avoid fetching a new token before every API call — this is important for performance and to stay within Mindbody's rate limits. All Mindbody API requests require three things: the Api-Key header (your static developer key, present in every request), the SiteId header (the business site ID, present in every request), and the Authorization: Bearer {token} header (the OAuth access token, required for authenticated operations). Some read-only endpoints (like class schedules) work without the Authorization header if the studio's settings allow public access. During development in Bolt's WebContainer, the token fetch and subsequent API calls all work correctly — Mindbody's API is accessible over HTTPS from the WebContainer's outbound networking. Test your authentication setup by making a simple call to /public/v6/site/sites to verify your credentials are correct before building out the full feature set.
Build the complete Mindbody authentication utility in lib/mindbody.ts. Implement getMindbodyToken that POSTs to https://api.mindbodyonline.com/public/v6/usertoken/issue with Username: 'Siteowner' and Password from MINDBODY_API_KEY, caches the token for 55 minutes. Export mindbodyGet and mindbodyPost helpers that add Api-Key, SiteId, and Authorization headers to all requests. Add TypeScript interfaces for the token response and common response shapes. Include error handling that distinguishes auth failures from other API errors.
Paste this in Bolt.new chat
1// lib/mindbody.ts2const BASE = 'https://api.mindbodyonline.com/public/v6';3const API_KEY = process.env.MINDBODY_API_KEY!;4const SITE_ID = process.env.MINDBODY_SITE_ID!;56interface TokenCache {7 token: string;8 expiresAt: number;9}1011let tokenCache: TokenCache | null = null;1213export async function getMindbodyToken(): Promise<string> {14 if (tokenCache && Date.now() < tokenCache.expiresAt) {15 return tokenCache.token;16 }1718 const res = await fetch(`${BASE}/usertoken/issue`, {19 method: 'POST',20 headers: {21 'Api-Key': API_KEY,22 'SiteId': SITE_ID,23 'Content-Type': 'application/json',24 },25 body: JSON.stringify({ Username: 'Siteowner', Password: API_KEY }),26 });2728 if (!res.ok) {29 const err = await res.text();30 throw new Error(`Mindbody auth failed: ${err}`);31 }3233 const data = await res.json();34 tokenCache = {35 token: data.AccessToken,36 expiresAt: Date.now() + 55 * 60 * 1000, // 55 min (token valid 60)37 };38 return tokenCache.token;39}4041async function mindbodyFetch<T>(42 endpoint: string,43 options: RequestInit = {}44): Promise<T> {45 const token = await getMindbodyToken();46 const res = await fetch(`${BASE}${endpoint}`, {47 ...options,48 headers: {49 'Api-Key': API_KEY,50 'SiteId': SITE_ID,51 'Authorization': `Bearer ${token}`,52 'Content-Type': 'application/json',53 ...options.headers,54 },55 });56 if (!res.ok) {57 const err = await res.text();58 throw new Error(`Mindbody API ${endpoint} failed (${res.status}): ${err}`);59 }60 return res.json();61}6263export const mindbody = {64 get: <T>(endpoint: string) => mindbodyFetch<T>(endpoint),65 post: <T>(endpoint: string, body: unknown) =>66 mindbodyFetch<T>(endpoint, { method: 'POST', body: JSON.stringify(body) }),67};Pro tip: Mindbody returns a PaginationResponse object for list endpoints with PageSize, RequestedLimit, RequestedOffset, and TotalResults fields. Always use the offset and limit parameters for large result sets (classes, clients) rather than fetching all records at once.
Expected result: getMindbodyToken() successfully returns an access token from Mindbody. The mindbody.get() helper fetches data from the Mindbody API with all required headers. Token caching prevents repeated auth calls.
Build Class Schedule and Booking API Routes
Build Class Schedule and Booking API Routes
With authentication working, create the Next.js API routes that power the booking interface. The class schedule route fetches upcoming classes from Mindbody's /class/classes endpoint, filters by date range, and returns lean objects suitable for the frontend calendar. The booking route creates a class enrollment (adds the client to a class) via the /class/addclienttoclass endpoint. Mindbody's class schedule endpoint returns rich data including the class name, description, instructor (Staff object), location (Location object), start and end times, the session type (yoga, pilates, spin, etc.), available enrollment capacity, and the total maximum capacity. Map these to the shape your frontend expects. For client enrollment, you need a client_id — Mindbody's identifier for the person booking. New clients can be created via /client/clients POST. Existing clients are looked up by email via /client/clients?searchText=email@example.com. The class enrollment endpoint requires a ClassId and a ClientId. If the client pays through Mindbody (using a pass or credits), include payment details in the enrollment request. For testing in the Bolt preview: create a test client via the Mindbody portal (not the API), then use that client's ID in your test booking API calls. This lets you verify the booking flow works end-to-end in the WebContainer before deploying. Remember that actual bookings made during testing affect your Mindbody schedule — use future-dated test classes at low or zero capacity to avoid conflicts.
Create Next.js API routes for Mindbody. Build: GET /api/classes (fetch classes for a date range, accept startDate and endDate params, map Mindbody response to lean class objects with id, name, instructor name, startDateTime, duration, location, spotsAvailable, totalSpots), GET /api/staff (fetch active staff), POST /api/bookings (accept classId and client info, look up or create the Mindbody client, then enroll in the class), GET /api/clients/[email] (look up client by email). Each route uses mindbody helpers from lib/mindbody.ts and returns appropriate error messages.
Paste this in Bolt.new chat
1// app/api/classes/route.ts2import { NextResponse } from 'next/server';3import { mindbody } from '@/lib/mindbody';45interface MindbodyClass {6 Id: number;7 ClassDescription: { Name: string; Description: string };8 Staff: { FirstName: string; LastName: string };9 StartDateTime: string;10 EndDateTime: string;11 Location: { Name: string };12 TotalBooked: number;13 MaxCapacity: number;14 IsCanceled: boolean;15}1617interface ClassesResponse {18 Classes: MindbodyClass[];19}2021export async function GET(request: Request) {22 try {23 const { searchParams } = new URL(request.url);24 const startDate = searchParams.get('startDate') ?? new Date().toISOString();25 const endDate = searchParams.get('endDate') ??26 new Date(Date.now() + 7 * 24 * 60 * 60 * 1000).toISOString();2728 const data = await mindbody.get<ClassesResponse>(29 `/class/classes?StartDateTime=${encodeURIComponent(startDate)}&EndDateTime=${encodeURIComponent(endDate)}&HideCanceled=true`30 );3132 const classes = (data.Classes ?? []).map((c) => ({33 id: c.Id,34 name: c.ClassDescription.Name,35 description: c.ClassDescription.Description,36 instructor: `${c.Staff.FirstName} ${c.Staff.LastName}`,37 startDateTime: c.StartDateTime,38 endDateTime: c.EndDateTime,39 location: c.Location.Name,40 spotsAvailable: Math.max(0, c.MaxCapacity - c.TotalBooked),41 totalSpots: c.MaxCapacity,42 }));4344 return NextResponse.json(classes);45 } catch (error: unknown) {46 const e = error as { message: string };47 return NextResponse.json({ error: e.message }, { status: 500 });48 }49}Pro tip: Mindbody class IDs change each time the class is scheduled (each specific occurrence has its own ID). Do not hardcode class IDs. The ClassDescription.Id is the template/program ID that stays consistent. Use ClassDescription.Id for linking to recurring class types and the class occurrence Id for bookings.
Expected result: GET /api/classes returns the studio's upcoming class schedule. Each class includes available spots and instructor info. The booking route successfully enrolls a test client in a class. All API calls work in the Bolt preview.
Build the Class Booking Frontend UI
Build the Class Booking Frontend UI
With the API routes returning Mindbody data, prompt Bolt to generate the complete booking interface. The UI should present the class schedule in a format that matches the studio's brand — either a weekly calendar grid, a day-by-day list, or a filtered card view. Each class card shows the key information clients need to decide whether to book: class name, instructor, time, duration, location, and remaining spots. The booking flow should be simple and fast: one click to open the booking modal, a minimal form (new clients provide name, email, phone; returning clients enter email to look up their profile), and an immediate confirmation. For studios with membership and pricing plans, display whether the class requires credits and how many the client has remaining — though this requires additional API calls to fetch the client's contract and visit count. Client-facing booking flows should handle two states: anonymous (client is not logged in, provide contact info to book as a visitor or create a new Mindbody account) and returning (client provides email to look up existing Mindbody account). For the anonymous path, the /client/clients POST endpoint creates a new Mindbody client account as part of the booking process. Availability refresh is important: class spots fill up in real time, especially for popular classes. Use SWR with automatic revalidation (revalidateOnFocus: true, refreshInterval: 60000) so spots available stays current as the user browses. Show a clear 'Class full — join waitlist' state when spotsAvailable reaches 0.
Build the complete fitness booking UI. Create: (1) A WeeklySchedule component that shows classes in a 7-day grid fetched from /api/classes. Each cell shows the class name, instructor, time, and spots remaining. (2) A ClassCard component with full class details, instructor badge, availability indicator (green/yellow/red based on spots), and 'Book Now' button. (3) A BookingModal with a 2-step flow: enter email to check if existing client, then confirm booking details. (4) A BookingConfirmation component shown after successful booking. (5) Show a waitlist button when class is full. Use SWR for data fetching with auto-refresh every 60 seconds. Style with Tailwind CSS.
Paste this in Bolt.new chat
Pro tip: Mindbody's waitlist feature (for full classes) is managed via the /class/addclienttowaitlist endpoint. Build the waitlist button alongside the booking button so clients can join the waitlist when a class is full. When a spot opens up, Mindbody handles the waitlist notification to the client automatically via their settings.
Expected result: The class schedule renders in the Bolt preview with live data from Mindbody. Booking modal opens on click, accepts client info, and confirms bookings. Available spots update automatically. Full classes show a waitlist option.
Deploy and Configure Mindbody Webhooks
Deploy and Configure Mindbody Webhooks
Deploy your Bolt app to Netlify to get a public HTTPS URL, required for receiving Mindbody webhook events (booking confirmations, cancellations, payments). Mindbody's webhook system (called 'Partner Webhooks' in their documentation) sends POST requests to your endpoint when specific business events occur — a new booking, a cancellation, a check-in, or a payment. To deploy: connect your Bolt project to Netlify via Settings → Applications → Netlify → Publish. After deploying, add environment variables in Netlify Dashboard: MINDBODY_API_KEY, MINDBODY_SITE_ID, MINDBODY_CLIENT_ID, MINDBODY_CLIENT_SECRET, and MINDBODY_WEBHOOK_SECRET (used to verify incoming webhook payloads). Trigger a redeploy. Webhook registration is done through the Mindbody Developer Portal, not the API. Log into developers.mindbodyonline.com, navigate to your app's webhook settings, and add your Netlify URL (https://your-app.netlify.app/api/webhooks/mindbody). Select the event types you want to receive. During Bolt WebContainer development, incoming webhooks from Mindbody cannot reach the browser-based runtime — there is no public URL for Mindbody to POST to. This is a fundamental constraint of the WebContainer architecture. For webhook testing, deploy to Netlify first. You can simulate webhook payloads during development by calling your POST /api/webhooks/mindbody route directly with test JSON matching Mindbody's webhook event format. The Mindbody webhook payload includes the event type, site_id, event details (booking ID, client info, class info), and a signature for verification. Verify the signature before processing to prevent unauthorized requests to your handler.
Prepare my Mindbody app for deployment. Create netlify.toml with build command 'npm run build', publish '.next', Node 20, @netlify/plugin-nextjs. Create a POST /api/webhooks/mindbody route that verifies the webhook signature, handles 'class_booking.created' and 'class_booking.canceled' event types, and returns 200. Add GET /api/health that tests Mindbody token acquisition and returns {status: 'ok', mindbody: 'connected'} or error.
Paste this in Bolt.new chat
1# netlify.toml2[build]3 command = "npm run build"4 publish = ".next"56[build.environment]7 NODE_VERSION = "20"89[[plugins]]10 package = "@netlify/plugin-nextjs"Pro tip: Mindbody partner webhooks are a paid feature available on higher partnership tiers. If webhooks are not available on your current plan, implement polling: call /api/classes every minute to detect booking count changes, and /client/visits to track new check-ins. Polling is less elegant but works without webhook access.
Expected result: App is deployed to Netlify with Mindbody credentials set as environment variables. The health check confirms Mindbody API connectivity. Webhook endpoint is registered in the Mindbody Developer Portal and receives test events.
Common use cases
Custom Class Schedule and Booking Widget
Replace Mindbody's default booking widget with a fully custom React component that matches your studio's brand. Fetch class schedules from Mindbody's API, display them in a weekly calendar or list view, and allow clients to enroll with a single click. Authentication for client enrollment uses Mindbody's client login or a visitor booking flow depending on your subscription level.
Build a fitness class booking interface connected to the Mindbody API. Create a GET /api/classes route that fetches class schedules from https://api.mindbodyonline.com/public/v6/class/classes using OAuth client credentials. Accept startDate and endDate query params. Return class name, instructor, start time, duration, room, available spots, and a booking URL. Build a weekly schedule UI with time slots, class names, instructor badges, and available spots counter. Add a 'Book' button that calls a POST /api/bookings route. Read MINDBODY_API_KEY, MINDBODY_SITE_ID from env.
Copy this prompt to try it in Bolt.new
Appointment Booking for Services (Spa/Wellness)
Build a service booking flow for spas or wellness centers — show available services (massages, facials, personal training sessions), staff members who can provide each service, and available time slots for a selected date. The booking form collects client contact info and submits an appointment request via the Mindbody Staff Appointment API.
Build an appointment booking system for a wellness spa using Mindbody. Create API routes: GET /api/services (fetch available services), GET /api/staff (fetch active staff with their service types), GET /api/availability (fetch available appointment slots for a given service, staff, and date range from Mindbody's appointmentavailabilities endpoint). Build a 3-step booking flow: (1) select service and staff, (2) pick date and time from availability grid, (3) enter contact info and confirm. Submit booking via POST /api/appointments. All routes proxy to Mindbody API with OAuth auth. MINDBODY_API_KEY and MINDBODY_SITE_ID from env.
Copy this prompt to try it in Bolt.new
Prototype Booking System with Supabase (While Awaiting API Approval)
Before Mindbody API approval, build the complete booking system frontend and backend using Supabase. Create tables for classes, sessions, bookings, and clients with the same data shape as Mindbody's API. This lets you demonstrate a working prototype to stakeholders and refine the UX before the Mindbody integration is live. When approval comes, replace the Supabase queries with Mindbody API calls.
Build a fitness booking prototype using Supabase as the backend (stand-in for Mindbody). Create Supabase tables: classes (id, name, instructor, description, capacity), sessions (id, class_id, start_time, end_time, room, spots_available), bookings (id, session_id, client_email, client_name, status, created_at). Build a complete booking UI: weekly schedule view, class detail modal, booking form with email/name fields, booking confirmation, and a 'My bookings' page that looks up bookings by email. The architecture should make it easy to swap Supabase queries with Mindbody API calls later.
Copy this prompt to try it in Bolt.new
Troubleshooting
Mindbody API returns 401 'Invalid credentials' despite correct API key
Cause: The Site ID format is wrong (Mindbody site IDs are negative integers like -12345, not positive), the API key has not been activated for this site, or the API key does not have the required permission scopes for the endpoint being called.
Solution: Verify the site ID is a negative integer — check in the Mindbody admin portal under Setup → Business Profile, or ask your Mindbody partner contact. Ensure your developer API key has been granted access to the specific site. Consumer API and Partner API have different permission levels; some endpoints require Partner API access.
getMindbodyToken throws 'Mindbody auth failed: 500 Internal Server Error'
Cause: The Username-Password token endpoint (/usertoken/issue) returns 500 when the site does not exist, the site is suspended, or the API key is for a different environment (production key used in sandbox or vice versa).
Solution: Verify MINDBODY_SITE_ID is the correct site ID for your Mindbody subscription. Check that your Mindbody subscription is active and not in a suspended state. For sandbox testing, use Site ID -99 and the sandbox API key provided by Mindbody. Contact Mindbody support if the subscription is active but 500 errors persist.
Class booking fails with 'Client required visits not met' or 'No valid payment method'
Cause: The client does not have the required membership, pass, or payment method to enroll in this class. Mindbody enforces business rules about which clients can book which classes.
Solution: For testing, use the Mindbody admin portal to manually add a service or pass to the test client before booking via the API. In production, your booking UI should check the client's available services before attempting a booking, or use Mindbody's payment collection endpoints to process a payment as part of the booking flow.
Webhook endpoint not receiving events from Mindbody after deployment
Cause: The webhook URL was not saved correctly in the Mindbody Developer Portal, the event type was not subscribed to, or the webhook subscription requires reactivation after a failed delivery.
Solution: Log into developers.mindbodyonline.com, go to your app's webhook configuration, and verify the URL and event subscriptions are correct. Send a test event from the portal. Check Netlify function logs for any errors in the handler. Ensure MINDBODY_WEBHOOK_SECRET in Netlify environment variables matches the secret shown in the Developer Portal.
Best practices
- Apply for Mindbody API access early — the partner approval process takes 1-2 weeks, so start the application as soon as you know you need it
- Build a Supabase prototype of the booking system in parallel with the Mindbody API approval process so you have a working demo ready from day one
- Cache Mindbody access tokens for the full token lifetime (55 minutes) to stay within API rate limits and improve response times
- Never expose Mindbody API keys or OAuth credentials in client-side code — all API calls must go through Next.js server-side routes
- Use Mindbody's sandbox environment (Site ID -99) for development and testing to avoid creating test bookings in production
- Check class availability immediately before confirming a booking to handle race conditions where the last spot is taken while the user fills out the booking form
- During Bolt WebContainer development, outbound calls to Mindbody work fine — only incoming webhook events require a deployed URL
- Show clear error messages when booking fails due to business rules (class full, no valid payment method) — Mindbody API error responses contain human-readable messages that can be displayed to users
Alternatives
Calendly is a general-purpose scheduling tool with a straightforward API and no partner approval process — a faster integration for simple appointment booking without fitness-specific features like class capacity and memberships.
Acuity Scheduling (by Squarespace) offers appointment booking with a self-serve API — no application process required, making it easier to integrate for spas and personal trainers who do not need Mindbody's full club management features.
Zocdoc focuses on healthcare and medical appointment booking with a structured marketplace API — better suited for wellness businesses in the health and medical space than fitness studios.
Frequently asked questions
Does Bolt.new work with the Mindbody API during WebContainer development?
Yes, for outbound API calls. Bolt's WebContainer can make HTTPS requests to Mindbody's API servers, so class schedule fetching, client lookups, and booking creation all work in the Bolt preview. What does not work during development is receiving incoming Mindbody webhook events — Mindbody cannot POST to the browser-based WebContainer since it has no public URL. Test outbound API calls in the Bolt preview; test webhook handling after deploying to Netlify.
Can I use the Mindbody API without a Mindbody subscription?
No. The Mindbody API requires both an active Mindbody subscription for the business and developer partner application approval. You cannot access Mindbody data for a business that does not have a Mindbody subscription. If you are building a booking tool for a fitness studio client, they must be an active Mindbody customer, and you apply for API access on their behalf or as a developer partner integrating their account.
How long does Mindbody API approval take?
Typically 1-2 weeks for the initial partner application review. Approval depends on your use case description, the business you are integrating for, and whether you need Consumer API (read-only, faster approval) or Partner API (full read/write, more scrutiny). Build your prototype with Supabase during this waiting period so you have a working system to show stakeholders immediately.
Can I let clients log in with their Mindbody accounts in my Bolt app?
Yes, using Mindbody's user token flow. Instead of the Siteowner token used in this tutorial, you POST the client's Mindbody username and password to /usertoken/issue to get a client-scoped access token. However, collecting and transmitting user credentials from your app to Mindbody is a security responsibility — use HTTPS exclusively and consider the UX implications. An alternative is to use your app's own authentication (Auth0 or Supabase Auth) and match users to Mindbody client records by email.
What Mindbody subscription tier is required to use the API?
API access is available on Mindbody's Accelerate plan and above (not available on the Starter/Basic plan). The Consumer API provides read-only schedule and pricing data. The Partner API (required for bookings, client management, and payments) requires the Accelerate plan or higher plus partner application approval. Contact Mindbody sales to confirm your current plan includes API access before starting your integration.
Talk to an Expert
Our team has built 600+ apps. Get personalized help with your project.
Book a free consultation