Mobile Integration
Mobile Integration
The mobile app uses the same public API host as the web app, but it reads a
token from secure storage and never depends on browser cookies.
Base URL
Set the mobile API origin to the production API host.
EXPO_PUBLIC_API_URL=https://api.vytal.fitAuth flow
- Sign in with email and password.
- Store the returned token in secure storage.
- Fetch the session with the token on later app launches.
- Load spaces and set the active space as needed.
Example calls
curl -X POST https://api.vytal.fit/auth/sign-in/email \
-H 'content-type: application/json' \
-d '{"email":"[email protected]","password":"VytalDemo2026!"}'curl https://api.vytal.fit/spaces \
-H 'authorization: Bearer <token>'Mobile rules
- Keep the token in secure storage.
- Reuse the API host directly.
- Treat
memberIdandactiveSpaceIdas session-scoped, not client-scoped.