Integrating the Physitrack iframe in your UI

Please note that, even though the authentication for the Physitrack iframe content is the same across API consumers, each Physitrack iframe is created specifically for each API consumer, namespaced inside a PT Direct account.

Note also that the Physitrack web app itself cannot be loaded inside an iframe.
The Physitrack iFrame is in fact a dashboard of sorts, that is custom-built for every integration. If you are interested in including Physitrack functionality, such as a dashboard, in an iframe inside your web application, please email


To load the Physitrack iframe (i.e. <iframe src="URI"...></iframe>), the URI should be built up as follows:

  • baseURI
  • practitioner_email
    urlencoded email address with which the practitioner is registered on Physitrack, e.g.
  • JWT string
    payload: see below
    signature secret: practitioner_api_key see below
If there is no client on Physitrack with a corresponding client id from your system, then Physitrack will create this client the first time the iframe is loaded for this specific client id.
https:// pt_direct_namespace/patient? jwt={header}.{payload}.{signature}

Practitioner API key

Physitrack generates a unique practitioner API key for every practitioner.
This API key is visible inside your PT Direct account by going to the  Practitioners page and clicking on the practitioner in question.

JWT string

The JWT-string is generated by the API consumer, and consists of 
  "alg": "HS256",

  "external_id": "12344578", // Required. Internal id that you use to reference to this client. This will be used to match the client between Physitrack and your system
  "first_name": "Jane", // Required. First name of client
  "last_name": "Doe", // Required. Last name of client
  "gender": "f", // Required. Gender of client (m|f)
  "year_of_birth": "1977", // Required. Year of birth of client.
  "email": "", // Optional. If given, must be a valid email format
  "mobile_phone": "0012125551212" // Optional. If given, must be in international format, digits only
  "meta_id":"1234545" // Optional: if given, this meta_id value will be appended as an additional field to any new exercise program that is added from this iframe instance
Secret used for generating signature: practitioner API key

UI & browser requirements

  • The iframe UI is compatible with reasonably modern browsers (e.g. IE9 and newer).
  • The width of the iframe should be at least 990 pixels.
iFrame in your UI 38.5 KB View full-size Download


If the iframe fail to load, an appropriate error message will be shown in the body of the HTML response. 

Error cases include:

  • No practitioner found with this email address
  • Invalid JWT signature (please make sure that the API key used for signing matches that of the practitioner for whom this iframe is loaded)