POST https://auth.puregym.com/connect/token
grant_type=password&username={EMAIL}&password={PIN}&scope=pgcapi offline_access
Authorization: Basic cm8uY2xpZW50Og==
Looks like it could be feasible to brute force some PINs using this API. Assuming it's not rate-limited, an average of 50,000,000 API calls isn't that many.
Looks like it could be feasible to brute force some PINs using this API. Assuming it's not rate-limited, an average of 50,000,000 API calls isn't that many.