Hevy workout data — reverse-engineered API, automated daily via GitHub Actions
This dashboard pulls workout data from the Hevy gym tracking app via its private API. Since Hevy doesn't offer a public API (without a Pro subscription), I reverse-engineered the endpoints using Postman, built a Python fetcher, and set up automated daily syncs through GitHub Actions.
The data includes every set, rep, and weight for all exercises across every workout — giving rich insight into training volume, muscle group distribution, personal records, and consistency over time.
Hevy does have an official API, but it requires a Hevy Pro subscription. Without paying for Pro, the API documentation is inaccessible and the endpoints return authentication errors. Time for the same playbook that worked for COROS: reverse-engineer it.
Using Postman as a proxy, I captured the HTTP requests the Hevy app makes when loading
workouts. The key discovery was the user_workouts_paged endpoint on
api.hevyapp.com, which returns full workout data including every exercise,
set, rep count, weight, RPE, muscle groups, and personal records.
Authentication uses a session token (auth-token header) plus a hardcoded
API key. The endpoint supports pagination via limit and offset
parameters, though with a max page size of 5 workouts per request.
Following the same pattern as the COROS integration, I built fetch_hevy.py — a zero-dependency Python script that authenticates, paginates through all workouts, computes per-exercise and per-workout aggregates (volume, max weight, PR counts), and writes everything to a clean JSON file. A GitHub Actions cron job runs this daily.
api.hevyapp.com, discovered via Postman. Uses session-based authentication with an auth-token header.fetch_hevy.py paginates through all workouts (5 per page), processes exercises and sets, computes volume/PR aggregates, and writes JSON.urllib, json, ssl.