post https://{server}/v1/track_usages/validate
The validate token method, only checks if the user has a valid token, therefore it should not be used for customer turnstile release. That is exclusively to verify if the user has a valid TotalPass acces and do not guarantee a real customer access.
In "valid" cases, api returns HTTP 204 no content, otherwise api returns HTTP 4** status and their respective motivations.
OBS:
The field "service_provider_code" represents the "gym", so you have to provide the gym code to validate user access.
OBS2:
If the Gym has only one plan, the "service_provider_plan_code" field is optional in payload construction, but when the Gym had more then one plan, the "service_provider_plan_code" field becomes required field.