Authentication
Overview
The Pattern Health API uses OAuth 2.0 to provide a mechanism for clients to authenticate and retrieve a token that can be used to access the API endpoints. API credentials include a client ID and client secret. These two tokens are required by the auth endpoint to generate a bearer token. The bearer token is the access token needed for all other API endpoints.
API client credentials can be managed via the Pattern Health administrative console. Please contact a program administrator or Pattern Health support for help. An administrator with sufficient permissions will be able to retrieve a client ID. However, a client secret is unrecoverable if lost. The client secret should be stored securely to prevent unauthorized access.
The access_token value should be used as a Bearer token in Authorization headers for all subsequent requests. Access
tokens have a finite lifetime. The expires_in field in the response contains the number of milliseconds after which
the token expires. Using an expired token will result in a 401 Unauthorized status code from the API. A new token can
be retrieved via the auth token endpoint using the API client credentials.
Required headers
Authorization: Basic |
Use basic auth and provide a base64 encoded copy of the client ID and client secret. |
Accept: application/json |
|
Content-Type: application/x-www-form-urlencoded |
Curl example
curl -X POST 'https://API_HOSTNAME/api/auth/token' \
-d 'grant_type=client_credentials' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept: application/json' \
-H 'Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'