The Pattern Health API uses OAuth 2.0 to provide a mechanism for clients to authenticate and retrieve a token that can be used to access the API endpoints. API credentials include a client ID and client secret. These two tokens are required by the auth endpoint to generate a bearer token. The bearer token is the access token needed for all other API endpoints.

API client credentials can be managed via the Pattern Health administrative console. Please contact a program administrator or Pattern Health support for help. An administrator with sufficient permissions will be able to retrieve a client ID. However, a client secret is unrecoverable if lost. The client secret should be stored securely to prevent unauthorized access.

The access_token value should be used as a Bearer token in Authorization headers for all subsequent requests. Access tokens have a finite lifetime. The expires_in field in the response contains the number of milliseconds after which the token expires. Using an expired token will result in a 401 Unauthorized status code from the API. A new token can be retrieved via the auth token endpoint using the API client credentials.

Base path


Required headers

Authorization: Basic

Use basic auth and provide a base64 encoded copy of the client ID and client secret.

Accept: application/json

Content-Type: application/x-www-form-urlencoded

POST form body


Curl example

curl -X POST 'https://API_HOSTNAME/api/auth/token' \
-d 'grant_type=client_credentials' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept: application/json' \


    "access_token": "BEARER_TOKEN",
    "expires_in": 3600000,
    "token_type": "bearer"

Result attributes


(string) Bearer token to be used in Authorization headers for all other API endpoint requests.


(integer) The number of milliseconds after which the token expires.


(string) Will always be bearer.