Client Authentication

HealthHero APIs use the OAuth 2.0 protocol for authentication and authorisation.

The flow looks similar to the following diagram:

Where: 1. Your app authenticates with the HealthHero Authorisation Server using its Client ID and Client Secret. 2. The HealthHero Authorisation Server validates the Client ID and Client Secret and responds with an Access Token. 4. Your application can use the Access Token to call one of the HealthHero APIs. 5. The HealthHero API responds with requested data.

Prerequisites

To begin, you will need to obtain your client credentials contacting our support / registering or to try our APIs out request a trial.

Once you have obtained your credentials, in the form of a CLIENT_ID and a CLIENT_SECRET you will need to configure you application to request a token.

Request a token

curl --request POST \
  --url 'https://<paste_Identity_Url_here>/connect/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=CLIENT_ID \
  --data client_secret=CLIENT_SECRET

Parameters

Response

You'll receive an HTTP 200 response with a payload containing access_token, token_type, and expires_in values:

{
 "access_token":YOUR_ACCESS_TOKEN,
 "token_type":"Bearer",
 "expires_in":3600,
 ...
}

The access_token is in the format of a JSON Web Token (JWT). JWT is an is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.

Call the HealthHero API

To call the HealthHero API from your application, the application must pass the access_token as a Bearer token in the Authorization header of your HTTP request.

curl --request GET \
  --url https://<paste-Traversal-Url-here>/api/v1/CLIENT_ID/traversal \
  --header 'authorization: Bearer ACCESS_TOKEN' \
  --header 'content-type: application/json'

where:

• CLIENT_ID is your application client ID.
• ACCESS_TOKEN is the JWT Token received from the request above.