Embedded Files
Authorization
Authorization
We have a specific API for authorization and identification. This API is able to do 2FA (Two-Factor Authentication) with email and sms.
We will provide you help (as in software code) with Angular as well as ReactNative components for a quick start.
Creating a user
Creating a user
Q; What endpoint do I target to create the user?
Using POST endpoint /api/users in the authentication service, user is created and access confirmation link is sent to the email provided in the payload of the POST call.
Q; What's the result of using endpoint to create the user?
Confirmation link in the patient's email will open the UI where password has to be entered for the first time, and once submitted, user account is verified and ready to use/login.
Q; Can it be done without using UI (user interface)?
Instead of opening the confirmation link, POST call can be made to /register endpoint in the authentication service where payload is the password (and confirmed password), but the token, which is sent in the email (inside of the link), is still required.
Q; Is there any way to bypass or avoid the user interaction in the process?
No. There is no way to obtain the token without user intervention.
Q; What does the POST /person endpoint in the medical service do?
POST /person endpoint is the final step on account creation. From User Interface perspective, it is used to confirm the onboarding screen.
Updating user data
Updating user data
Q; Can someone else (like admin) update user data?
Not before the user grants the permission.
Q; How do I grant permission to someone to update my data?
You have to include other user to your "Network" with the "Manage Account" permission. That is the only way for someone else to get the permission to do everything on your behalf.
User login (deprecated, see OAuth2 page instead) and tokens
User login (deprecated, see OAuth2 page instead) and tokens
Q; When you use our /signin endpoint, you get two tokens as a response:
One is an access token which is used in almost all endpoints as a value in header for Authorization (it lasts 15 minutes) <- this is why we do login in the first place
The other one is refresh token. To continue user's session after access token has expired without sending the user's credentials (login and password) again, it's needed to send this refresh token and obtain a new access token. To do this, target /token/renew endpoint . This refresh token expires after 30 days. With this, it's possible to create a mechanism in for auto refreshing the access token, saving only this refresh token. After refresh token expiration, it's needed to use /signin endpoint again.
Page updated
Report abuse