Skip to main content
All CollectionsAPI Integrations
How API Authentication and Authorization Works?
How API Authentication and Authorization Works?

Call Your API Using the Client Credentials

R
Written by Rachel
Updated over a year ago

All API requests must be authorized. NikoHealth APIs require you to use OAuth 2.0 protocol for authorization. You will need to use the Client Credentials Flow defined in OAuth 2.0 in which a Client ID and Client Secret are passed to authenticate and get a token.

The Client ID and Client Secret will be provided to you with your API subscription. These must be kept secret and should not be embedded or exposed in HTML or JavaScript of public-facing applications. Use secret keys only in code executing in a trusted or controlled environment that connects directly to the various NIkoHealth APIs.

How to Implement It

Steps

  1. Request Tokens: Request an access token for your API

  2. Call API: Use the retrieved access token to call your API

To access your API, you must request an access token for it. To do so, you need to POST to the token URL : https://{yourDomain}.nikohealth.com /api/identity/connect/token

Request Tokens

To access your API, you must request an access token for it. To do so, you need to POST to the token URL. https://{yourDomain}.nikohealth.com /api/identity/connect/token


Example POST to token URL

curl --location 'https://{yourDomain}.nikohealth.com /api/identity/connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic YOUR-ENCODED-CREDENTIALS' \
--data-urlencode 'grant_type=client_credentials'

Parameters

Parameter Name

Description

grant_type

Set this to "client_credentials".

client_id

Your application's Client ID provided to you.

client_secret

Your application's Client Secret provided to you.

Example Response

If all goes well, you'll receive an HTTP 200 response with a payload containing access token, token type, and expires_in values: 

 { "access_token":"BE55CF536EC46D12F9FDBF1EFD831E086B121939B9806DF43F3A6043C67DB0AC", 
"expires_in": 1200, 
"token_type": "Bearer", 
"scope": "external"
 }

  • access_token- in the case of this particular example it is: C845A9BC763F0774D10EF044A309EB01DEDA49741822D2CE52138BFBD5D721A7

  • expires_in - values are in seconds which indicates the expiration lifetime of the token

Call API

To call your API, the application must pass the retrieved access token as a Bearer token in the Authorization header of your HTTP request. 

curl --request GET \ 
--url 'https://{yourDomain}.nikohealth.com/api/external/v1/patients' \ 
--header 'authorization: Bearer ACCESS_TOKEN' \ 
--header 'content-type: application/json'

Swagger Interface

In the Swagger tool provided to you, you can interact with available APIs to help with your implementation efforts. Within Swagger you can authorize and authenticate using your Client ID and Client Secret provided.

  1. Click the green colored Authorize button located at the top right area of the page to bring the up the popup window

  2. Enter : Client ID value into client_id field

  3. Enter: Client Secret value into client_secret field

  4. Click external checkbox under the Scopes

  5. Click the Authorize button

Please note: Make sure you are using your Sandbox Client ID and Client Secret provided to you.

Did this answer your question?