doctorlink

Client Authentication

Doctorlink APIs use the OAuth 2.0 protocol for authentication and authorisation.

The flow looks similar to the following diagram:

Api Keys

Where: 1. Your app authenticates with the Doctorlink Authorisation Server using its Client ID and Client Secret. 2. The Doctorlink Authorisation Server validates the Client ID and Client Secret and responds with an Access Token. 4. Your application can use the Access Token to call one of the Doctorlink APIs. 5. The Doctorlink API responds with requested data.

Prerequisites

To begin, you will need to obtain your client credentials contacting our support / registering or to try our APIs out request a trial.

Once you have obtained your credentials, in the form of a CLIENT_ID and a CLIENT_SECRET you will need to configure you application to request a token.

Request a token

curl --request POST \
  --url 'https://prod-platform-identity.doctorlink.engineering/connect/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=CLIENT_ID \
  --data client_secret=CLIENT_SECRET

Parameters

Parameter NameDescription
grant_typeSet this to "client_credentials".
client_idYour application's Client ID.
client_secretYour application's Client Secret.

Response

You'll receive an HTTP 200 response with a payload containing access_token, token_type, and expires_in values:

{
 "access_token":YOUR_ACCESS_TOKEN,
 "token_type":"Bearer",
 "expires_in":3600,
 ...
}

The access_token is in the format of a JSON Web Token (JWT). JWT is an is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.

Call the Doctorlink API

To call the Doctorlink API from your application, the application must pass the access_token as a Bearer token in the Authorization header of your HTTP request.

curl --request GET \
  --url https://prod-platform-appointments.doctorlink.engineering/api/CLIENT_ID/Appointment \
  --header 'authorization: Bearer ACCESS_TOKEN' \
  --header 'content-type: application/json'

where:

  • CLIENT_ID is your application client ID.
  • ACCESS_TOKEN is the JWT Token received from the request above.