Versions Compared

Old Version 1

changes.mady.by.user Andrew Turner

Saved on

compared with

New Version 2

changes.mady.by.user Tom Pick

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Parameter

Type

Optionality

Description

Example

response_type

Query parameter

Required

Must be "code"

code

client_id

Query parameter

Required

The REST API Client ID  previously issued to you

myClientId

scope

Query parameter

Optional

Allowed values are:

  • PATIENT

  • CLINICIAN

  • TEAMCOORD

If a value is not provided, we will permit a user from any scope that has has been enabled for your REST API Client ID.

PATIENT

state

Query parameter

Optional

Although this is optional, it is  strongly recommended . This should be an opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. The parameter SHOULD be used for preventing cross-site request forgery, as described in  Section 10.12 .

ANTI_CSRF_12345

redirect_uri

Query parameter

Conditional

If you have several redirect URIs registered against your Client ID, then you must specify this parameter. Otherwise, it is optional.

If you do specify this parameter, you can add additional parameters to the URI on top of the base URI that is associated with your Client ID.

Note that we do support localhost addresses and custom URL schemes for mobile apps.

You are not able to specify a new URI with this parameter.

https://client.example.com/cb

...

Parameter

Type

Optionality

Description

Example

grant_type

Form parameter

Required

Must be "authorization_code"

authorization_code

client_id

Form parameter

Required

The REST API Client ID  previously issued to you

myClientId

code

Form parameter

Required

The authorization code returned in the previous step

SplxlOBeZQQYbYS6WxSbIA

redirect_uri

Form parameter

Conditional

If you specified one in the original request, this must match exactly. Otherwise, this is optional.

https://client.example.com/cb

Content-Type

HTTP header

Required

Must be "application/x-www-form-urlencoded"

application/x-www-form-urlencoded

...

Parameter

Type

Optionality

Description

Example

grant_type

Form parameter

Required

Must be "refresh_token"

refresh_token

client_id

Form parameter

Required

The REST API Client ID  previously issued to you

myClientId

refresh_token

Form parameter

Required

The refresh token issued at the same time as the most recently valid access token

tGzv3JOkF0XG5Qx2TlKWIA

scope

Form parameter

Optional

The scope of the session

PATIENT

...