...
Parameter | Type | Optionality | Description | Example |
response_type | Query parameter | Required | Must be "code" | code |
client_id | Query parameter | Required | The REST API Client ID previously issued to you | myClientId |
scope | Query parameter | Optional | Allowed values are:
If a value is not provided, we will permit a user from any scope that has has been enabled for your REST API Client ID. | PATIENT |
state | Query parameter | Optional | Although this is optional, it is strongly recommended . This should be an opaque value used by the client to maintain state between the request and callback. The authorization server includes this value when redirecting the user-agent back to the client. The parameter SHOULD be used for preventing cross-site request forgery, as described in Section 10.12 . | ANTI_CSRF_12345 |
redirect_uri | Query parameter | Conditional | If you have several redirect URIs registered against your Client ID, then you must specify this parameter. Otherwise, it is optional. If you do specify this parameter, you can add additional parameters to the URI on top of the base URI that is associated with your Client ID. Note that we do support localhost addresses and custom URL schemes for mobile apps. You are not able to specify a new URI with this parameter. |
...
Parameter | Type | Optionality | Description | Example |
grant_type | Form parameter | Required | Must be "authorization_code" | authorization_code |
client_id | Form parameter | Required | The REST API Client ID previously issued to you | myClientId |
code | Form parameter | Required | The authorization code returned in the previous step | SplxlOBeZQQYbYS6WxSbIA |
redirect_uri | Form parameter | Conditional | If you specified one in the original request, this must match exactly. Otherwise, this is optional. | |
Content-Type | HTTP header | Required | Must be "application/x-www-form-urlencoded" | application/x-www-form-urlencoded |
...
Parameter | Type | Optionality | Description | Example |
grant_type | Form parameter | Required | Must be "refresh_token" | refresh_token |
client_id | Form parameter | Required | The REST API Client ID previously issued to you | myClientId |
refresh_token | Form parameter | Required | The refresh token issued at the same time as the most recently valid access token | tGzv3JOkF0XG5Qx2TlKWIA |
scope | Form parameter | Optional | The scope of the session | PATIENT |
...