...
Authentication and authorisation in both ourCustom REST API andFHIR® REST API are through OAuth 2.0, the same open standard that Facebook, Google, Twitter and Yahoo! have adopted (a widely adopted secure authorisation standard utilised by industry leaders like Google, Microsoft or Epic Systems, enabling controlled resource access without credential exposure).
The full OAuth 2.0 spec is here, in two parts:
Obtaining a Client ID
In order to interact with these APIs, we'll first need to issue you with a Client ID.
...
System Client IDs are used by partners to interact with the PKB Facade and Messaging FHIR APIs on behalf of existing PKB organisations that have chosen to grant access.
...