Client ID

What do I need a REST API Client ID for?

In order to interact with the PKB REST API, you must identify yourself to PKB. The Client ID allows us to know who you are.

Which type of REST API Client do I need?

User Client

You need a User Client if you wish to provide a service to any registered PKB user that agrees to grant you access to their account. For example, you might be building a mobile App and wish to let patients link their PKB account to your product. If you'd like a User Client you'll need to provide PKB with a redirection URI which we will use as part of the OAuth 2.0 workflow. If a PKB user chooses to grant you permission, you will prompt them to manually enter their credentials into a PKB hosted landing page as part of the process. You will then be able to access that user's PKB account, via the REST API, using the tokens generated. When requesting a User Client, we'll agree with you which scopes (user types) you have been approved for. Any connection you make will be limited to functionality accessible by the authenticated user.

System Client

You need a System Client if you are building a system or service that interacts directly with PKB, without a specific person being logged in. For example, perhaps you are building a hybrid mail solution which makes use of our read receipt API. In this design, PKB will issue you with a client and a client secret, which you will use to obtain an access token whenever you need to make a call against the API.

These clients can be used to access the Facade and Messaging FHIR endpoints.

Customer System Client

These are similar to System Client but used to access the Customer FHIR endpoints.

Tethered-Token System Client

If you are building a system or service that will interact with some of our older APIs, you might need a Tethered-Token System Client. This design is based on a Team Coordinator for an existing PKB site granting you permission to access their team's data. They will grant you this permission by manually generating OAuth 2.0 tokens via the web interface for you to use. These tokens will be tethered to that particular team.

These clients can predominantly access the custom REST API, and when doing so will automatically have access to both CLINICIAN and TEAMCOORD scoped REST API operations.


© Patients Know Best, Ltd. Registered in England and Wales Number: 6517382. VAT Number: GB 944 9739 67.

This API specification and design is licensed under a Creative Commons Attribution 4.0 International License.