API Authentication
Learn how to authenticate to the Corti API
Authentication to the API on all environments is governed by OAuth 2.0. This authentication protocol offers enhanced security measures, ensuring that access to patient data and medical documentation is securely managed and compliant with healthcare regulations.
Request an access token
To acquire an access token, make a request to the authURL provided to you:
{environment}
with beta-eu
{tenant-name}
with copiloteu
The full request body that needs to be of Content-Type: "application/x-www-form-urlencoded"
looks like this:
Your access token
It will return you an access_token
:
As you can see, the access token expires after 300 seconds (5 minutes). By default as per oAuth standards, no refresh token is used in this flow. There are many available modules to manage monitoring expiry and acquiring a new access token. However, a refresh token can be enabled if needed.
Make an API request
Subsequently you use the access_token
to authenticate any API request. The baseURL is dependent on the environment:
{environment}
placeholder with beta-eu
If, for example, you are on the beta-eu environment and want to create an interaction as the starting point for any other workflow operations your URL will look like this:
In your Request Header
you also need to include the Tenant-Name
parameter:
{tenant-name}
of copiloteu
To authenticate when opening a websocket, the access_token needs to be passed in as URL parameter in addition to the Tenant-Name already part of the url returned upon creating an interaction: