oAuth - Security for Authentication of APIs Calls

Medfusion uses the latest in open authorization protocols – oAuth 2.0.  There are three core steps to the process, outlined below.

STEP 1: Obtaining the Client Id and Client Secret

      Method Type: GET
      Endpoint: https://<server>/v1/oauth2/oauthapplication/<apptoken>

Accept: application/json

Sample Response:
{“applicationName” : “MyTest2App”, “grantTypes” : [], “clientId” : “79DGIWN934UJGHWKJERIGU”, “clientSecret” : “97FGHKJNW99GUJH24JKNdue”, “oauthVersion” : “O_AUTH_2_0″}

ACTION – Store the client Id and client secret in a secure place for use in Step 2.

STEP 2: Obtaining the Access token

Using the client Id and client secret from Step 1, do the following to obtain the access token;

      Method Type: POST
      Endpoint: https://<server>/v1/oauth2/token

Content-Type: application/x-www-form-urlencoded
Accept: application/json
Authorization: Basic <clientId>:<clientSecret>

Sample Body:

Sample Response:
{“tokenType” : “BEARER” , “expiresIn” : 1551833, “refreshToken” : “978a9odgklh2ihng9irhgks0082″, “accessToken” : “545432458745ahsidfh2weubgiw”, “accessTokenSecret” : null}

ACTION– Store the access token and refresh token in a secure location (you will not need to use the refresh token at this time)

STEP 3: Making Authenticated API Calls

Using the access token from Step 2, create the following header for all API calls made to Medfusion:

Authorization: Bearer <accessToken>


oAuth Workflow