Authentication
All API requests must include a valid Bearer token in the Authorization header.
Bearer Token Authentication
Include the token in every request:
bash
curl -X GET "https://api.example.com/api/v1/{org_id}/patients" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json"
Keep your tokens secure
Never expose API tokens in client-side code, public repositories, or log files. Rotate tokens regularly and use environment variables for storage.
Token Scopes
Tokens are scoped to a specific user and organization. The permissions available depend on the user's role and IAM policies.
| Scope | Description |
|---|---|
read | Read-only access to resources |
write | Create and update resources |
admin | Full access including settings and user management |
Error Responses
If authentication fails, the API returns a 401 Unauthorized response:
json
{
"detail": "Not authenticated"
}
If the token is valid but the user lacks permission for the requested operation, the API returns a 403 Forbidden response:
json
{
"detail": "Insufficient permissions"
}