Developer Hub

Let's build health apps together that do good at scale

Get Started

Handling Authentication

HealthTap can serve as the identity provider for your users OR you can maintain your own user's identity and simply create a user record within HealthTap to maintain PHR data and leverage HealthTap's personalization algorithms.

In either scenario, your users must use our "Tap-in" authentication flow which them to gain their permission to create an account on their behalf and co-manage the data you read/write with us, in accordance to our Terms. See Branding and Attribution.

Here's an overview of how this flow works for these two scenarios:

Get Your App's API keys

  1. Apply for access to the HealthTap Cloud
  2. After your application is approved, you will get the necessary information to start using our APIs, such as:
**Key**
Value(s)

name

MyApp

app_photo

https://developers.healthtap.com/app_photos/ebdf8bdc6d48a63f2c1e98810266cba0da33281b0da70e5f09c91aa74fbdb0a2.png

APP_ID

ebdf8bdc6d48a63f2c1e98810266cba0da33281b0da70e5f09c91aa74fbdb0a2

APP_SECRET

5c51de435f68075e703adab5811f003febf11c2a7e17407b4ae4d270e9fea98c

redirect_uri

scope

[x] profile_read, [x] profile_write, [ ] pay, [ ] send_communications, [ ] create_content

users

[x] member, [x] expert

Multiple redirect_uris are acceptable.

HealthTap Provides Users Identity

If you want HealthTap to provide your users identity, you can ask them to log in using their HealthTap account:

  1. Authorize your user at: https://developers.healthtap.com/oauth/authorize?client_id=YOUR_APP_ID&response_type=code&redirect_uri=XXX&scope=profile_write.
  2. The user will have two options: Allow and Deny.
  3. The system will redirect the user to your redirect_uri: https://www.mywebsite.com/login_with_healthtap?code=AUTH_CODE if the user taps Allow .
  4. Otherwise the user will be redirected to https://www.mywebsite.com/login_with_healthtap?error=access_denied.
  5. POST to https://api.healthtap.com/oauth/token with basic auth (APP_ID as username, APP_SECRET as password).
{  
   "grant_type":"authorization_code",
   "code":"YOUR_CODE",
   "client_id":"YOUR_APP_ID",
   "redirect_uri":"YOUR_REDIRECT_URI"
}
  1. You will get Access Token, Access Token Expiration Time, Refresh Token, and Refresh Token Expiration Time eventually .

You Manage Users' Identity

If you want to maintain your user's identity, you can create a new HealthTap account on-the-fly to maintain a user record on HealthTap with this user's attributes.

  1. POST to https://api.healthtap.com/api/v2.1/users.json with basic auth (APP_ID as username, APP_SECRET as password)
{  
   "username":"YOUR_INTERNAL_ID",
   "password":"RANDOM_PASSWORD_FOR_YOUR_USER"
}
  1. The response will be like the following with guid as the id of the user that just got created.
{
    "access_token": "697e9298cc055e8b570b70141e1e7b39ee6c025fe9329de0197f1986042396b0",
    "token_type": "bearer",
    "expires_in": 7199,
    "refresh_token": "2387fc24551a13429c2e6bf53c7ad70768c6eb2daebf4720f842f778d6b6fa3d",
    "scope": "member_public",
    "created_at": 1478054227,
    "guid": "f01bdaf185154a4fa694f90a334104b8"
}

Handling Authentication