HealthTap can serve as the identity provider for your users OR you can maintain your own user's identity and simply create a user record within HealthTap to maintain PHR data and leverage HealthTap's personalization algorithms.

In either scenario, your users must use our "Tap-in" authentication flow which them to gain their permission to create an account on their behalf and co-manage the data you read/write with us, in accordance to our Terms. See Branding and Attribution.

Here's an overview of how this flow works for these two scenarios:

Get Your App's API keys

1. Apply for access to the HealthTap Cloud
2. After your application is approved, you will get the necessary information to start using our APIs, such as:

HealthTap Provides Users Identity

If you want HealthTap to provide your users identity, you can ask them to log in using their HealthTap account:

1. Authorize your user at: https://developers.healthtap.com/oauth/authorize?client_id=YOUR_APP_ID&response_type=code&redirect_uri=XXX&scope=profile_write.
2. The user will have two options: Allow and Deny.
3. The system will redirect the user to your redirect_uri: https://www.mywebsite.com/login_with_healthtap?code=AUTH_CODE if the user taps Allow .
4. Otherwise the user will be redirected to https://www.mywebsite.com/login_with_healthtap?error=access_denied.
5. POST to https://next.healthtap.com/oauth/token with basic auth (APP_ID as username, APP_SECRET as password).

6. You will get Access Token, Access Token Expiration Time, Refresh Token, and Refresh Token Expiration Time eventually .

You Manage Users' Identity

If you want to maintain your user's identity, you can create a new HealthTap account on-the-fly to maintain a user record on HealthTap with this user's attributes.

1. POST to https://next.healthtap.com/api/v2.1/users.json with basic auth (APP_ID as username, APP_SECRET as password)

2. The response will be like the following with guid as the id of the user that just got created.