HealthTap can serve as the identity provider for your users OR you can maintain your own user's identity and simply create a user record within HealthTap to maintain PHR data and leverage HealthTap's personalization algorithms.
In either scenario, your users must use our "Tap-in" authentication flow which them to gain their permission to create an account on their behalf and co-manage the data you read/write with us, in accordance to our Terms. See Branding and Attribution.
Here's an overview of how this flow works for these two scenarios:
Get Your App's API keys
- Apply for access to the HealthTap Cloud
- After your application is approved, you will get the necessary information to start using our APIs, such as:
name
MyApp
app_photo
https://developers.healthtap.com/app_photos/ebdf8bdc6d48a63f2c1e98810266cba0da33281b0da70e5f09c91aa74fbdb0a2.png
APP_ID
ebdf8bdc6d48a63f2c1e98810266cba0da33281b0da70e5f09c91aa74fbdb0a2
APP_SECRET
5c51de435f68075e703adab5811f003febf11c2a7e17407b4ae4d270e9fea98c
redirect_uri
https://www.mywebsite.com/login_with_healthtap, myapp://oauth/healthtap
scope
[x] profile_read, [x] profile_write, [ ] pay, [ ] send_communications, [ ] create_content
users
[x] member, [x] expert
Multiple redirect_uris
are acceptable.
HealthTap Provides Users Identity
If you want HealthTap to provide your users identity, you can ask them to log in using their HealthTap account:
- Authorize your user at: https://developers.healthtap.com/oauth/authorize?client_id=YOUR_APP_ID&response_type=code&redirect_uri=XXX&scope=profile_write.
- The user will have two options:
Allow
andDeny
. - The system will redirect the user to your
redirect_uri
: https://www.mywebsite.com/login_with_healthtap?code=AUTH_CODE if the user tapsAllow
. - Otherwise the user will be redirected to https://www.mywebsite.com/login_with_healthtap?error=access_denied.
- POST to https://api.healthtap.com/oauth/token with basic auth (
APP_ID
as username,APP_SECRET
as password).
{
"grant_type":"authorization_code",
"code":"YOUR_CODE",
"client_id":"YOUR_APP_ID",
"redirect_uri":"YOUR_REDIRECT_URI"
}
- You will get
Access Token
,Access Token Expiration Time
,Refresh Token
, andRefresh Token Expiration Time
eventually .
You Manage Users' Identity
If you want to maintain your user's identity, you can create a new HealthTap account on-the-fly to maintain a user record on HealthTap with this user's attributes.
- POST to https://api.healthtap.com/api/v2.1/users.json with basic auth (
APP_ID
as username,APP_SECRET
as password)
{
"username":"YOUR_INTERNAL_ID",
"password":"RANDOM_PASSWORD_FOR_YOUR_USER"
}
- The response will be like the following with
guid
as theid
of the user that just got created.
{
"access_token": "697e9298cc055e8b570b70141e1e7b39ee6c025fe9329de0197f1986042396b0",
"token_type": "bearer",
"expires_in": 7199,
"refresh_token": "2387fc24551a13429c2e6bf53c7ad70768c6eb2daebf4720f842f778d6b6fa3d",
"scope": "member_public",
"created_at": 1478054227,
"guid": "f01bdaf185154a4fa694f90a334104b8"
}