Developer Hub

Let's build health apps together that do good at scale

Get Started

Handling Authentication

HealthTap can serve as the identity provider for your users OR you can maintain your own user's identity and simply create a user record within HealthTap to maintain PHR data and leverage HealthTap's personalization algorithms.

In either scenario, your users must use our "Tap-in" authentication flow which them to gain their permission to create an account on their behalf and co-manage the data you read/write with us, in accordance to our Terms. See Branding and Attribution.

Here's an overview of how this flow works for these two scenarios:

Get Your App's API keys

  1. Apply for access to the HealthTap Cloud
  2. After your application is approved, you will get the necessary information to start using our APIs, such as:










[x] profile_read, [x] profile_write, [ ] pay, [ ] send_communications, [ ] create_content


[x] member, [x] expert

Multiple redirect_uris are acceptable.

HealthTap Provides Users Identity

If you want HealthTap to provide your users identity, you can ask them to log in using their HealthTap account:

  1. Authorize your user at:
  2. The user will have two options: Allow and Deny.
  3. The system will redirect the user to your redirect_uri: if the user taps Allow .
  4. Otherwise the user will be redirected to
  5. POST to with basic auth (APP_ID as username, APP_SECRET as password).
  1. You will get Access Token, Access Token Expiration Time, Refresh Token, and Refresh Token Expiration Time eventually .

You Manage Users' Identity

If you want to maintain your user's identity, you can create a new HealthTap account on-the-fly to maintain a user record on HealthTap with this user's attributes.

  1. POST to with basic auth (APP_ID as username, APP_SECRET as password)
  1. The response will be like the following with guid as the id of the user that just got created.
    "access_token": "697e9298cc055e8b570b70141e1e7b39ee6c025fe9329de0197f1986042396b0",
    "token_type": "bearer",
    "expires_in": 7199,
    "refresh_token": "2387fc24551a13429c2e6bf53c7ad70768c6eb2daebf4720f842f778d6b6fa3d",
    "scope": "member_public",
    "created_at": 1478054227,
    "guid": "f01bdaf185154a4fa694f90a334104b8"

Handling Authentication

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.