This guide is for legacy users since API keys have been deprecated. Learn how to use our preferred authentication.
If you haven’t already, check out our high-level summary for authentication with Redox. If you want to authenticate a specific API key, follow the steps below.
This authentication method is currently only supported for the Redox Data Model API.
curl -X POST https://api.redoxengine.com/auth/authenticate \-H '{"Content-Type": "application/json"}' \-d '{"apiKey": "not-a-real-api-key", "secret": "super-secret-client-secret"}'
{"accessToken": "13d5faa8-aacd-4a0d-a666-51455b1b2ced","expires": "2015-03-25T20:52:35.000Z","refreshToken": "4ed7b234-9bde-4a9c-9c86-e1bc6e535321"}
accessToken
(in the first line of the response) to authenticate in later steps.
The expires
value contains the exact date and time that your access token expires. Access tokens expire 24 hours after retrieval.
The refreshToken
can be used to retrieve a new access token after this one expires. See the details for refreshing your token further down below.If you attempt to use an expired access token with a request, you will receive a 401 Unauthorized
error.
Authorization
header with a valid access token in the following format: Authorization: Bearer [your-accessToken]
curl -X POST https://api.redoxengine.com/endpoint \-H '{"Authorization": "Bearer f81eeac9-7cb0-4a82-951b-724f592723ae"}'
After successfully authenticating, you can initiate requests to any endpoints you have verified. If you want to send test requests, you can do so to this endpoint: https://api.redoxengine.com/endpoint
.
If you're operating in Canada, you must tweak the Redox hostname slightly. All you need to do is add a ca
in that URL like this: https://api.ca.redoxengine.com
.
Every request via the Data Model API must contain the following headers and body parameters.
Header | Value | Description |
---|---|---|
Authentication | Bearers `your-authToken` | Required for authenticating your request. |
Content-Type | application/json | Enter this value for Data Model API calls. |
Parameter | Type | Description |
---|---|---|
Meta.DataModel | String | The data model corresponding to the type of data you are sending or requesting. |
Meta.EventType | String | The event type of the data model that you are sending or requesting. |
Meta.Destinations[].ID | String array | Objects with ID value(s) of the endpoint(s) you are sending data to or the endpoint you're requesting data from. |
Each data model has different requirements for parameters. Explore each data model and their respective required parameters.
A request should generally look like this:
curl \-X POST https://api.redoxengine.com/endpoint \-H "Content-Type: application/json" \-H "Authorization: Bearer[access-token-here]" \-d '{"Meta": {"DataModel": "PatientAdmin","EventType": "Arrival","Destinations": [{"ID": "af394f14-b34a-464f-8d24-895f370af4c9","Name": "Redox EMR"}]},"Patient": {# … payload omitted}}'
You can use the refresh token returned from the most recent authentication request to retrieve a new access token via the refresh token endpoint:
curl -X POST https://api.redoxengine.com/auth/refreshToken \-H '{"Content-Type": "application/json"}' \-d '{"apiKey": "not-a-real-api-key", "refreshToken": "4ed7b234-9bde-4a9c-9c86-e1bc6e535321"}'
The object returned for a successful response is the same as that for the original access token retrieval request noted above.
If your API key or secret value are exposed for any reason, you must generate a new secret value for the relevant API key. Learn how to generate a new secret value.