System client

Authenticating with a System Client ID

Team Coordinator generates refresh token in web interface

If you are using our APIs from a fixed endpoint, e.g. a hospital, and do not require individual users to log in, then instead of using the Authorization Code Grant workflow, you must be granted access by a Team Coordinator.

Depending on the details of your deployment, you might have access to the relevant Team Coordinator user already.

To grant access, the Team Coordinator should log in to the web interface, navigate to the "Institution" tab, and click on the "REST API access" button. They will need to enter your Client ID.

A refresh token will then be displayed on the screen, which they can pass to you securely.

Client exchanges refresh token for new access token

In order to receive your first access token, and to get a new access token if your current one has expired, you will need to request one using your refresh token.

You should follow the same steps as detailed in the Authorization Code Grant workflow, except that you must always send a scope value of SITE.