Home > API Usage > Authentication

Authentication

The Save Sight Registries API is protected by OAuth2.

Prerequisites

In order to successfully authenticate with the API, you will need:

  • A user account on the SSR Website.
  • An OAuth application assigned to your account. This can be created and provided to you by an admin user.

Once available, access your OAuth application at https:///frbresearch.org/oauth/applications and take note of your client_id (UID) and client_secret (Secret).

Obtaining an Access Token

The authentication process follows the OAuth2 specification for client_credentials grant types.

You will need to base64 encode <client_id>:<client_secret> to get the authorization header.
For example:
client_id = abcdefg
client_secret = 1234567890
base64(abcdefg:1234567890) = YWJjZGVmZzoxMjM0NTY3ODkw

To get an access token, send a POST request to https:///frbresearch.org/oauth/token with the grant type in the body:

POST /oauth/token HTTP/1.1
Host: frbresearch.org
Authorization: Basic YWJjZGVmZzoxMjM0NTY3ODkw

grant_type=client_credentials  

The access token will be in the response:

Response 200
{
    "access_token": "ABC123",
    "token_type": "Bearer",
    "expires_in": 7200,
    "scope": "write",
    "created_at": 1700123456
}

Access tokens expire after 7200 seconds (2 hours) and must be regenerated once expired.

Using the Access Token

All API requests must include this access token in the Authorization header:

POST /fhir/bundle HTTP/1.1
Host: frbresearch.org
Authorization: Bearer ABC123
Content-Type: application/json