Authorization flow

To access the client to the TridentCare API an access token is required and to obtain the access token, client must call the authorization server with the provided token endpoint.

Once client have the access token, they need to pass it with the subscription key in the header of the API request and the API server will provide the response within its scope.

  • Client Application: A client that makes requests to the TridentCare API.

  • Authorization Server: The server that issues access tokens to client apps after successfully authenticating the client credentials.

  • API Server: The server that hosts protected resources and accepts and responds to client requests using access tokens and subscription key.

Token Request

The OAuth token endpoint is used to obtain access tokens. A token request should include your client ID and client secret in a basic authorization header. The grant type value will be always “client_credentials” and the scope value will be provided by us based on level of access permissions.

POST https://api.tridentcare.com/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded
client_id=b67a8e1c-1cfb-49a7-bc97-caecba70d190&
client_secret=Mkc8Q~sTMRPe4cNORua1~~u42uP6swaENJFmgaRO&
grant_type=client_credentials&
scope= api://74fc9798-b7af-4d58-8e5b-840be4d4e975/.default

Token Response

The TridentCare authorization server returns a JSON object with the below associated information in it.

  • access_token – JWT to be used as a bearer token in subsequent API requests.

  • token_type – describes the access token; value is always “Bearer.”

  • expires_in – represents the lifetime of the access token in seconds.

{
    "access_token": "eyJhbGciOiJSUzI1NiIs... ",
    "token_type": "Bearer",
    "not_before": 1717593640,
    "expires_in": 10800,
    "expires_on": 1717604440,
    "resource": "7a9073b2-52eb-4c8f-90c4-5bb349ab6197"
}

Sample API Request with Token

An access token must be provided as a bearer token with any request to an API used to read, write, or update data in TridentCare along with the Subscription keys in request headers.

GET https://api.tridentcare.com/test/api/results/{MethodName}?{Parameter1}={ParameterValue}
Ocp-Apim-Subscription-Key	8a42669xxxxxx49c822cca9xxxxxxxx
Authorization			Bearer eyJhbGciOiJSUzI1NiIs...

Sample API response

Client application will receive a response provided the credentials are valid otherwise an error message will be received.