# Authentication

## How do I authenticate to the ITCare API ? <a href="#apiitcare-howdoiauthenticatetotheitcareapi" id="apiitcare-howdoiauthenticatetotheitcareapi"></a>

The ITCare API uses the OAuth 2.0 protocol for authentication and authorization. It supports the usual OAuth 2.0 scenarios such as those used for web servers and client applications.

This means that each API request must contain an "Authorization" header embedding an access token previously obtained through credentials.

{% code overflow="wrap" fullWidth="false" %}

```bash
curl -X GET "https://itcare.cegedim.cloud/itcare/{api-definition}/{api-endpoint}" -H "Authorization: Bearer {token}"
```

{% endcode %}

## How do I get an API account? <a href="#apiitcare-howdoigetanapiaccount" id="apiitcare-howdoigetanapiaccount"></a>

To query the ITCare API, an API account is required in order to obtain the mandatory access token.\
To obtain this API account, a request must be submitted to the **cegedim.cloud** support teams by providing the following information:

* The target organization
* A simple description of the target usage of the API

## How do I get an access token? <a href="#apiitcare-howdoigetanaccesstoken" id="apiitcare-howdoigetanaccesstoken"></a>

To obtain an access token, the client must submit a request to the endpoint [/token](https://accounts.cegedim.cloud/auth/realms/cloud/protocol/openid-connect/token).\
The authorization server requires client authentication to issue an access\_token.\
Here is an example of an access\_token request:

{% code overflow="wrap" %}

```bash

curl -X POST "https://accounts.cegedim.cloud/auth/realms/cloud/protocol/openid-connect/token" \
-H "Authorization: Basic $(echo -n 'CLIENT_ID:CLIENT_SECRET' | base64)" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials"


```

{% endcode %}

In general, we can use the base64 command to encode a string.\
Using command-line tools in Linux for exemple :

{% code overflow="wrap" %}

```bash
$echo -n 'CLIENT_ID:CLIENT_SECRET' | base64
(gives the base64 of your CLIENT_ID:CLIENT_SECRET)
```

{% endcode %}

If the access\_token request is allowed and valid, here is a sample response:

{% code overflow="wrap" %}

```json
{
   "access_token":"...",
   "expires_in":1200,
   "refresh_expires_in":7200,
   "refresh_token":"...",
   "token_type":"bearer"
}
```

{% endcode %}

When the token expires, it is possible to :

* Request a new access\_token
* Refresh the token by querying the endpoint /token

{% code overflow="wrap" %}

```bash
curl -X POST "https://accounts.cegedim.cloud/auth/realms/cloud/protocol/openid-connect/token" \
-H "Authorization: Basic $(echo -n 'CLIENT_ID:CLIENT_SECRET' | base64)" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&refresh_token=****************"
```

{% endcode %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://academy.cegedim.cloud/itcare-api/itcare-api-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.