cegedim.cloudITCareAPI
Privacy

Authentication

How do I authenticate to the ITCare API ?

The ITCare API uses the OAuth 2.0 protocol for authentication and authorization. It supports the usual OAuth 2.0 scenarios such as those used for web servers and client applications.

This means that each API request must contain an "Authorization" header embedding an access token previously obtained through credentials.

curl -X GET "https://itcare.cegedim.cloud/itcare/{api-definition}/{api-endpoint}" -H "Authorization: Bearer {token}"

How do I get an API account?

To query the ITCare API, an API account is required in order to obtain the mandatory access token. To obtain this API account, a request must be submitted to the cegedim.cloud support teams by providing the following information:

  • The target organization

  • A simple description of the target usage of the API

How do I get an access token?

To obtain an access token, the client must submit a request to the endpoint /token. The authorization server requires client authentication to issue an access_token. Here is an example of an access_token request:


curl -X POST "https://accounts.cegedim.cloud/auth/realms/cloud/protocol/openid-connect/token" \
-H "Authorization: Basic $(echo -n 'CLIENT_ID:CLIENT_SECRET' | base64)" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials"

In general, we can use the base64 command to encode a string. Using command-line tools in Linux for exemple :

$echo -n 'CLIENT_ID:CLIENT_SECRET' | base64
(gives the base64 of your CLIENT_ID:CLIENT_SECRET)

If the access_token request is allowed and valid, here is a sample response:

{
   "access_token":"...",
   "expires_in":1200,
   "refresh_expires_in":7200,
   "refresh_token":"...",
   "token_type":"bearer"
}

When the token expires, it is possible to :

  • Request a new access_token

  • Refresh the token by querying the endpoint /token

curl -X POST "https://accounts.cegedim.cloud/auth/realms/cloud/protocol/openid-connect/token" \
-H "Authorization: Basic $(echo -n 'CLIENT_ID:CLIENT_SECRET' | base64)" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&refresh_token=****************"
PreviousOverviewNextErrors

Last updated