With back-end applications such as CLIs or services, the system authenticates and authorizes itself. In this scenario, the Client Credentials Flow for Service Access Tokens is used in which you pass along your Client ID and Client Secret to authenticate.

📘

Note that different APIs may require a different type of Access Token. For instance, most reporting APIs support a service Access Token, but requesting a visit requires a user Access Token.

How It Works

1. Your app authenticates with the Recuro Health Authorization API using its Client ID and Client Secret (/oauth/token endpoint).
2. Following validation by the Recuro Health Authorization API, a response containing an Access Token is provided.
3. Your app uses the Access Token to call the Recuro Health Platform API on behalf of itself.
4. The Recuro Health Platform API responds with requested data.
   

Token Expiration

Service Access Tokens are set to expire 30 days from when they were created. These tokens should be securely stored by your application for this duration.

Rate Limiting

Each ClientId is restricted to 5 new Service Access Tokens per 24 hour period. Because the lifespan of the Service Access Tokens are 30 days, these tokens should be securely stored in a manner that allows your application to reuse these tokens until they expire. Additional Service Access Token requests beyond 5 in a 24 hour period will return a 429 - Too Many Requests HTTP status.