Authentication
Generating API keys and authenticating with the API
Authentication
The Luscii public api uses Bearer authentication as a method of authenticating requests. To authenticate add a Authorization header containing your api key to the requests.
Authorization: Bearer <api-key>
API Key Management
API keys are generated per user, following the authorizations for that specific user. Hence, if you use an API key for a patient, you can access endpoints that that patient would be allowed to access as if they were authenticated in the Luscii patient app. If you use an API key for an administrator user, you can access endpoints that administrators are allowed to access.
Manually managing API keys
API keys can be created by Administrators through the UI of the Luscii platform. To create a new API key:
- Open the patient or healthcare user that you want to create the key for
- Navigate to the patient details page, or scroll to the bottom of healthcare user details page. There you will find a section API keys.
- Press create and follow the steps. You have to provide a display name (for reference only) and a lifetime (which could be indefinite).
- In the final step, you are provided with the API key. You have to copy and store the key at this point. We will only show it to you once. After you have finished the creation process you will not be able to view anymore.
From the same section, existing API keys can also be revoked.
Programmatically managing API keys
API keys can also be created programmatically, see API key. This is particularly useful in combination with the Patient Actions SDK, that requires the use of an API key per patient. To create a new API key for a user programmatically, you can use the endpoint described in the API keys page. Before you can use the programmatically generated API keys, you will have to generate an API key manually at least once, for an administrator user.
Updated about 1 year ago