OAuth Authentication

Health Gorilla APIs use OAuth 2.0 to authorize and authenticate all API requests. You must register your application and obtain credentials before making secure API calls.

Grant Types Supported

Health Gorilla supports two OAuth 2.0 grant types, depending on your workflow.

Client Credentials Grant: Used for system-to-system access without user interaction. Ideal for background jobs and service integrations.
Authorization Code Grant: Used for user-facing applications that require user login and consent. Supports SMART on FHIR launches.

To begin using OAuth

Contact Health Gorilla Support to register your application.
Provide the redirect URI, grant type, and requested scopes.
Receive a client_id and client_secret.

To request an access token, send a `POST` request to

Sandbox: https://sandbox.healthgorilla.com/oauth/token
Production: https://api.healthgorilla.com/oauth/token

Include the required parameters based on your grant type.

Token Usage

Include the bearer token in the Authorization header of every API request.

Authorization: Bearer {access_token}

Tokens are scoped, time-limited, and bound to the registered client and tenant.

OAuth Authentication

Grant Types Supported

To begin using OAuth

To request an access token, send a POST request to

Token Usage

To request an access token, send a `POST` request to