Search
K
< Back

Get a Token

To access Health Gorilla’s APIs, you must authenticate using the OAuth 2.0 client credentials flow. This method issues a short-lived bearer token that you must include in the Authorization header of each request. Follow these steps to request and use an access token.

To request and use an access token

  1. Enter the appropriate token endpoint URL based on your environment. Sandbox: https://sandbox.healthgorilla.com/oauth/token Production: https://api.healthgorilla.com/oauth/token
  2. Send a POST request to the token endpoint with the required header and form-encoded body parameters.

Content-Type: application/x-www-form-urlencoded

Body Parameters

grant_type=client_credentials
client_id=your_client_id
client_secret=your_client_secret

Example Request

POST /oauth/token HTTP/1.1
Host: sandbox.healthgorilla.com
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=abc123
&client_secret=xyz456
  1. Confirm that the response contains a valid access token.

Example Response

{
  "access_token": "eyJ...abc",
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "patient.read documentreference.read"
}
  1. Include the access token in the Authorization header of every API request.

Example

Authorization: Bearer eyJ...abc
  1. Repeat the request when the token expires to obtain a new one. Tokens typically expire after one hour and must be refreshed by repeating the client credentials request. The client credentials flow does not support refresh tokens.