Authenticate

Health Gorilla uses OAuth 2.0 client credentials to authenticate API access and authorize data retrieval. Each client receives a unique client ID and client secret, which must be securely stored and used to request access tokens for each session.

To authenticate using the client credentials flow

Send a POST request to the token endpoint at https://api.healthgorilla.com/oauth/token.
Include the following parameters in the request body:

grant_type: Set this to client_credentials
client_id: Your issued client ID
client_secret: Your issued client secret

Receive a bearer access token in the response.
Include the token in the Authorization header of each API call. For example:

Authorization: Bearer {access_token}

To protect client credentials

Store your client_id and client_secret in a secure secrets manager.
Avoid exposing credentials in front-end applications or logs.
Use HTTPS for all token requests and API traffic.

To manage token expiration

Monitor the expiration time returned in the token response.
Reauthenticate using the same credentials when the token expires.
If you receive a 401 Unauthorized response, request a new token using the client credentials flow.

Health Gorilla does not support refresh tokens for the client credentials flow. Reauthentication is required upon expiration.