Authentication

general the digitail api uses the https //www oauth com/ standard for authentication paired up with the https //www oauth com/oauth2 servers/access tokens/authorization code request/ with https //www oauth com/oauth2 servers/pkce/ oauth 2 0 authorization code grant with pkce offers robust security features suitable for protecting sensitive clinic information enhanced security pkce mitigates code interception and replay attacks by adding a verification step during the authentication process user consent oauth 2 0 standards ensure that users explicitly grant permission for applications to access their data, maintaining privacy and compliance with regulations simplified integration oauth 2 0 is widely supported across programming languages and platforms, enabling developers to integrate with ease set up integrating with the digitail api involves the following steps register your application obtain api credentials by completing the https //digitail com/api access/ implement oauth 2 0 flow follow the oauth 2 0 authorization code grant with pkce flow to authenticate your application and obtain access tokens access data utilize the access token to make authorized requests to digitail api endpoints and retrieve clinic data you can add the retrieved access token directly in the documentation page to try out the endpoints easier implementing oauth 2 0 flow generate code verifier , code challenge and state variables these variables are used to ensure the integrity and security of generating & retrieving the access token that follows code verifier should be a cryptographically random generated string with lowercase & uppercase letters, digits and the punctuation characters between 43 and 128 characters long code challenge is the base64 url encoded version of the sha256 hashing of the code verifier state is a randomly generated uri encoded string used by your app to protect youself against csrf attacks that is used to verify the integrity of the response store the code verifier and state variables locally more information https //www oauth com/oauth2 servers/pkce/authorization request/ from your software, add a button "connect with digitail" that will redirect the user to the following url curl curl l https //vet digitail io/oauth/authorize ?response type=code \&client id={client id} \&client secret={client secret} \&redirect uri=https //your redirect url com/callback \&state={state} \&code challenge={code challenge} \&code challenge method=s256 digitail will prompt the user for authentication the user authenticated and gives consent to give access to data specified digitail will redirect back to the callback url with the auth code & state params in the url the code is available for only 10 minutes and should be used immediately to request an access token request an access token by sending the following post request curl curl x post d grant type=authorization code d client id={client id} d client secret={client secret} d redirect uri=https //your redirect url com/callback d code verifier={code verifier} d code={code} https //vet digitail io/oauth/token digitail will respond with the payload json { token type "bearer", expires in "31536000", # time to expiration in seconds access token "eyj0exaioijkv1qilcjhbgcioijsuz ", refresh token "def502001464837 ", access token url "https //vet digitail io/oauth/token", client id "9b8a5628 ", timestamp "1712928761824" # when the request was made } oauth 2 0 flow diagram