Authentication API

Most API calls to MedRecord services are only allowed if the caller is authenticated and has enough permissions to access the requested resource.

MedRecord supports two methods for authentication:

  1. JSON Web Tokens (JWT) for clients where an user is present
  2. SSL Client Certificates for trusted sevices

Account management

Operation HTTP Request Description
post
POST /auth/account/register/activate
Activate account
get
GET /auth/account
List accounts
post
POST /auth/account/register/password
Register account
get
GET /auth/account/{mvUid}
Account information
put
PUT /auth/account/{mvUid}
Update account
delete
DELETE /auth/account/{mvUid}
Delete account

Authenticate

Operation HTTP Request Description
post
POST /auth/login/token
Login with a refresh token
post
POST /auth/login/googletoken
Login with Google ID token
post
POST /auth/login/password
Login with e-mail address and password
post
POST /auth/login/google
Login with Google
get
GET /auth/login/jwks
Fetch the JWKs

Management APIs

Operation HTTP Request Description
post
POST /auth/manage/account
Create new user

Token management APIs

Operation HTTP Request Description
post
POST /auth/token
get
GET /auth/token/whoami
Information about the user
pluslistarrow-leftglobe