Authentication API

Most API calls to MedRecord services are only allowed if the caller is authenticated and has enough permissions to access the requested resource.

MedRecord supports two methods for authentication:

  1. JSON Web Tokens (JWT) for clients where an user is present
  2. SSL Client Certificates for trusted sevices

AUTH reference

Account management

Operation HTTP Request Description
post 
POST /auth/account/register/password
 Register account
get 
GET /auth/account
 List accounts
post 
POST /auth/account/register/activate
 Activate account
get 
GET /auth/account/{mvUid}
 Account information
put 
PUT /auth/account/{mvUid}
 Update account
delete 
DELETE /auth/account/{mvUid}
 Delete account

Authenticate

Operation HTTP Request Description
post 
POST /auth/login/token
 Login with a refresh token
get 
GET /auth/login/jwks
 Fetch the JWKs
post 
POST /auth/login/password
 Login with e-mail address and password
post 
POST /auth/login/google
 Login with Google
post 
POST /auth/login/googletoken
 Login with Google ID token

Management APIs

Operation HTTP Request Description
post 
POST /auth/manage/account
 Create new user

Token management APIs

Operation HTTP Request Description
post 
POST /auth/token
get 
GET /auth/token/whoami
 Information about the user
pluslistarrow-leftglobe