MEDrecord developers AUTH Specification summary

All APIs

Most API calls to MedRecord services are only allowed if the caller is authenticated and has enough permissions to access the requested resource.

MedRecord supports two methods for authentication:

JSON Web Tokens (JWT) for clients where an user is present
SSL Client Certificates for trusted sevices

Account management

Operation	HTTP Request	Description
post	POST /auth/account/password/reset	Update account
post	POST /auth/account/register/activate	Activate account
post	POST /auth/account/register/password	Register account
post	POST /auth/account/password/update	Update account
get	GET /auth/account/{mvUid}	Account information
put	PUT /auth/account/{mvUid}	Update account
delete	DELETE /auth/account/{mvUid}	Delete account
get	GET /auth/account	List accounts
post	POST /auth/account	Load accounts
post	POST /auth/account/{mvUid}/invite	Invite user

Authenticate

Operation	HTTP Request	Description
get	GET /auth/login/jwks	Fetch the JWKs
post	POST /auth/login/google	Login with Google
post	POST /auth/login/token	Login with a refresh token
post	POST /auth/login/googletoken	Login with Google ID token
post	POST /auth/login/password	Login with e-mail address and password

Management APIs

Operation	HTTP Request	Description
post	POST /auth/manage/account	Create new user

Token management APIs

Operation	HTTP Request	Description
get	GET /auth/token/whoami	Information about the user
post	POST /auth/token