Most API calls to MedRecord services are only allowed if the caller is authenticated and has enough permissions to access the requested resource.
MedRecord supports two methods for authentication:
Operation | HTTP Request | Description |
---|---|---|
get |
GET /auth/account/{mvUid} |
Account information |
put |
PUT /auth/account/{mvUid} |
Update account |
delete |
DELETE /auth/account/{mvUid} |
Delete account |
post |
POST /auth/account/password/reset |
Update account |
post |
POST /auth/account/register/activate |
Activate account |
post |
POST /auth/account/password/update |
Update account |
post |
POST /auth/account/{mvUid}/invite |
Invite user |
post |
POST /auth/account/register/password |
Register account |
get |
GET /auth/account |
List accounts |
post |
POST /auth/account |
Load accounts |
Operation | HTTP Request | Description |
---|---|---|
post |
POST /auth/login/googletoken |
Login with Google ID token |
post |
POST /auth/login/google |
Login with Google |
post |
POST /auth/login/password |
Login with e-mail address and password |
get |
GET /auth/login/jwks |
Fetch the JWKs |
post |
POST /auth/login/token |
Login with a refresh token |
Operation | HTTP Request | Description |
---|---|---|
post |
POST /auth/manage/account |
Create new user |