Skip to main content
POST
/
v1
/
token
cURL
curl --request POST \
  --url https://api.dev.parchmenthealth.io/external/v1/token \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'x-organization-id: <x-organization-id>' \
  --header 'x-organization-secret: <x-organization-secret>' \
  --header 'x-partner-id: <x-partner-id>' \
  --header 'x-partner-secret: <x-partner-secret>' \
  --header 'x-user-id: <x-user-id>' \
  --data '
{
  "grantType": "client_credentials",
  "scope": [
    "create:patient",
    "read:patient_prescription"
  ]
}
'
{
  "success": true,
  "statusCode": 200,
  "message": "Token generated successfully",
  "data": {
    "accessToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImtleTEifQ...",
    "expiresIn": 3600,
    "tokenType": "Bearer",
    "scope": [
      "create:patient",
      "read:patient_prescription"
    ]
  },
  "timestamp": "2024-01-15T10:30:00.000Z",
  "requestId": "req_1705312200000_pqr678",
  "meta": {
    "apiVersion": "1.0",
    "responseTime": 125
  }
}

Notes

  • Tokens are valid for 6 hours from the time of issuance
  • You can only request scopes that have been approved for your organization
  • The token must be included in the Authorization header as a Bearer token for all authenticated API requests

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Headers

x-partner-id
string
required

Partner ID for authentication - provided by Parchment

Example:

"tacklit"

x-partner-secret
string
required

Partner secret for authentication - provided by Parchment

x-organization-id
string
required

Organization ID for authentication - provided by Parchment

x-organization-secret
string
required

Organization secret for authentication - provided by Parchment

x-user-id
string
required

User ID for authentication - provided by Parchment

Body

application/json

Token request parameters

grantType
enum<string>
default:client_credentials
required

Type of grant for OAuth2 authentication

Available options:
client_credentials
Example:

"client_credentials"

scope
enum<string>[]
required

List of permission scopes being requested

Available options:
create:patient,
read:patient,
update:patient,
read:patient_prescription,
create:user,
read:user,
read:users,
update:user,
delete:user
Example:
[
  "create:patient",
  "read:patient_prescription"
]

Response

Token generation successful

success
boolean
required

Indicates if the request was successful

Example:

true

statusCode
integer
required

HTTP status code

Example:

200

message
string
required

Human-readable success message

Example:

"Token generated successfully"

data
object
required

Response payload data Authentication token data

timestamp
string<date-time>
required

ISO 8601 timestamp of the response

Example:

"2024-01-15T10:30:00.000Z"

requestId
string
required

Unique identifier for request tracing

Example:

"req_1705312200000_abc123"

pagination
object

Pagination information for list operations