OAuth Flow

If you need access to the personalized data you need to be authorized by the resource owner (i.e) the BaseHealth Member whose data you want to access

The process follows the standard OAuth2 model. From your application client make a call as follows:


where <client_id> is the client id assigned to your application on registration and <redirect_url> is the redirect url assigned by you to your application. For the purpose of this document let us assume the following values


The call would then be


The user/resource owner will then be placed in the BaseHealth authentication flow, if the user/resource owner approves access, the following client side redirect will be made to your application


Within the server handler for the above page you would then make the following call:

https://api.basehealth.com/oauth/token?client_id=<client_id>&client_secret=<client_secret>&redirect_uri= <redirect_url>&grant_type=authorization_code&code=<authorization_code>

This will return the access_token for this user in the following json message

{ "access_token": <access_token>, "token_type": "bearer" }

Once you obtain the access_token, you can use it to make the authorized calls like so