AuthV2

Get token

POST
https://api.joincandidhealth.com/api/auth/v2/token

Authenticating with the Candid Health API.

Candid Health utilizes the OAuth 2.0 bearer token authentication scheme in our auth flow. You obtain the bearer token for all subsequent API requests via the /auth/token endpoint defined below, which requires you to provide your client_id and client_secret. Your client_id and client_secret can be generated from the "Users & Credentials" tab by your org admin.

The bearer token should be provided in the Authorization header for all subsequent API calls.

Warning:

The bearer token expires 5 hours after it has been created. After it has expired, the client will receive an "HTTP 401 Unauthorized" error, at which point the client should generate a new token. It is important that tokens be reused between requests; if the client attempts to generate a token too often, it will be rate-limited and will receive an "HTTP 429 Too Many Requests" error.

Request

This endpoint expects an object.
client_id
string
Your application's Client ID.
client_secret
string
Your application's Client Secret.

Response

This endpoint return an object.
access_token
string
expires_in
integer
Time in seconds.
token_type
string

Errors

POST
/api/auth/v2/token
curl -X POST https://api.joincandidhealth.com/api/auth/v2/token \
-H "Content-Type: application/json" \
-d '{
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET"
}'
Response
{
"access_token": "eyJz93a...k4laUWw",
"expires_in": 86400,
"token_type": "Bearer"
}