You will be provided with an API key after requesting access. Then you can make a POST request to /authenticates passing your key in the Authorization header. The response will contain a bearer token which is valid for 24 hours in sandbox and 1 hour in production. You can use this bearer token to access all other API routes.

The bearer token is a JSON Web Token. You can read more about JSON Web Tokens here, and find libraries for working with them here.

All unauthenticated requests will return a 401 status code.

You can see an example request to /authenticates below.

curl --request POST \
     --url \
     --header 'Accept: application/vnd.Nexhealth+json;version=2' \
     --header 'Authorization: YOUR_API_KEY'

Successful authentication will result in a response containing a bearer token.

    "code": true,
    "data": {
        "token": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwic2NwIjoiYXBpX3VzZXIiLCJpYXQiOjE2Mjg3NDMyNzksImV4cCI6MTYyODc0Njg3OSwianRpIjoiNjYxNjY4YWYtMTZkYS00OWFhLTljM2ItNmI0MDNiOTQxZWExIn0.hzbAv-Bx8vhEMXM1sGmAa9tO3WzUyvgBN8aw4tdOrG0"
    "description": "Authenticated",
    "error": []


Using bearer tokens

Once you've received your bearer token make sure you add the string "Bearer" to your authentication headers as shown below.

--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwic2NwIjoiYXBpX3VzZXIiLCJpYXQiOjE2Mjg3NDMyNzksImV4cCI6MTYyODc0Njg3OSwianRpIjoiNjYxNjY4YWYtMTZkYS00OWFhLTljM2ItNmI0MDNiOTQxZWExIn0.hzbAv-Bx8vhEMXM1sGmAa9tO3WzUyvgBN8aw4tdOrG0'