API Authentication Guide

This document outlines the different types of users and the various ways they can access our API. It covers authentication methods and provides guidance on securing and managing access to the platform

User Types

1. Consumers

Consumers are the end-users of the platform, which can include:

  • Patients: Individuals receiving care through the platform

  • Healthcare Providers (HCPs): Doctors, nurses, and other medical professionals using the platform to deliver care

  • Guardians: Parents or legal guardians managing care for their dependents

  • Dependents: Children or individuals under the care of a guardian

Our consumer APIs, primarily covered by the Patient APIs, enable these users to access and manage their health data, communicate with providers, and more.

Authentication: Consumers are authenticated using OAuth2 (see OAuth2 Authentication for more details).

Primary vs. Non-Primary Consumers:

  • Primary consumers, such as patients or guardians, should have a unique email or phone number associated with their profile for seamless authentication.

  • Non-primary consumers, like dependents, can share the same email or phone number as their guardian for easier management.

Example:

  • John (patient) signs up with his email [email protected] and is considered a primary consumer.

  • John's daughter, Emily, is added as a dependent under John's account and can use the same email for authentication.

2. Service Providers

Service Providers are individuals or organizations delivering care or services through the platform. They can have various roles, each with different access levels and functionalities:

  • OWNER: Has administrative access and can manage the organization's settings and users

  • MEMBER: A general member of the organization with limited access

  • SUPPORT: Provides technical support and assistance to users

  • PROVIDER: A healthcare professional delivering care to patients

  • INTAKE_STAFF: Manages patient intake and registration

  • FIELD_STAFF: Provides in-home or on-site care services

  • PROVIDER_NURSE_PRACTITIONER: A nurse practitioner delivering care

  • PROVIDER_PHYSICIAN_ASSISTANT: A physician assistant delivering care

  • PROVIDER_PHYSICIAN: A physician delivering care

  • CLIENT_MANAGER: Manages client relationships and accounts

  • HEALTH_COACH: Provides health coaching and guidance to patients

  • THERAPIST: Delivers therapy services to patients

  • NUTRITIONIST: Provides nutritional advice and support

  • DISPATCH: Manages the dispatching of field staff and resources

The OWNER role has the highest level of access, including admin functions and the ability to take actions on behalf of others.

Service Providers in an organization have unique email addresses, and their authentication works through OAuth2.

Example:

  • Dr. Sarah (provider) signs up with her email [email protected] and is assigned the PROVIDER role.

  • Mike (support staff) signs up with his email [email protected] and is assigned the SUPPORT role.

3. Service Accounts

Service accounts are special accounts that act as users on the platform but are accessed via an API key. They can perform actions on behalf of a provider or act as an application interacting with the platform.

Common use cases for service accounts include:

  • Acting as an intermediary in a chat system, facilitating communication between patients and providers

  • Automating tasks or actions on behalf of service providers, such as sending appointment reminders or updating patient records

Service accounts use M2M Authentication (see M2M Authentication for more details).

Example:

  • A chatbot service account is created to handle patient inquiries and route them to the appropriate provider.

4. Config User Authentication

A config user in Azodha is authenticated using OAuth, allowing secure access to the organization's configuration endpoints. When setting up Azodha for an organization, config users might assume one of two roles:

  • Owner: Has comprehensive access to all configuration settings within the organization. This role is typically responsible for the initial setup and ongoing management of organizational settings.

  • Member: Has limited access and typically assists with the configuration process, operating under the permissions granted by the owner.

Both roles are essential for tailoring Azodha to meet the organisation's specific needs, ensuring the application's effective utilization.

Authentication Methods

  1. OAuth2 Authentication

  2. API Key Authentication

  3. M2M Authentication

Best Practices and Security

To ensure the security of your data and maintain proper access control, follow these best practices:

  • Use strong, unique passwords for all user accounts

  • Regularly review and update user roles and permissions

  • Keep API keys and M2M auth tokens secure and never share them publicly

  • Rotate API keys and tokens periodically, especially if they are compromised

Conclusion

By understanding the different user types, authentication methods, and best practices outlined in this document, you can effectively manage access to our API and ensure the security of your data. Always stay vigilant and proactive in monitoring and protecting your API.

If you have any questions or concerns, don't hesitate to reach out to our support team at [email protected]. We're here to help you make the most of our platform while keeping your data safe and secure.

PreviousGetting StartedNextOAuth2

Last updated