Authenticate a legacy API key

You can authenticate Redox Data Model API requests with legacy API keys.

• A user must be assigned to an engineer role to authenticate API keys. Learn about user roles.
• Have an existing API source. This is a prerequisite because sources and legacy API keys are tied 1:1. If you don’t have one yet, learn how to create an API source.
• Have an existing secret value stored for the legacy API key. If you don’t have one, learn how to generate a secret value.
• Have a subscription with a source, destination, and data model to send a Redox Data Model API request. Talk to your Technical Account Manager if you need a subscription.  

  Not supported with the Redox FHIR API

  Legacy API keys aren’t supported with Redox FHIR® API requests.

1. Log in to the Redox dashboard.
2. From the navigation menu, click the Developer page.
3. By default, the Sources tab opens and displays any configured sources and OAuth API keys. Find the API source you want to send the request from.
4. On the source tile, click the copy icon of the Legacy API key field to copy the API token value.
5. Use the corresponding secret value you’ve stored securely.

1. Send an authentication request:

   Example: Request for generating an access token

   bash

   Copy

   1
   curl -X POST https://api.redoxengine.com/auth/authenticate \
   2
    -H 'Content-Type: application/json' \
   3
    -d '{"apiKey": "{{api-token}}", "secret": "super-secret-client-secret"}'
2. You receive the following response:

   Example: Response for generating an access token

   json

   Copy

   1
   {
   2
     "accessToken": "13d5faa8-aacd-4a0d-a666-51455b1b2ced",
   3
     "expires": "2015-03-25T20:52:35.000Z",
   4
     "refreshToken": "4ed7b234-9bde-4a9c-9c86-e1bc6e535321"
   5
   }
3. Use the following values from the authentication response:
   1. accessToken: Use this value in the authorization header to initiate an API request. 
   2. expires: Contains the exact date and time that your access token expires. Access tokens expire 24 hours after retrieval. 

      401 error code

      If you attempt to use an expired access token with a request, you’ll receive a 401 Unauthorized error.

   3. refreshToken: Use this value to retrieve a new access token after the initial one expires. See the details for refreshing your token at the end of this article.

After successfully authenticating, you can initiate API requests from your API source to the verified destination(s) in your subscription.

The Data Model API relies on OAuth 2.0 Bearer to authenticate requests. All API requests must contain an Authorization header with a valid access token in the following format: Authorization: Bearer [your-accessToken].

1
curl -X POST https://api.redoxengine.com/endpoint \
2
 -H "Authorization": "Bearer f81eeac9-7cb0-4a82-951b-724f592723ae"

Every Data Model API request must contain these body parameters.

A request should generally look like this:

1
curl \
2
 -X POST https://api.redoxengine.com/endpoint \
3
 -H "Content-Type: application/json" \
4
 -H "Authorization: Bearer $API_TOKEN" \
5
 -d '{
6
   "Meta": {
7
     "DataModel": "PatientAdmin",
8
     "EventType": "Arrival",
9
     "Destinations": [
10
       {
11
         "ID": "af394f14-b34a-464f-8d24-895f370af4c9",
12
         "Name": "Redox EMR"
13
       }
14
     ]
15
   },
16
   "Patient": {
17
      # … payload omitted
18
   }
19
 }'

For test requests, send to https://api.redoxengine.com/endpoint. Learn how to send test messages.

You can use the refresh token returned from the most recent authentication request to retrieve a new access token via the refresh token endpoint:

1
curl -X POST https://api.redoxengine.com/auth/refreshToken \
2
 -H '{"Content-Type": "application/json"}' \
3
 -d '{"apiKey": "{{API-token}}", "refreshToken": "4ed7b234-9bde-4a9c-9c86-e1bc6e535321"}'

The object returned for a successful response is the same as that for the original access token retrieval request noted above.