The Aton Health Patient Referrals API uses OAuth 2.0 with the client credentials flow for authentication. All API requests must include a valid access token in the Authorization header.
Authentication Flow
- Request Access Token - Use your client credentials to obtain an access token
- Include Token in Requests - Add the token to the Authorization header
- Token Refresh - Obtain a new token before the current one expires (~1 hour)
Getting Credentials
Contact the Aton Health team to receive your authentication credentials:
- Development: For integration testing
- Production: For live operations
Contact: integration-support@atonhealth.com
Quick Start
Bash
# 1. Get access token
curl -X POST https://login.microsoftonline.com/5178eeaf-1f56-44cb-940e-012fe79c2845/oauth2/v2.0/token \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&client_id={client_id}&client_secret={client_secret}&scope={api_scope}"
# 2. Use token in API requests
curl -X GET https://api.aton.health/api/v1/referrals/ \
-H "Authorization: Bearer {access_token}"
Security Best Practices
- Never expose credentials in client-side code or version control
- Store credentials securely using environment variables or key management
- Rotate secrets regularly as part of your security protocol
- Use HTTPS only for all authentication requests
- Monitor token expiration and implement automatic refresh logic
Next Steps:
Learn about OAuth 2.0 implementation details
Need Help?
Contact our integration team at integration-support@atonhealth.com