Authorization


To be able to integrate with the HealthCloud SSO platform the developer needs to follow a few steps.


Step 1 – Follow the Apply for access link to register for your API credentials.

Step 2 – You will receive an email once your application is approved with your api credentials.

Step 3 – You can configure your callback URL and maintain your credentials by following Maintain Credentials.

Step 4 - Implementation.


Implementation


Requirements

The HC System requires the API Key, a CorrelationId and passphrase, to be sent in the Headers with every request, this will be used to identify the calling system and to prevent Replay attacks.


Correlation Id

The CorrelationId is a concatenated string of the current UTC Date Time in the format of “yyyyMMddHHmm” and 32 Random Generated Alphanumeric characters (0-9, A-Z, a-z). This should give a total length of 44 characters.


Passphrase

The next step is to create a HASH using HMACSHA256 of your API Key. The Secret used in this HASH must be the concatenation of your CorrelationId from 1 above and your secret.

Lastly convert this HASH value to a base64 string and pass it to the server as your passphrase.


Headers

The Following Headers must be included with every request: