Digital health compliance, made simple e Tutorial - User Authentication |


In this tutorial we will explore how Authentication on works. We will see the two standard procedures that can be used to validate your calls to and when it is better to use them.

Authentication Types

We have two acces methods: Customer Access and OAuth2:

  1. When you use Customer Access, you have full acccess to your data stored on You authenticate with your customer_id and customer_key that grant you admin power and no access restrictions. This access method is meant to be used only on server-side applications.

  2. With the OAuth2 you can perform logins as a specific User, thus with some limitations. The login requires the username/password along with some information about the client and, if successful, it will return you a bearer token and a refresh token. (Learn more about OAuth protocol 2.0 here .)

When choosing an authentication method for your application, you should ask yourself if you need to do anything of the following with API:

  • Restrict access to resources stored on,

  • Keep track of who sends API calls to,

  • Distribute your application directly to end users (instead of hosting it on your server),

  • Verify whether your users are logged in or not.

If your answer is yes to any of the above, then you probably should use the OAuth2 authentication method.

More resources

Learn more about the API and how to use it in your application.

Developer Support

Looking for more help?

Frequently Asked Questions

Our FAQ answers the most common questions from developers and project managers.

Contact us

Need more specific help?
We're always happy to answer your technical questions.