PrizmDoc® Viewer v13.28 Release - Updated
PrizmDoc Viewer / API Reference / Cloud Authentication / OAuth
In This Topic
    OAuth
    In This Topic

    OAuth

    Using OAuth, PrizmDoc Cloud can not only authorize a request via the PrizmDoc Cloud API key, but also by custom user information. Ultimately, this will allow you to create rules to limit access to various resources.

    Available URLs

    URL Description
    POST /v1/authTokens Retrieves an authorization token that can be used to authenticate calls to PrizmDoc Cloud Services.

    POST /v1/authTokens

    Retrieves an authorization token that can be used to authenticate calls to PrizmDoc Cloud Services.

    Request

    Request Headers

    Name Description
    acs-api-key Required {{api-key}}
    Content-Type Required application/x-www-form-urlencoded

    Request Body

    grant_type=client_credentials&scope={client customer user id} {client custom role}
    
    

    Successful Response

    Response Body

    Success returns code 200 - OK

    • Content-Type: application/json
    • Cache-Control: no-store
    • Pragma: no-cache

    Error Responses

    Status Code JSON errorCode Description
    400 "Bad Request" Returned when data is incorrect within body of the request.
    401 "Unauthorized" Returned when the key provided in the acs-api-key is incorrect or missing.

    Examples

    Request

    grant_type=client_credentials&scope={client customer user id} {client custom role}
    
    
    grant_type=client_credentials&scope=userid:1234 role:admin
    
    

    Response

    Successful Response

    {
         "access_token": "{valid access token}",
         "token_type": "acs-oauth",
         "expires_in": {time in seconds},
         "scope": {requested scope} // user:{useridValue} role:{roleValue}
    }
    
    
    {
         "access_token": "PrizmDoc Cloud-Hosted-ACCESS-TOKEN",
         "token_type": "acs-oauth",
         "expires_in": 3600,
         "scope": "userid:1234 role:admin"
    }
    
    

    Error Response

    {
         "error": "invalid_request" // error code definitions: https://www.rfc-editor.org/rfc/rfc6749.html#section-5.2
    }