1. Home
  2. Docs
  3. OAuth2 API
Table of Contents 

OAuth2 API

Introduction

VitalDB APIs use the OAuth2.0 protocol for authentication and authorization.

Overall Process

Your application must request a code and then extracts an access token from the response. Finally, your application can use the data from VitalDB APIs using the access token.

Login Page

Issue a code, which is required to get an access token. Used in “Sign in with VitalDB” service.

Endpoint

https://vitaldb.net/oauth2/login

Method

GET

Parameters

  • Please urlencode the parameter if it has any special characters.

Field

Type

Required

Description

client_id

String

Required

Client ID, please contact us to get a client ID

redirect_uri

String

Required

URI to be redirected after login succeeds.

Redirected to:

redirect_uri?code=xxxxxxxx&state=xxxxxxxx

state

String

Optional

Random String used to protect against CSRF (Cross-site Request Forgery). VitalDB server sends back the state parameter. If state parameters are different, CSRF detected.

Return Value

  • If successful, it redirected to redirect_uri?code=xxxxxxxx&state=xxxxxxxx

Field

Type

Description

code

String

A code (random string) which is required to issue an access token. The code will expire in 3 minutes.

state

String

Random String used to protect against CSRF (Cross-site Request Forgery). VitalDB server sends back the state parameter. If state parameters are different, CSRF detected.

Sample Codes

curl -i https://vitaldb.net/oauth2/login?client_id=xxxxxxx&redirect_uri=https://www.path-to-redirect.com/callback

Get Token

Issue an access token which is required to access VitalDB APIs.

Endpoint

https://vitaldb.net/oauth2/token

Method

POST

Parameters

  • Please urlencode the parameter if it has any special characters.

Field

Type

Required

Description

client_id

String

Required

Client ID, please contact us to get a client ID

client_secret

String

Required

Client Secret, please contact us to get a client secret

code

String

Required

A code issued by VitalDB Login API

OR

Field

Type

Required

Description

id

String

Required

VitalDB user ID

pw

String

Required

VitalDB user password

Return Value

  • Content-type: application/json

Field

Type

Description

access_token

String

An access token which is required to access VitalDB APIs

token_type

String

Bearer type

expires_in

Number

= 3600. The access token expires in an hour.

Sample Codes

curl -v -d 'code=xxxxxxxxxxxx&client_id=xxxxx&client_secret=xxxxxxxx' https://vitaldb.net/oauth2/token

curl -v -d 'id=userid&pw=password' https://vitaldb.net/oauth2/token

Get Userinfo

Read data of a user

Endpoint

https://vitaldb.net/oauth2/userinfo

Method

GET

Parameters

  • Please urlencode the parameter if it has any special characters.

Field

Type

Required

Description

access_token

String

Required

An access token which is required to access VitalDB APIs

Return Value

  • Content-type: application/json

Field

Type

Description

userid

String

VitalDB user ID

email

String

User email

Sample Codes

curl -i https://vitaldb.net/oauth2/userinfo?access_token=xxxxxxxx