Login

The login endpoint exchanges a username and password for a time-limited bearer token used by all clinical endpoints.

Request

Python
JavaScript
cURL

import requests

base_url = "<base_url>"  # the base url path provided during registration
url = f"{base_url}/login"

data = {
    "username": "<your_email>",     # the email you provided during registration
    "password": "<your_password>"   # the password received in the welcome email
}
headers = {"Content-Type": "application/x-www-form-urlencoded"}

response = requests.post(url, data=data, headers=headers)
result = response.json()

const baseUrl = "<base_url>"; // the base url path provided during registration

const formData = new URLSearchParams();
formData.append("username", "<your_email>");
formData.append("password", "<your_password>");

const response = await fetch(`${baseUrl}/login`, {
  method: "POST",
  headers: { "Content-Type": "application/x-www-form-urlencoded" },
  body: formData.toString(),
});
const result = await response.json();

curl -X POST "<base_url>/login" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "username=<your_email>&password=<your_password>"

Response

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Access token",
  "expires_in_minutes": "60"
}

Field-by-field

access_token the bearer token to include in every protected endpoint as Authorization: Bearer <access_token>.
token_type descriptive label, currently always "Access token".
expires_in_minutes token lifetime. After this many minutes, the token becomes invalid and you must call /login again to obtain a new one.

Token expiration

Cache the token for the duration of expires_in_minutes and re-issue /login proactively before it expires. If a clinical endpoint returns an authentication or authorization error, treat it as token expiration and retry after a fresh login.

Request​

Response​

Field-by-field​

Request

Response

Field-by-field