Authentication with OAuth2.0

This tutorial explains how to connect to the API Gateway (or Sandbox) with (test) Client Credentials, using OAuth2 for authorization and authentication.

As explained in the getting started guide, you will need the Client ID and the Client Secret to get access.

Step 1: Get access token

Access tokens and refresh tokens can be generated using the following URLs, depending on the region your organization is hosted in:

• https://identity-oauth.eu.founda.com/oauth2/token
• https://identity-oauth.us.founda.com/oauth2/token

Example cURL command

In order to get an access token you can use the following cURL command as an example:

Replacing <client_id> and <client_secret> with your Client Credentials.

Example Postman command

In order to get an access token you can use the following Postman steps as an example:

1. Open a new request and go to the Authorization tab
2. Configure the settings:
   1. Type: OAuth2.0
   2. Grant Type: Client Credentials
   3. Access token URL:
      1. https://identity-oauth.eu.founda.co/oauth2/token
      2. https://identity-oauth.us.founda.co/oauth2/token
   4. Client ID: Client ID of Test Client retrieved via 1Password
   5. Client Secret: Client Secret of Test Client retrieved via 1Password
   6. Client authentication: ‘Send client credentials in body’

Configure new access token



1. Choose ‘Get New Access Token’
2. When authentication is successful: Authentication complete
3. Choose ‘Use Token’

Postman will copy the token to the token field.

Step 2: Start using the API

Now that your Test Client has an Access Token, it is possible to start making test calls to the Sandbox. The FHIR 4 Base URL for this is: 

• https://api.us.founda.co/1/health/organizations/{organizationId}/fhir/4
• https://api.eu.founda.co/1/health/organizations/{organizationId}/fhir/4

Note that {organizationId} has to be replaced with the organization ID of the Sandbox, this ID is provided along with the Client Credentials.