Clinician Data Access via API

We support REST API protocol standard that communicates over the HTTP to send/receive data to the servers.

Web Services can be accessed through virtually any programming or scripting language including ASP, .Net, VB, PHP, C#, Cold Fusion, Java, etc.

Test your access using Swagger Demo.

Huey data is available through Caspio’s REST API authentication is based on OAuth 2.0 protocol and supports client_credentials flow, meaning that before a client can access resources, it must be authenticated using Client ID/Secret pair that can be found above. And all REST calls should be made in HTTPS. When successfully authenticated, a token is generated that must be used in all follow on calls to the resources endpoint.

Authentication request:

Method: POST URL: https://c2axa376.caspio.com/oauth/token

Body: grant_type=client_credentials&client_id=&client_secret=

You must replace Request URL, client_id, and client_secret with those provided in your Huey account.

The image below shows a successful authentication call using Firefox RESTClient (add-on).

If authentication request is successful, client will receive access/refresh token pair that looks like:

{"access_token":"",
"token_type":"bearer",
"expires_in":86399,
"refresh_token":""}

From this point on you will be using your resource endpoint instead of the token endpoint and every request will have to include the following header parameter:

Parameter name: Authorization

Parameter value: Bearer

You must replace  with the one provided in the previous step.

Alternative Authentication

As an alternative to including credentials in the request body, a client can use the HTTP Basic authentication scheme. In this case, authentication request will be setup in the following way:

Method: POST

URL:

Body: grant_type=client_credentials

Header parameter:

Authorization: Basic

The header parameter is the string “Client_ID:Client_Secret” encoded with the third-party website https://www.base64encode.org/. See Basic Authentication Realm.

Token Expiration and Renewal

Access tokens expire in 24 hours and refresh tokens expire in 1 year.

After the access tokens expire, 401 Unauthorized status code is returned. At this point you can re-authenticate using the instructions above, or you could refresh your token as described below. The choice is yours and depends on your use case and preference.

Making a refresh token request:

Method: POST

URL:

Body: grant_type=refresh_token&refresh_token=

Header parameters:

Authorization: Basic

Content-Type: application/x-www-form-urlencoded

Replace Request URL with your token endpoint URL (the one in Caspio on the Web Services Profile page).

The value for Authorization header parameter is “Basic Client_ID:Client_Secret”, where Client_ID:Client_Secret should be encoded with the third-party website: https://www.base64encode.org/. See Basic Authentication Realm below.

After the expiration of the refresh token, 401 Unauthorized status code will be returned and the client should re-authenticate using Client ID/Secret pair.

Basic Authentication Realm

In Alternative Authentication and Token Renewal sections above you will need to create a header parameter for Basic Authentication Realm. It is constructed by creating the string “Client_ID:Client_Secret”, and encoding it using the RFC2045-MIME variant of Base64. Your programming language may have a simple way of achieving this.

Authorization Header

Every request to REST API Resources URLs must contain an authorization header:

Parameter name: Authorization

Parameter value: Bearer

Content-Type Header

You will use the GET method to receive Huey data using the Name of the View above.

Parameter name: Content-Type

Parameter value: application/json

JSON and XML Response Formats

You can choose between two response formats: json (default) and xml. To change response format, you must add one of the following headers to your request:

Parameter name: Accept

Parameter value: application/json or application/xml

Get Requests Limit 1,000 Records

You will need to create a loop to receive more than 1,000 records per call.