Client Credentials

The Medplum API uses standard OAuth2/OpenID authentication. The "Client Credentials Flow" is recommended for machine-to-machine access.

Obtaining Credentials

This tutorial assumes you already have a Medplum account. (If not, please register.)

Create a ClientApplication if one does not already exist. You can create a new ClientApplication on the Project Admin page.

For this example you will need the ID and Secret.

Connecting to the service

Execute an HTTP POST request to the OAuth2 Token endpoint:

On success, the response will be a JSON object with the following properties:

{
  "token_type": "Bearer",
  "access_token": "<YOUR_AUTH_TOKEN>",
  "expires_in": 3600
}

The value of "access_token" can then be used in future requests for authentication.

Alternatively, you can initiate the process in the Medplum Client by using the startClientLogin convenience method.

For more details about OAuth2 Client Credentials Flow:

• https://datatracker.ietf.org/doc/html/rfc6749#section-4.4
• https://oauth.net/2/grant-types/client-credentials/
• https://auth0.com/docs/flows/client-credentials-flow