Guides

Authentication

This page outlines how to get your API key and generate your access token

Get your API key

  1. Purchase your Halaxy API subscription in the Add-ons page.
  2. Open the Halaxy developer page and create an API Key.
  3. Copy your Client ID and Client Secret.
πŸ”’

Protect your API keys

Your API keys grant access to your practice data and must be kept private to prevent unauthorized access and data breaches. Avoid sharing them publicly or with untrusted parties.


Authentication

Generate your access token by sending a request with your Client ID and Client Secret.

Request your token

curl --location 'https://au-api.halaxy.com/main/oauth/token' \
--header 'Accept: application/fhir+json' \
--header 'Content-Type: application/json' \
--data '{
  "grant_type": "client_credentials",
  "client_id": "<YOUR CLIENT ID>",
  "client_secret": "<YOUR CLIENT SECRET>"
}'

Response

{
"token_type":"Bearer",
"expires_in":3600,
"access_token":"<YOUR ACCESS TOKEN>"
}
πŸ–ŠοΈ

Note

Access tokens are valid for 15 minutes.


Identify your application

 -H 'User-Agent: APP_VENDOR_NAME (APP_VENDOR_EMAIL)

Using your token

This is an example of how to use your access token in a request to generate a patient list.

curl --location 'https://au-api.halaxy.com/main/Patient' \
--header 'Accept: application/fhir+json' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer <YOUR ACCESS TOKEN>'
--header 'User-Agent: APP_VENDOR_NAME (APP_VENDOR_EMAIL)

Rate limits

All requests authenticated with OAuth are rate-limited to 500 requests per minute. The API uses a sliding window rate limiter. Track your current usage with the rate limit headers returned on each OAuth-authenticated request.

HeaderDescription
x-ratelimit-limitTotal requests available in the current 1-minute window.
x-ratelimit-remainingRequests remaining in the current 1-minute window.

If you exceed the limit, the API returns 429 Too Many Requests.

The 429 response includes a retry-after header that tells you how many seconds to wait before sending another request.


🚧

Use the right server

Depending on your country location, make sure that you are using the proper base URL for your region. Countries in the EU and UK must use https://eu-api.halaxy.com/main/, while all other countries must use https://au-api.halaxy.com/main/.


Updated about 1 month ago