Authentication

The Authentication API is available at api.us.lifeomic.com/v1/oauth.

• Authentication API Reference Documentation

Authentication Method

LifeOmic uses OAuth 2.0 for authorization, which means in order to access data a user must authenticate and the requesting app must be authorized. Contact LifeOmic to set up authorization for your app.

Implicit grant and authorization code flows are supported.

Authorization Code

Authorization code is recommended for web apps, which involves utilizing both the authorize and token API resources. When using the authorization code grant flow, it is also recommended to use Proof Key for Code Exchange (PKCE) to mitigate authorization code intercept attacks.

JSON Web Tokens

LifeOmic uses JSON Web Tokens for access tokens. Once an access token has been retrieved via one of the grant types, then it must be provided for every API request that requires authentication. This can be done by providing the access token in the Authorization HTTP header with a value of Bearer <access token>.

Authentication Resources

• Create an API Key for instructions on how to create an API key and use it for authorization.

• OAuth authorization code grant - Documentation on the authorization flow.

• LifeOmic API access token methods - Documentation on the authorization code grant and the API key access tokens.

• @lifeomic/app-tools - A LifeOmic authentication utility included in a publicly-available npm package.

• Example LifeOmic App - A public GitHub repo with the minimum code needed for getting a web app up and running against the LifeOmic API.