Skip to main content

Authentication

The Authentication API is available at api.us.lifeomic.com/v1/oauth.

Authentication Method

LifeOmic uses OAuth 2.0 for authorization, which means in order to access data a user must authenticate and the requesting app must be authorized. Contact LifeOmic to set up authorization for your app.

Implicit grant and authorization code flows are supported.

Authorization Code

Authorization code is recommended for web apps, which involves utilizing both the authorize and token API resources. When using the authorization code grant flow, it is also recommended to use Proof Key for Code Exchange (PKCE) to mitigate authorization code intercept attacks.

JSON Web Tokens

LifeOmic uses JSON Web Tokens for access tokens. Once an access token has been retrieved via one of the grant types, then it must be provided for every API request that requires authentication. This can be done by providing the access token in the Authorization HTTP header with a value of Bearer <access token>.

Authentication Resources