Versions Compared

Old Version 1

changes.mady.by.user Adaptavist ScriptRunner for Confluence Cloud

Saved on

compared with

New Version 2

changes.mady.by.user Ben Derr

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

All Tidepool services are accessed via RESTful URLs at api.tidepool.org.

Live Search
spaceKey@self
additionalpage excerpt
placeholderSearch this space

Use of our APIs is documented at https://developer.tidepool.org and via source code and documentation found at https://github.com/Tidepool_org .

All API calls are RESTful and require a unique, valid session token that is obtained during authentication and is not exposed in the URL.

All communication with APIs is encrypted via TLS/HTTPS. Data is transmitted to the web application as JSON streams over RESTful APIs.

About session tokens

New session tokens are generated upon login and invalidated on logout.

Session tokens are 1024 bits and expire after 30 days 8 hours or upon logout.

Session IDs are only included in the encrypted HTTPS header and are not exposed in the URL.

API Security

Every API endpoint verifies that:

  1. there is a valid JWT access token

  2. the access token is from a user who has permission/privilege to access the resource in question.

The access token is generated by Tidepool upon successful user authentication. It contains the user ID of the user as one of its claims, and it is signed with Tidepool’s private key using RS256 algorithm.

OAuth tokens are good for a max of 24 hours, and then will need to refresh the token if not handled state-fully by an application.

Page Tree