Authentication

Overview

DocHeart supports 2 types of authentication:

• JWT-based authentication via username and password (only used by DocHeartUI)
• API token-based authentication

The following paragraphs will provide a guide on how to perform API token-based authentication.

API token authentication

This authentication method is suitable when you want to connect a backend system to DocHeartAPI. DocHeart allows users to create and manage multiple API tokens per account. When API tokens are used, usage of DocHeart is tracked per API token, which enables you to connect multiple applications with the same DocHeart account, yet split the costs across these applications. API tokens have optional expiration dates for security purposes.

The first step in performing API token authentication is creating an API token. This can be easily done via DocheartUI (Read the tutorial to see how).

If the request was successful, you will get the following JSON response, containing the API token:

{
    "_id": "64afc03487aec84d1836e174",
    "created_at": 1689239604.2151585,
    "expires_at": 1920096930.0,
    "key": "ec283363c53bdd791577512e39f3ce41b34148eaacfd3de91ce5a5a54a7f5776",
    "name": "new_token",
    "raw_token": "sJ1poqD6prtAFL0L5BZB23Mxkk0ZHvfV",
    "user_id": "64ad04d1814ae84bfb02e3ad"
}

The piece of information that is relevant for authentication purposes is the “raw_token”. In all subsequent requests, you will have to include the raw token inside the “X-api” HTTP header, like in the example below:

curl -X GET https://api.docheart.ai/docheart/api/vault/list \
-H "X-api: sJ1poqD6prtAFL0L5BZB23Mxkk0ZHvfV"