Awell Health Developer Hub
Developer Hub

Awell authenticates your API requests using your tenant's API keys. If a request doesn’t include a valid key, Awell will reject the request

How to get your API key

You can create and delete API keys via the Awell Platform. Click here for more information about how to create an API key.

Keep your keys safe

Anyone with an API key can make an API call on behalf of your tenant, such as creating a patient, listing all care flows, or start care flows. Keep your keys safe by following these best practices:

  1. Grant access only to those who need it.
  2. Don’t store keys in a version control system.
  3. Control access to keys with a password manager or secrets management service.
  4. Don’t embed a key where it could be exposed to an attacker, such as in a front-end application (see Machine to Machine (M2M) API).

How to use the API key

Once you have an API key, simply add it to the header (apiKey) of your requests, as shown below.

  • bash
01curl -X POST \
02 '' \
03 -H "Content-Type: application/json" \
04 -H 'apiKey: YOUR_API_KEY' \
05 -d '{"query":"query GetPublishedPathwayDefinitions{publishedPathwayDefinitions{publishedPathwayDefinitions{id title}}}"}'

Machine to Machine (M2M) API

The Orchestration API is a Machine to Machine (M2M) API and uses a secret API key for authentication and authorization. All requests to the orchestration API should be sent from backend services that can safely and securely access the API key and add it in the relevant header without creating a risk of disclosing the API key.

Pathway versioning
© Awell Health