Getting started
Authorization
Use API keys to authenticate API requests.
Awell authenticates your API requests using your tenant's API keys. If a request doesn’t include a valid key, Awell will reject the request
How to get your API key
You can create and delete API keys via the Awell Platform. Click here for more information about how to create an API key.
Keep your keys safe
Anyone with an API key can make an API call on behalf of your tenant, such as creating a patient, listing all care flows, or start care flows. Keep your keys safe by following these best practices:
- Grant access only to those who need it.
- Don’t store keys in a version control system.
- Control access to keys with a password manager or secrets management service.
- Don’t embed a key where it could be exposed to an attacker, such as in a front-end application (see Machine to Machine (M2M) API).
How to use the API key
Once you have an API key, simply add it to the header (apiKey) of your requests, as shown below.
01
Machine to Machine (M2M) API
The Orchestration API is a Machine to Machine (M2M) API and uses a secret API key for authentication and authorization. All requests to the orchestration API should be sent from backend services that can safely and securely access the API key and add it in the relevant header without creating a risk of disclosing the API key.
