The Authentication API is available at api.us.lifeomic.com.
LifeOmic uses OAuth 2.0 for authorization, which means in order to access data a user must authenticate and the requesting app must be authorized.
Implicit grant, authorization code, and client credentials flows are supported.
Authorization code is recommended for web apps, which involves utilizing both the authorize and token API resources.
When using the Authorization Code grant flow, it is also recommended to use Proof Key for Code Exchange (PCKE) to mitigate authorization code intercept attacks.
LifeOmic uses JSON Web Tokens for access tokens. Once an access token has been retrieved via one of the grant types, then it must be provided for every API request that requires authentication. This can be done by providing the access token in the
Authorization HTTP header with a value of
Bearer <access token>.
Contact LifeOmic if building a native app which can securely perform client credentials flow.
See the API Keys User Guide for instructions on how to create an API key. After creating an API key, it can be provided via the
Authorization HTTP header in the same fashion as the access tokens.