Authentication
The Esteem API uses token-based authentication. All authenticated requests must include an authentication token in the request headers.
Authentication Header
Include your authentication token in the X-User-Token header:
X-User-Token: your_authentication_token_hereExample Request
GET /v1/clinic/patients HTTP/1.1
Host: your-api-domain.com
Content-Type: application/json
X-User-Token: Exse1BncZVGpy7YTD62HAuthentication Requirements
Different endpoints have different authentication requirements:
- Required: Most clinic and admin endpoints require authentication
- Optional: Some public endpoints like assessments may not require authentication
- Role-based: Some endpoints require specific user roles (supervisor, provider, admin)
Token Types
The API supports different types of tokens for different user roles:
- User Token: Standard user authentication token
- Supervisor Token: Enhanced permissions for supervisory functions
- Admin Token: Full administrative access
Error Responses
If authentication fails, you’ll receive a 401 Unauthorized or 422 Unprocessable Entity response:
{
"errors": "You are not authorized to perform this action."
}