Accreditation process

This page describes the operational sequence for accrediting a new integrator: from developer account activation to OAuth credential release.

Recommended sequence

1. Initial request The medical centre contacts GipoNext, states the integration intent, and introduces the System Integrator.

2. Developer account creation GipoNext creates or enables the developer account on the integrator's reference email. This account is for managing application registrations, not for accessing clinical data.

3. OAuth application request The integrator logs in at account.gipo.it, opens Developer -> OAuth Applications, and submits the request.

4. Approval and credential release Usually within about 2 business days, GipoNext approves the request and releases client_id and client_secret.

5. OAuth implementation and API integration The integrator implements OAuth login in their application and calls the APIs with real user tokens.

6. Testing and validation The integrator tests on a sandbox tenant (sample data) or, if agreed, with a temporary user account from the medical centre on the real tenant.

7. Deactivate temporary user (if used) When the project ends, any temporary users provided to the integrator must be deactivated.

Operational path for the integrator

Two separate registrations are required:

1. Developer account to register the OAuth application.
2. User account with access to the medical centre (and relevant data), if you do not already have a valid one.

Step 1: developer account and OAuth request

1. Register at account.gipo.it.
2. Request developer role activation via support.
3. When the role is active, create the request in Developer -> OAuth Applications.
4. In the app configuration, select the required claims and scopes. For medical reports, include scopes relevant to the medical reports area.

Configuration details: Register your application.

Step 2: access to medical centre data

For security and compliance, data access cannot be activated without the medical centre's involvement.

Procedure:

1. The medical centre opens a ticket requesting user creation and the email to associate.
2. After user creation, perform interactive OAuth login: use your app's client_id and client_secret, and enter valid user credentials in the auth popup.
3. If you already have valid credentials for that medical centre, you can use those without requesting a new user.

Operational best practices

• Register separate OAuth applications for production and non-production when redirect URIs differ.
• Keep separate client_secret values for each environment to simplify security and troubleshooting.
• Use GipoNext support only for clarifications and exceptions, not as ongoing development support.

Next steps

• Getting started — full integration overview
• Register your application — detailed application configuration
• OAuth flows and tokens — technical flows and token handling