API Accreditation Process
To integrate your application with GipoNext, follow this operational roadmap. The entire process typically takes 2-3 business days.
In brief (TL;DR)
- Account Creation: Create your personal profile at account.gipo.it.
- Developer Request: Contact Support to request "Developer" features, specifying which medical center or client you are building the integration for.
- OAuth App: Create your OAuth application in the dedicated panel and wait for the official credentials to be issued.
- Data Access: Use your OAuth client data along with login credentials on a specific tenant to obtain tokens and perform API operations.
Integration Roadmap
Phase 1: Setup and Profile Activation
Before you can configure the integration, you must activate your developer profile.
- Registration: Create an account at account.gipo.it.
- Role Activation: Once registered, contact Support to request activation of the Developer Role. Without this step, the configuration menus will not be visible.
Phase 2: OAuth Application Configuration
With an active profile, you can register your technical solution:
- Go to Developer > OAuth Applications on account.gipo.it.
- Create a request: Enter the app name, Redirect URIs (HTTPS), and select the necessary scopes (e.g.,
patients,agendas,medical reports). - Environment Management:
- Recommended: Create two separate Apps (e.g., "MyApp - Test" and "MyApp - Prod") to separately manage
client_secretand different redirects between your development and production environments. - Alternative: You can use a single App if your architecture allows for dynamic flow management across multiple environments.
- Recommended: Create two separate Apps (e.g., "MyApp - Test" and "MyApp - Prod") to separately manage
- Credential Issuance: GipoNext approves the request (usually within 48h), issuing the
client_idandclient_secret.
Phase 3: Accessing Data (Operations)
To test API calls and access clinical data, you have two paths:
- Option A (Trial/Sandbox Account): If you want to start immediately without depending on a real client, you can request a Trial activation. This allows you to work in an isolated environment with dummy data and validate the integration immediately.
- Option B (Medical Center Data): The Medical Center creates a technical account dedicated to the integrator (e.g.,
integration.name@center.it) directly from its own management system, under Configurazione → Permessi → Utenti (www.giponext.it/utenti), choosing the most suitable role for the integration (administrator or doctor, with no constraints). No support ticket is needed. Once created, you will use these credentials in your application's OAuth login popup to access the center's real data.
🛠️ Technical Checklist
- [ ] Active account on
account.gipo.itwith Developer role. - [ ] Redirect URI correctly configured (HTTPS).
- [ ] Choice of access mode (Trial vs. Medical Center Account).
- [ ]
client_idandclient_secretobtained after approval.
Useful Resources:Registration Guide ➡️ | OAuth Flow Details ➡️
🆘 Common Questions
- Why can't I see the data? App approval (Phase 2) gives you the keys, but data access (Phase 3) requires a valid account (Trial or Medical Center).
- Can I change Redirect URIs later? Yes. You can edit the app configuration (including Redirect URIs) yourself from the account.gipo.it portal, without contacting support. Some changes may require a new Gipo approval.
- Are the credentials expired? Remember that the
client_secretmust be stored securely and should never be exposed in client-side (frontend) code.
Next steps
- Getting started — full integration overview
- Register your application — detailed application configuration
- OAuth flows and tokens — technical flows and token handling