Getting started β
This guide helps you set up an effective integration from the start: aligned expectations, clear responsibilities, and no surprises. No prior OAuth experience is required; concepts are introduced step by step.
The 3 actors in an integration β
Every integration involves three distinct roles:
| Who | Role |
|---|---|
| GipoNext | Provides APIs, manages technical onboarding, approves OAuth applications |
| System Integrator (you) | Develops, tests, and maintains the integration |
| Medical centre (your client) | Defines objectives, authorizes access, introduces the integrator to GipoNext |
π‘ Key responsibilities
GipoNext provides platform and targeted support. The integration project (development, testing, go-live, maintenance) is entirely the integrator's responsibility.
Two separate identities: app and user β
API access requires two distinct things:
| Identity | What it is | How to obtain |
|---|---|---|
Application (client_id + client_secret) | Identifies your software | OAuth registration on account.gipo.it |
| User (interactive login) | Determines tenant and permissions | End-user login on account.gipo.it |
Application credentials do not grant data access; they only identify the software. Data access always depends on the user who logs in.
For a deeper understanding of this separation and why it matters, see OAuth flows and tokens.
What to do in practice β
Step 1 β Accreditation β
The medical centre introduces the integrator to GipoNext, which activates the developer account and approves the OAuth application registration.
Full operational detail is in Accreditation process.
Step 2 β Implement OAuth β
Use one of the supported flows:
- Authorization Code (recommended) β for apps with browser or full UI (web, desktop, mobile).
- Device Code β for devices without a browser (user authorizes from another device).
Details: OAuth flows and tokens.
Step 3 β Call the APIs β
- Base URL:
https://api.giponext.it/v2/tenants/{tenantId}/... - Get
tenantIdfrom the UserInfo endpoint after authentication. - Include the Bearer token in the
Authorizationheader of every request.
GET https://api.giponext.it/v2/tenants/{tenantId}/patients
Authorization: Bearer <access_token>
Accept: application/jsonFor the full list of endpoints and data models: Swagger UI and API reference.
Next steps β
- Accreditation process β how to obtain developer account and OAuth credentials
- Register your application β application registration details
- Entities and operations β available resources, operations, and required OAuth scopes
- FAQ β quick answers to common questions