Authentication & Authorization

Like other RESTful APIs, the MediRoutes API uses JWT to handle authentication and authorization with refresh tokens.

How to Obtain a Bearer Token

Once the MediRoutes Team grants you access to the MediRoutes API, you can obtain a bearer token which can be used to hit all other API endpoints.

A. Authorization Grant: Using a client (or Swagger/Postman for testing), POST to the endpoint to obtain access and refresh tokens using your MediRoutes Username and Password:

  1. grant_type = “password”
  2. username =
  3. password =

B. MediRoutes returns Access token & Refresh token

C. Send Access token in request header as a bearer token for all other API endpoints

D. MediRoutes returns requested Resources

E. Once an Access Token expires,

F. An Invalid Token Error (401 Unauthorized Error) will be returned

G. a Refresh Token must be used to obtain new access token

Please Note: Access tokens expire after 24 hours and will require use of a refresh token.


grant_typestringtype in the string "password"REQUIRED
usernamestringMediRoutes usernameREQUIRED
passwordstringMediRoutes passwordREQUIRED

Expected Response Codes

200Request was successful; Access and Refresh tokens returned.
401Request was unsuccessful; Username, Password and/or Grant Type incorrect. (grant_type value is equal to the string "password")
500Unknown error; Contact MediRoutes.

Expected Response Body

expires_inint1 day = 24 hours = 86400 seconds
userNamestringMediRoutes username
.issuedstringUTC date / time that token was issued
.expiresstringUTC date / time that token was issued

Sample 200 Response Body - Token Endpoint

  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI3ZDUyMmNiMS1iZDYxLTQzZDctOWY3OS04MzgyM...",
  "token_type": "Bearer",
  "expires_in": 86400,
  "refresh_token": "CfDJ8EMw3GMoAG1Khpbl5wMJxvmsmeu553OU7whkKzFLC3h0ote-3NzDlA_I7PIqGnPn4UnmP6pZ8cS3...",
  "userName": "[email protected]",
  ".issued": "Mon, 08 Jun 2020 17:17:55 GMT",
  ".expires": "Tue, 09 Jun 2020 17:17:55 GMT"