DEXIS logo

DEXIS Public API documentation V4.7.10.38


Authentication

DEXIS IS Connect public API is using OpenID Connect (OIDC) protocle for token based authentication and authorization. This protocol is built on OAuth 2.0.To know more about OpenID Connect protocol, please visit openid.net

Concepts

Client ID The client_id is a globally unique identifier (GUID) that is the unique identifier for your application in DEXIS Active Directory. DEXIS service support should provide you with the its value during integration proccess.
Client Secret The client_secret is your application's password. It's provided by DEXIS service support and shouldn't be stored in the end users machines (server or cloud storage).
Redirect URI The redirect_uri is the url to which the user shall be redirected at the end of the authentication flow.
Authorization code The code sent to your application as a query parameter og the Redirect URI. This code should be used to retrieve authentication access_token and refresh_token.
Access Token The token you got at the end of authentication flow. This token sould be set in the Autorization header of all the requests sent to DEXIS Public Api. The access token is valid for one hour
Refresh Token The refresh_token allows your app to get fresh user's access_token without asking the user to enter again his login/password. The Refresh Token is valid for sliding 14 days.

How to get user access token

  1. Get authorization code
    2. Redirect the user to the authorization url passing your app's registration information:
    https://envistab2c.b2clogin.com/envistab2c.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN/oauth2/v2.0/authorize?client_id=&response_type=code&redirect_uri=&response_mode=query&scope=offline_access%20https://envistab2c.onmicrosoft.com/ConnectPublicApi/User.Standard&prompt=login


    After finishing the login flow, the user shall be redirected to your application redirect uri with the authorization_code in the query parapeters: https://your-redirect-uri?code=nmCNH9vHAxygZPLYYKOgybXRprm...

  2. Get Access Token
    3. curl --location 'https://envistab2c.b2clogin.com/envistab2c.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN/oauth2/v2.0/token' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --data-urlencode 'grant_type=authorization_code' \
    --data-urlencode 'client_id=<your_application_client_id>' \
    --data-urlencode 'scope=offline_access https://envistab2c.onmicrosoft.com/ConnectPublicApi/User.Standard' \
    --data-urlencode 'code=<user_authorization_code>' \
    --data-urlencode 'redirect_uri=<your_application_redirect_uri>' \
    --data-urlencode 'client_secret=<your_application_client_secret>'

    Response example: 
    {
    "access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ink2OX.....",
    "token_type": "Bearer",
    "not_before": 1708442458,
    "expires_in": 3600,
    "expires_on": 1708446058,
    "resource": "a591b17d-ad8e-4ba1-8c48-042e561268cf",
    "profile_info": "eyJ2ZXIiOiIxLjAiLCJ0aWQiOiIxNjBhOTcxMS00Z....",
    "scope": "https://envistab2c.onmicrosoft.com/ConnectPublicApi/User.Standard offline_access",
    "refresh_token": "eyJraWQiOiIxQzd5OG1yVUI4Y.....",
    "refresh_token_expires_in": 1209600
}
    Your application should extract the access_token from the response and use it to authenticate the http requests sent to DEXIS IS Connect Public API. The refresh_token should be extracted as well and stored in your server so that you can use it to get fresh access tokens silently (without user interactrion, see Refresh token section bellow)

  3. Refresh Token
    4. curl --location 'https://envistab2c.b2clogin.com/envistab2c.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN/oauth2/v2.0/token' \
    --header 'Content-Type: application/x-www-form-urlencoded' \
    --header 'Cookie: x-ms-cpim-geo=NA' \
    --data-urlencode 'grant_type=refresh_token' \
    --data-urlencode 'client_id=<your_application_client_id>' \
    --data-urlencode 'scope=offline_access https://envistab2c.onmicrosoft.com/ConnectPublicApi/User.Standard' \
    --data-urlencode 'refresh_token=<user_refresh_token>' \
    --data-urlencode 'redirect_uri=<your_application_redirect_uri>' \
    --data-urlencode 'client_secret=<your_applicaiton_client_secret>'

    Response example: 
    {
    "access_token": "eyJhbGciOiJSUzI1NiIsImtp....",
    "token_type": "Bearer",
    "not_before": 1708443099,
    "expires_in": 3600,
    "expires_on": 1708446699,
    "resource": "a591b17d-ad8e-4ba1-8c48-042e561268cf",
    "profile_info": "eyJ2ZXIiOiIxLjAiLCJ0aWQiO....",
    "scope": "https://envistab2c.onmicrosoft.com/ConnectPublicApi/User.Standard offline_access",
    "refresh_token": "eyJraWQiOiIxQzd5OG1yVUI4YzBBZGl2....",
    "refresh_token_expires_in": 1209600
}
    Your application should extract the access_token from the response and use it to authenticate the http requests sent to DEXIS IS Connect Public API. Refresh token value should be updated to store new value valid for next 14 days.

Api Key Authorization

When DEXIS service team will register your application in DEXIS Active Directory, you'll be provided with ClientId, Client Secret (mentioned above) and an Api Key. The Api Key is a secret key specific to your application. The value of the Api Key should be present in the headers of all requests sent to DEXIS Public Api. Otherwise, they will be rejected. 
curl --location 'https://<dexis_api_base_url>/api/v1/DentalCases?$expand=dentist&$count=true&$top=10&$skip=0&$filter=caseType eq'Orthodontics' \
    --header 'x-api-key: <your_api_key_value>' \
    --header 'Authorization: Bearer <your_access_token>

Contact

To start new integration and use this API, please contact us using this email address dexis.integration@envistaco.com to get your credentials: ClientId, Client Secret and the Api Key.