Base URL
The Hill Laboratories Client API is served over an HTTPS connection. All production URLs referenced in the documentation have the following base URL (except for URLs used in getting and refreshing tokens): https://api.hill-laboratories.com/client
Authentication
Authentication with the Hill Laboratories API is completed via the OAuth2 standard. The access_token should be passed with each API call via a HTTP header. The Authorization request header field (which uses the Bearer authentication scheme to transmit the Access Token) is used for this specific purpose.
Access Token
The access token will have a life of approximately 24 hours, after which you’ll need to get a new access token.
The new token will again be live for 24 hours; a short expiry is required for security purposes.
Endpoint
Testing: https://cat-api.hill-laboratories.com/client/oauth/token
Production: https://api.hill-laboratories.com/client/oauth/token
Required Headers
“Content-Type”: “application/json”
Example Request
We’ll need to provide you with a username and password for you to get an access token to use the API.
To get your access token make a POST request with the following details:
{
"username":"[username]",
"password":"[password]"
}Example Response
The response will contain an access_token which can be used for subsequent requests.
{
"access_token": "xx...xx",
"expires_in": 86400,
"token_type": "Bearer"
}Security Considerations
This is a service-to-service implementation. The username and password must be stored securely to keep it from being used by potential attackers. It is not safe to store them in a browser.
Please contact our support team if you notice any security anomalies.