API Authentication
OAuth 2.0 & JWT Protocol • v1.0
Puga Trinicare utilizes a tiered authentication architecture. All API requests require a valid Bearer Token generated via our OAuth 2.0 provider.
POST
/auth/loginGenerate a temporary access token for secure API resource interaction.
Request Payload
{
"email": "user@example.com",
"password": "password123"
}Response JSON
{
"access_token": "jwt_token",
"expires_in": 3600,
"token_type": "Bearer",
"user_role": "provider",
"scope": "patients:read"
}Authorized Scopes
patients:readView patient records and history
patients:writeCreate or update patient folders
consultations:readAccess telemedicine session details
payments:writeInitiate PugaPay health financing
workforce:readView O&G compliance status
Protocol Standards
TLS 1.3 Required
All non-encrypted HTTP traffic is automatically dropped by the gateway.
Automatic Rotation
API keys for high-risk industrial nodes are rotated every 90 days as per security policy.