Authentication
When HIQOR delivers health assessment data to your system, we authenticate the request based on your preferred security model. You provide HIQOR with the authentication method and credentials you require, and HIQOR will include them in all outbound POST requests to your API endpoint.
Supported Authentication Methods
HIQOR supports the following methods:
| Method | Description | Example Header |
|---|---|---|
| API Key Header | HIQOR includes your API key in a custom header. | X-API-Key: your-api-key |
| Bearer Token | HIQOR includes your bearer token in the Authorization header. | Authorization: Bearer your-token |
| Basic Auth | HIQOR sends username/password encoded in the Authorization header. | Authorization: Basic base64(username:password) |
| Custom Headers | HIQOR sends any custom header(s) required by your system. | X-Client-ID: your-client-id |
Optional: Signature Verification
For additional security, HIQOR can include an HMAC signature header that you can use to verify the authenticity of API requests. This is optional and can be enabled during configuration.
POST /api/hiqor/webhook HTTP/1.1
Host: your-domain.com
Content-Type: application/json
X-API-Key: your-api-key
X-HIQOR-Signature: sha256-signature-value
{
"assessmentType": "FaceScan",
...
}Configuration
To configure authentication for your API endpoint, provide HIQOR with:
- Your preferred authentication method (API Key, Bearer Token, Basic Auth, or Custom Headers)
- The authentication credentials or tokens HIQOR should use
- Any custom headers or specific authentication requirements
- Whether you want signature verification enabled (optional)
If your authentication credentials change or are rotated, notify HIQOR so we can update them on our side. This ensures uninterrupted data delivery.