API Authentication

Generally speaking, you will not need to authenticate to gain access to PharmGKB data. The exception to this rule is PharmGKB's variant and clinical annotations.

To authenticate, you must have an active PharmGKB account. You can register for one here.

OAuth Based Authentication

The API will grant you authorization based on the OAuth bearer token you provide with every request in the Authorization header.

To get the token, you can authenticate your identity with either your email and password.

Authenticating with Email/Password

With JSON:

> curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
  "email": "your_email",
  "password": "your_password"
  }' 'https://api.pharmgkb.org/v1/auth/oauthSignIn'

With form input:

> curl -X POST --header 'Content-Type: application/x-www-form-urlencoded' --header 'Accept: application/json' 
  -d 'email=your_email&password=your_password' 

Using the Bearer Token

Upon successful validation, you will get a response that looks like:

  "accessToken": "eyJhbGdi6i8IUza1NiIPInR5cCI6IkpXVCJ9...xrY0",
  "accessTokenTtl": 3600,
  "refreshToken": "eadkA11Gj4A478D45aD4f9dj2jkfl...fv5k"

You can now use this bearer token in all future API requests in the Authorization header:

> curl -X GET -H 'Authorization: Bearer YOUR_BEARER_TOKEN'