# Authorization API

The Tidepool API is an HTTP REST API used by Tidepool clients use to communicate with the Tidepool Platform.

For more information, see the [Getting Started](../docs/quick-start.md) section.

Version: 1.0
License: BSD-2-Clause

## Servers

integration
```
https://external.integration.tidepool.org
```

production
```
https://api.tidepool.org
```

dev1
```
https://dev1.dev.tidepool.org
```

qa1
```
https://qa1.development.tidepool.org
```

qa2
```
https://qa2.development.tidepool.org
```

## Security

### sessionToken

Tidepool Session Token

Type: apiKey
In: header
Name: X-Tidepool-Session-Token

## Download OpenAPI description

[Authorization API](https://dev-docs.tidepool.org/_bundle/reference/access.v1.yaml)

## Authorization

List, create and manage authorizations that grant access to another user's diabetes data.

### Get Groups for User

 - [GET /access/groups/{userId}](https://dev-docs.tidepool.org/reference/access.v1/authorization/getgroupsforuser.md): Retrieve all groups accessible to the user userId.

### Get Users in Group

 - [GET /access/{sharerId}](https://dev-docs.tidepool.org/reference/access.v1/authorization/getusersingroup.md): Retrieve all users that have access to group sharerId.

### Get User Permissions in Group

 - [GET /access/{sharerId}/{userId}](https://dev-docs.tidepool.org/reference/access.v1/authorization/getpermissionsforuser.md): Retrieve permissions of individual user userId in group sharerId.

### Update Permissions for User in Group

 - [POST /access/{sharerId}/{userId}](https://dev-docs.tidepool.org/reference/access.v1/authorization/grantpermissionsingroup.md): Update permissions of individual user userId in group sharerId. The permissions provided in the request body replace all existing permissions for that user. Therefore to delete a permission, submit the request body without that permission.

