# Public API – Access Management

Operations related to patients, appointments, providers and so on.

Version: 169.0.17

## Servers

Sandbox
```
https://test.hs1api.com/ascend-gateway
```

```
https://prod.hs1api.com/ascend-gateway/api
```

## Security

### bearerAuth

Type: http
Scheme: bearer
Bearer Format: JWT

### oAuthSandbox

OAuth 2.0 client credentials (Sandbox)

Type: oauth2

## Download OpenAPI description

[Public API – Access Management](https://papidocs.hs1api.com/_bundle/PublicAPI/api-access-management.yaml)

## AccessToken (V1)

### Get Access Token (Client Credentials)

 - [POST /oauth/client_credential/accesstoken](https://papidocs.hs1api.com/publicapi/api-access-management/accesstoken-(v1)/postoauthclientcredentialaccesstokenv1.md): Exchanges Client ID and Client Secret for an access token using OAuth 2.0 client credentials flow.

This endpoint implements server-side token caching to avoid exposing client secrets to frontend applications.
Tokens are automatically refreshed when near expiry.

Environment URLs:
- Sandbox: https://test.hs1api.com
- Production: https://prod.hs1api.com

Note: Sandbox and Production use different base URLs and credentials.