Mahalo Health API Documentation

The Mahalo Health API uses secure token-based authentication to protect patient data and ensure that only authorized applications can access the API.

Authentication Methods

The simplest way to authenticate with the Mahalo Health API is using a Bearer token. Include your API token in the Authorization header of each request:

curl -X GET "https://api.mahalo.health/v1/app/dashboard" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json"

Security Warning

Never share your API token or include it in client-side code. Always make API requests from your server.

Security Best Practices

Store API tokens and secrets securely on your server
Use HTTPS for all API requests
Implement token refresh logic for OAuth 2.0 tokens
Request only the scopes your application needs
Revoke tokens when they are no longer needed
Implement proper error handling for authentication failures

Rate Limiting

To ensure the stability of our API, we implement rate limiting. The current limits are:

100 requests per minute per API token
10,000 requests per day per API token

If you exceed these limits, you will receive a 429 Too Many Requests response. The response will include a Retry-After header indicating how long to wait before making another request.