Authentication
1health uses API keys to authenticate requests. All API requests must include your API key in the Authorization header.
API Keys
API keys are generated from your dashboard and begin with 1h_live_ for production keys or 1h_test_ for sandbox keys.
cURL
curl -X GET "https://api.1health.io/api/v2/patient" \
-H "Authorization: Bearer 1h_live_abc123def456..." \
-H "Content-Type: application/json"Best Practices
Environment Variables
# .env.local
ONEHEALTH_API_KEY=1h_live_abc123def456...
# Never commit API keys to version control
# Add .env.local to your .gitignore- Store API keys in environment variables, never in client-side code
- Use server-side routes or API routes to proxy requests
- Rotate keys periodically and revoke compromised keys immediately
- Use separate keys for development and production environments
Rate Limits
| Plan | Rate Limit | Burst |
|---|---|---|
| Free | 100 req/min | 10 req/sec |
| Pro | 1,000 req/min | 50 req/sec |
| Enterprise | Custom | Custom |