Skip to content's OAuth2 code snippets for easy app development with Real-Time Personalization and App Chains
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

OAuth2 code for's API and App Chains

This repo contains code for implementing OAuth2 authentication for your app so that your app can securely access's API and app chains.

Want to see it in action? A demo of the OAuth2 code is available here:

OAuth2 code is available in the following languages:


  • Introduction
  • Implementation
  • App chains
  • Authentication flow
  • Steps
  • Resources
  • Maintainers
  • Contribute


The code in this repo can be used to quickly implement oAuth2 authentication for's API. By adding oAuth2 authentication to your app, you'll then be able to use's API to ehance your app with Real-Time Personalization.

The code has also been deployed and can be accessed online as an OAuth2 demo.

  • A end-user validates using thier login and, if successfull, the demo will provide a list of genetic data files from the user's account at
  • The demo will display a list of sample files if a user doesn't yet have access to his or her genetic data. These sample files are real genetic data files and are available for free for apps that use's API.

To code Real-Time Personalization technology into apps, developers may register for a free account at App development with RTP is always free.


To implement oAuth2 authentication for your app:

  1. Register for a free account

  2. Add's oAuth2 code from this repo to your app

  3. Generate an oAuth2 secret for your app by selecting a +RTP API Plan and insert the secret into the OAuth2 code

Once OAuth2 authentication is implemented, select one or more app chains that will provide information you can use to personalize your app.

App chains

Search and find app chains ->

Each app chain is composed of

  • an API request to
  • this request is secured using oAuth2
  • analysis of the app user's genes
  • each app chain analyzes a specific trait or condition
  • there are thousands of app chains to choose from
  • all analysis occurs in real-time at
  • an API response to your app
  • the information provided by the response allows your app to tailor itself to the app user based on the user's genes.
  • the documentation for each app chain provides a list of all possible API responses. The response for most app chains are simply 'Yes' or 'No'.


  • App Chain: It is very important for this person's health to apply sunscreen with SPF +30 whenever it is sunny or even partly sunny.
  • Possible responses: Yes, No, Insufficient Data, Error

While there are already app chains to personalize most apps, if you need something but don't see an app chain for it, tell us! (ie email us:

Authentication flow uses standard OAuth approach which enables applications to obtain limited access to user accounts on an HTTP service from 3rd party applications without exposing the user's password. OAuth acts as an intermediary on behalf of the end user, providing the service with an access token that authorizes specific account information to be shared.

![Authentication sequence diagram] (


Step 1: Authorization Code Link

First, the user is given an authorization code link that looks like the following:

Here is an explanation of the link components:

  • the API authorization endpoint
  • client_id=CLIENT_ID: the application's client ID (how the API identifies the application)
  • redirect_uri=REDIRECT_URL: where the service redirects the user-agent after an authorization code is granted
  • response_type=code: specifies that your application is requesting an authorization code grant
  • scope=CODES: specifies the level of access that the application is requesting

login dialog

Step 2: User Authorizes Application

When the user clicks the link, they must first log in to the service, to authenticate their identity (unless they are already logged in). Then they will be prompted by the service to authorize or deny the application access to their account. Here is an example authorize application prompt

grant dialog

Step 3: Application Receives Authorization Code

If the user clicks "Authorize Application", the service redirects the user-agent to the application redirect URI, which was specified during the client registration, along with an authorization code. The redirect would look something like this (assuming the application is ""):

Step 4: Application Requests Access Token

The application requests an access token from the API, by passing the authorization code along with authentication details, including the client secret, to the API token endpoint. Here is an example POST request to token endpoint:

Following POST parameters have to be sent

  • grant_type='authorization_code'
  • code=AUTHORIZATION_CODE (where AUTHORIZATION_CODE is a code acquired in a "code" parameter in the result of redirect from
  • redirect_uri=REDIRECT_URL (where REDIRECT_URL is the same URL as the one used in step 1)

Step 5: Application Receives Access Token

If the authorization is valid, the API will send a JSON response containing the access token to the application.



This repo is actively maintained by Email the bioinformatics team at if you require any more information or just to say hola.


We encourage you to passionately fork us. If interested in updating the master branch, please send us a pull request. If the changes contribute positively, we'll let it ride.

You can’t perform that action at this time.