Skip to main content

When and how is the end user providing permission to their Data?

Sebastian Eugenio avatar
Written by Sebastian Eugenio
Updated over a month ago

Understanding Data Authorization in ROOK

In the ROOK platform, granting permission to access health data is a fundamental step in the data integration process. This article explains when and how end-users provide permission to their data within the ROOK ecosystem.

Permission at Connection

Permission is granted when the connection between the user's data source and the ROOK platform is established. Without this permission, the necessary data extraction and synchronization processes cannot occur.

The Authorization Screen

The permission request is presented to the end-user through an authorization screen. This screen serves to inform the user about:

  • The specific data that will be accessed.

  • How the data will be used.

  • Who will be responsible for managing the data.

It is important to note that the appearance of the authorization screen may differ depending on the user's operating system and the specific data source being connected. Regardless of these variations, the primary goal of the authorization screen is to provide clear and accurate information to the user, enabling them to make an informed decision regarding their data.

OAuth Flow and Security

To establish the connection and ensure an additional layer of security, ROOK uses an OAuth flow. This authentication method empowers users by giving them control over the data they share. Users also have the option to revoke these permissions at any time, if they change their mind or no longer want their data to be accessible by ROOK.

Permission Renewal

In some instances, certain data sources may require periodic permission renewal. It is important to clarify that these renewals are imposed by the data sources themselves and are not a requirement of ROOK. If a user does not renew their permissions within the specified timeframe, access to their data will be restricted until the renewal is completed. This could lead to interruptions in certain services.

Commitment to Transparency

ROOK is committed to obtaining the necessary permissions to access user data while also respecting user privacy and preferences. Transparency and clarity are essential in every permission request method. This ensures that end-users have a comprehensive understanding of how their data will be managed, allowing them to make well-informed decisions and have confidence that their data is being handled in accordance with their expectations and privacy rights.

Related Articles
How to set up your own connections page
Does the user have to open the app in order to have data flowing?
How can users disconnect a Data Source? Can I build/create a disconnect interface for my users?
Does ROOK support EDA data? From which data source and devices
Understanding ROOK's Authorization Methods: No OAuth, but Secure Alternatives
Did this answer your question?