Authentication & Authorization APIs

You can use 1up Authentication & Authorization APIs to authenticate and authorize access to FHIR® data on the 1up FHIR Server though OAuth 2.0 and 1up‘s users.

Authentication & Authorization API Reference

To authenticate to the 1up FHIR Server and use the other API endpoints to manage users and data, you must generate an authorization code that you can exchange for an access token.

Use the Authentication & Authorization API

You can use the 1up Authentication & Authorization API to make authorized and authenticated connections to 1upHealth APIs.

Generate a New User Authorization Code

1upHealth use the OAuth 2.0 process, which entails generating an authentication code and exchanging it for an access token. Generate the authentication code by requesting the user management API with the client_id, client_secret, and oneup_user_id or app_user_id.

Get an Access Token

After you get an authorization code, you can exchange it for an access token. You can use the access token to connect to 1up APIs with these parameters: client_id, client_secret, grant_type=token, and app_user_id.

To test the access token, you can either authorize data from a provider or create a FHIR resource using the token. You can then call the Patient resource to get the existing data for this resource.

Query All Users

You can make a request across all your users using client-based authentication. This requires the client_id, client_secret, and x-oneup-user-id headers.

To submit a query for data for all of your client’s users, set the x-oneup-user-id string to client.