Get Access to Payer-to-Payer Endpoints

Health Plans can use 1up Payer-to-Payer endpoints to send and receive payer-to-payer health data.

Receive Payer-to-Payer Data

You can use our Payer-to-Payer Send APIs to receive member payer-to-payer data from 1up‘s payer customers.

Register in the 1up Developer Portal

Before you can use 1up APIs you must register in the 1up Developer Portal, submit evidence that you’re a payer, and run tests in the 1up Sandbox, and then request Production access.

If you haven’t created your developer account, go to the 1up Developer Portal and create a developer account.
Create an application with your application’s redirect_uris.

You can specify multiple URIs in a comma separated list.

Example — http://redirect1/callback,http://redirect2/callback,http://redirect3/callback

This is the location that users are redirected to after they authorize their health data to be shared with your application.

You can’t use a localhost redirect with the 1up production environments.

You can only use localhost in the 1up Sandbox for testing.
Send an email to payer2payer@1up.health with the following information to submit evidence of being a payer.

Your name
Your Health Insurance company name
A link to your company’s website
The client ID for your application (created in Step 2)
Add to the CC line the executive business sponsor for the Payer-to-Payer project (CIO) from the payer organization

1upHealth will review your information and will contact you for any necessary additional information.

Test with the 1up Sandbox

After you create your account and application, and receive a notification from 1up that your credentials have been synced with the 1up Demo Health Plan Sandbox environment, you can test your application in the Sandbox. Before you can test your application, you must get an authorization code and exchange the authorization code for a token, which you can then use to query FHIR resources in the Demo Health Plan Sandbox environment.

Step 1 — Get an OAuth 2.0 Authorization Code

Your application will use a stand_alone launch and connect directly to our authorization server at https://auth.1updemohealthplan.com/oauth2/authorize/payer2payer.

When you connect to this endpoint, you must include the following query parameters.

Query Parameter	Description
`client_id`	This is the client ID of the application you previously registered in the 1upHealth Developer Console.
`redirect_uri`	This is the redirect URI that you registered with your application.
`state`	(Optional) This parameter confirms the validity of a session. The authorization server returns the states in your request as a query string parameter when your application is redirected. For more information about states, see State Parameter.

Query Parameter

Description

client_id

This is the client ID of the application you previously registered in the 1upHealth Developer Console.

redirect_uri

This is the redirect URI that you registered with your application.

state

(Optional) This parameter confirms the validity of a session.

The authorization server returns the states in your request as a query string parameter when your application is redirected.

For more information about states, see State Parameter.

Connect to the Demo Health Plan endpoint

In your web browser, send this request:
```
https://auth.1updemohealthplan.com/oauth2/authorize/payer2payer?client_id={client_id}&state={state}&redirect_uri={redirect_uri}
```
Make sure to replace the {text in brackets} with the correct URL parameters for your application.

The Demo Health Plan environment authorization page appears.
Enter your email to verify your identity.
Click Create an account.

Specify the user details for one of the following test user accounts.

	First Name	Last Name	Birth Date	Member ID	Postal Code
Test Member 1	Mayte822	Venegas795	01/04/2011	01-testmemid	02116
Test Member 2	Sherie778	Fahey393	04/29/1974	02-testmemid	01810
Test Member 3	Delmar187	Tromp100	05/15/1961	03-testmemid	02109
CARIN STU2 Test Member	George	Bluth	01/01/1943	04-testmemid	15239

Specify your email address to temporarily associate it with the test user you specified.

This email address must be unique and can’t be assigned to another test user account.

At the end of the authorization process, you’ll be redirected to the redirect_uri location that you specified when you created your application. The redirect will include the client ID that you specified as a URL parameter and will include the OAuth 2.0 authorization code as a query parameter.

This authorization code expires in 5 minutes.

Step 2 — Exchange Your Code for a Token

You will receive an authorization code in the response from the Demo Health Plan request that you can exchange for an OAuth 2.0 access token using our https://auth.1updemohealthplan.com/oauth2/token endpoint.

This authorization code expires in 5 minutes.

You can use the following example request to get your token.

Make sure to replace the {placeholder text} with the details for your application.

Before you begin, get the Postman collection with the APIs to exchange the OAuth 2.0 code for a token.

After you exchange the OAuth 2.0 code for a token, you can use the token to submit queries for FHIR resources. Submit the following request.

1
2
3
4
5
6
curl --location --request POST 'https://auth.1updemohealthplan.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={your_client_id}' \
--data-urlencode 'client_secret={your_client_secret}' \
--data-urlencode 'code={code_received_above}' \
--data-urlencode 'grant_type=authorization_code'

Step 3 — Query FHIR Resources Using a Token

After you get your access_token in Step 2, you can use that token to query the FHIR resources that you have the scopes and permissions to access (read-only).

To query FHIR resources, submit the following request.

Make sure to replace the {placeholder text} in the example with your token.

1
2
curl --location --request GET 'https://api.1updemohealthplan.com/r4/Patient' \
--header 'Authorization: Bearer {access_token}'

After you submit the request with your access token, the following resources are available:

Patient
Subset of Clinical Resources (if available, varies for each payer)

Examples — Encounter, AllergyIntolerance, MedicationRequest

Resources adhere to this FHIR Implementation Guide: Clinical Data — US Core IG Profiles

These non-clinical resources are not shared:

ExplanationOfBenefit
Coverage
Claim
ClaimResponse

Step 4 — Request Production Access

After you've successfully tested your application in our Demo Health Plan environment (Sandbox), you can request access to the 1up Production environment.

Capture a screen recording or screenshots of your application connecting to our Demo Health Plan environment, showing synthetic patient data in your front-end application.

This recording should show an ability to connect to raw FHIR, and also demonstrate how the data is rendered and used in your application.

For information about how to connect to our Demo Health Plan sandbox environment, see Test Your Application in the Sandbox.
Submit the screen recording to cms-prod-access@1up.health.

We will review your information and request, and either approve it or request changes or clarifications.

After we approve your Production access request, your API keys and redirects URIs are synced with our CMS Health Plan customer environments.

You can’t use a localhost redirect with our Production environments. You can only use localhost in the 1up Sandbox for testing initial development.

Connect to Payer-to-Payer Send APIs

After you’ve received access to 1up‘s Production environments, you can use 1up’s payer-to-payer endpoints to send member data to the 1up Platform.

Submit Evidence of Payer Membership

1up must first verify that you are a member of a health insurance organization before we can grant access to our Payer-to-Payer APIs. If you have already received access, you can proceed to Step 2.

Send an email from your company email address to payer2payer@1up.health with the following information:
- Your name
- Your Health Insurance company name
- A link to your payer company website
- Add to the CC line the executive business sponsor for the Payer-to-Payer project (CIO) from the payer organization
1upHealth will review your information and will contact you for any necessary additional information.
Send member information with the following details to payer2payer@1up.health:
- Member name
- Member date of birth
- Previous member ID number (from the member’s previous plan, not your current member ID number)
- Member zip code

We will review your information and request, and either approve it or request changes or clarifications.

Send FHIR Resources

After we approve your Production access request, you will receive an access token for the member you specified, which you can use to send (POST) FHIR resources.

Your access token expires after two hours.

You also receive an example of how to use the token to POST data to the 1up FHIR Server.

You can use this token only to POST FHIR resources to the 1up FHIR Server. You cannot read, search, or update resources with this token.