Test Your Application in the Sandbox

You can use the 1upHealth Demo Health Plan Sandbox to test your applications before you connect to our network of Payer FHIR R4 endpoints.

Before You Begin

Before you can connect to the Sandbox to test your applications, you must complete the process to register and create a developer account.

If you don’t already have the 1upHealth Postman Collection, before you begin, make sure you download it.

Create an Application

To connect to the 1upHealth member-mediated Patient Access APIs and get access to health plan data, including claims data, you can create an application in the 1up Developer Portal.

1upHealth will review your information and will sync your application credentials (client ID, client secret, and redirect URIs) with our Demo Health Plan Sandbox environment.

Test Your Application

After you create your account and application, and receive a notification from 1up that your credentials have been synced with the 1up Demo Health Plan Sandbox environment, you can test your application in the Sandbox. Before you can test your application, you must get an authorization code and exchange the authorization code for a token, which you can then use to query FHIR resources in the Demo Health Plan Sandbox environment.

Step 1 — Get an OAuth 2.0 Authorization Code

Your application will use a stand_alone launch and connect directly to our authorization server at https://auth.1updemohealthplan.com/oauth2/authorize/test endpoint.

When you connect to this endpoint, you must include the following query parameters.

Query Parameter

Description

client_id

This is the client ID of the application you previously registered in the 1upHealth Developer Console.

redirect_uri

This is the redirect URI that you registered with your application.

scope

The default scope is user/*.read.

You can also specify the patient/*.read and openid scopes in your query parameters.

For more information about scopes, see Scopes in the HL7 FHIR Specification.

state

(Optional) This parameter confirms the validity of a session.

The authorization server returns the states in your request as a query string parameter when your application is redirected.

For more information about states, see State Parameter.

At the end of the authorization process, you’ll be redirected to the redirect_uri location that you specified when you created your application. The redirect will include the client ID that you specified as a URL parameter and will include the OAuth 2.0 authorization code as a query parameter.

This authorization code expires in 5 minutes.

Step 2 — Exchange Your Code for a Token

You will receive an authorization code in the response from the Demo Health Plan request that you can exchange for an OAuth 2.0 access token using our https://auth.1updemohealthplan.com/oauth2/token endpoint.

This authorization code expires in 5 minutes.

You can use the following example request to get your token.

Make sure to replace the {placeholder text} with the details for your application.

Before you begin, get the Postman collection with the APIs to exchange the OAuth 2.0 code for a token.

After you exchange the OAuth 2.0 code for a token, you can use the token to submit queries for FHIR resources. Submit the following request.

curl --location --request POST 'https://auth.1updemohealthplan.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={your_client_id}' \
--data-urlencode 'client_secret={your_client_secret}' \
--data-urlencode 'code={code_received_above}' \
--data-urlencode 'grant_type=authorization_code'

Step 3 — Query FHIR Resources Using a Token

After you get your access_token in Step 2, you can use that token to query the FHIR resources that you have the scopes and permissions to access (read-only).

To query FHIR resources, submit the following request.

Make sure to replace the {placeholder text} in the example with your token.

curl --location --request GET 'https://api.1updemohealthplan.com/r4/Patient' \
--header 'Authorization: Bearer {access_token}'

After you submit the request with your access token, the following resources are available:

  • Patient

  • ExplanationOfBenefit

  • Coverage

  • Organization

  • Practitioner

A few health plans also have a subset of Clinical Resources available for some patients. This can include resources such as Observation, Encounter, and AllergyIntolerance.

The link between ExplanationOfBenefit and Coverage resources isn’t always available or reliable. We recommend that you instead run queries for FHIR resources with the Patient resource. You can also use _include and _revinclude when you run your queries.

For more information about 1up APIs and query parameters, see 1up Comply.

Resources adhere to the following FHIR Implementation Guides: