Test Your Application in the Sandbox

You can use the 1upHealth Demo Health Plan Sandbox to test your applications before you connect to our network of Payer FHIR R4 endpoints.

Before You Begin

Before you can connect to the Sandbox to test your applications, you must complete the process to register and create a developer account.

If you don’t already have the 1upHealth Postman Collection, before you begin, make sure you download it.

Create an Application

To connect to the 1upHealth member-mediated Patient Access APIs and get access to health plan data, including claims data, you can create an application in the 1up Developer Portal.

Create an application

If you haven’t created your developer account, go to the 1up Developer Portal and create a developer account.
Create an application with your application’s redirect_uris.

You can specify multiple URIs in a comma separated list.

Example — http://redirect1/callback,http://redirect2/callback,http://redirect3/callback

This is the location that users are redirected to after they authorize their health data to be shared with your application.

You can’t use a localhost redirect with the 1up production environments.

You can only use localhost in the 1up Sandbox for testing.
Securely save your client ID and client secret.
Send an email to payer-patient-access@1up.health with the following information.
- Your company name
- A short description of your application and use case
- The client ID for your application (created in Step 2)

1upHealth will review your information and will sync your application credentials (client ID, client secret, and redirect URIs) with our Demo Health Plan Sandbox environment.

Test Your Application

After you create your account and application, and receive a notification from 1up that your credentials have been synced with the 1up Demo Health Plan Sandbox environment, you can test your application in the Sandbox. Before you can test your application, you must get an authorization code and exchange the authorization code for a token, which you can then use to query FHIR resources in the Demo Health Plan Sandbox environment.

Step 1 — Get an OAuth 2.0 Authorization Code

Your application will use a stand_alone launch and connect directly to our authorization server at https://auth.1updemohealthplan.com/oauth2/authorize/test endpoint.

When you connect to this endpoint, you must include the following query parameters.

Query Parameter	Description
`client_id`	This is the client ID of the application you previously registered in the 1upHealth Developer Console.
`redirect_uri`	This is the redirect URI that you registered with your application.
`scope`	The default scope is `user/.read`. You can also specify the `patient/.read` and `openid` scopes in your query parameters. For more information about scopes, see Scopes in the HL7 FHIR Specification.
`state`	(Optional) This parameter confirms the validity of a session. The authorization server returns the states in your request as a query string parameter when your application is redirected. For more information about states, see State Parameter.

Connect to the Demo Health Plan endpoint

In your web browser, send this request:
```
https://auth.1updemohealthplan.com/oauth2/authorize/test?client_id={client_id}&scope=user/*.read&state={state}&redirect_uri={redirect_uri}
```
Make sure to replace the {text in brackets} with the correct URL parameters for your application.

The Demo Health Plan environment authorization page appears.
Enter your email to verify your identity.
Click Create an account.

Specify the user details for one of the following test user accounts.

	First Name	Last Name	Birth Date	Member ID	Postal Code
Test Member 1	Mayte822	Venegas795	01/04/2011	01-testmemid	02116
Test Member 2	Sherie778	Fahey393	04/29/1974	02-testmemid	01810
Test Member 3	Delmar187	Tromp100	05/15/1961	03-testmemid	02109
CARIN STU2 Test Member	George	Bluth	01/01/1943	04-testmemid	15239

Specify your email address to temporarily associate it with the test user you specified.

This email address must be unique and can’t be assigned to another test user account.

At the end of the authorization process, you’ll be redirected to the redirect_uri location that you specified when you created your application. The redirect will include the client ID that you specified as a URL parameter and will include the OAuth 2.0 authorization code as a query parameter.

This authorization code expires in 5 minutes.

Step 2 — Exchange Your Code for a Token

You will receive an authorization code in the response from the Demo Health Plan request that you can exchange for an OAuth 2.0 access token using our https://auth.1updemohealthplan.com/oauth2/token endpoint.

This authorization code expires in 5 minutes.

You can use the following example request to get your token.

Make sure to replace the {placeholder text} with the details for your application.

Before you begin, get the Postman collection with the APIs to exchange the OAuth 2.0 code for a token.

After you exchange the OAuth 2.0 code for a token, you can use the token to submit queries for FHIR resources. Submit the following request.

1
2
3
4
5
6
curl --location --request POST 'https://auth.1updemohealthplan.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id={your_client_id}' \
--data-urlencode 'client_secret={your_client_secret}' \
--data-urlencode 'code={code_received_above}' \
--data-urlencode 'grant_type=authorization_code'

Step 3 — Query FHIR Resources Using a Token

After you get your access_token in Step 2, you can use that token to query the FHIR resources that you have the scopes and permissions to access (read-only).

To query FHIR resources, submit the following request.

Make sure to replace the {placeholder text} in the example with your token.

1
2
curl --location --request GET 'https://api.1updemohealthplan.com/r4/Patient' \
--header 'Authorization: Bearer {access_token}'

After you submit the request with your access token, the following resources are available:

Patient
ExplanationOfBenefit
Coverage
Organization
Practitioner

A few health plans also have a subset of Clinical Resources available for some patients. This can include resources such as Observation, Encounter, and AllergyIntolerance.

The link between ExplanationOfBenefit and Coverage resources isn’t always available or reliable. We recommend that you instead run queries for FHIR resources with the Patient resource. You can also use _include and _revinclude when you run your queries.

For more information about 1up APIs and query parameters, see 1up Comply.

Resources adhere to the following FHIR Implementation Guides:

Claims Data — CARIN Blue Button IG Profiles
Clinical Data — US Core IG Profiles
Provider Directory Data — DaVinci PDEX Plan Net IG Profiles
Formulary Data — DaVinci PDEX US Drug Formulary IG Profiles

Questions about this page? Contact us