Client credentials and OAuth 2.0

1upHealth uses the OAuth 2.0 flow for users to authenticate to our FHIR servers. 1up provides a FHIR server (Patient Access) and a FHIR Bulk Export server (Provider Access & Payer-to-Payer).

For the OAuth 2.0 flow, you must have client credentials (client_id and client_secret) from 1upHealth. You provide these codes to 1up as part of the authentication request to receive a Bearer token, also known as a access token. The Bearer token is used for following requests.

The method for obtaining client credentials depends on the API you want to use.

Patient Access

In addition to client credentials (client_id and client_secret), Patient Access requires a code obtained by connecting to a demo health plan's auth application.

Review Info for third-party developers for instructions on obtaining the required parameters and requesting a Bearer token.

Provider Access

The required client credentials (client_id and client_secret codes) are obtained by registering an account in the 1up Dev Portal.

Register on the 1up Dev Portal, complete email verification, and login.
Click Create a Client.
Select an Access Type.
Enter a Client Name.
Click Create.
From Sandbox Clients, copy your new client's client_id and client_secret.

Use the client_id and client_secret in the request below:

curl -i -X GET \
    https://gateway.1up.health/auth/realms/dev-portal/protocol/openid-connect/token \
    -H 'Content-Type: application/x-www-form-urlencoded' \
    -d client_id={your-id-here} \
    -d client_secret={your-secret-here} \
    -d grant_type=client_credentials \
    -d 'scope=bulk-data|user/*.rs'

Copy the access_token from the successful response.

Payer-to-Payer Data Exchange