Links
Comment on page

Auth Guide

Learn how to make authorized and authenticated calls to 1upHealth's APIs

Generating a New User Authorization Code

1upHealth utilizes the oAuth2 process which entails generating an authentication code and exchanging it for an access token. Generate the authentication code by requesting the user management api with the client_id, client_secret, oneup_user_id and/or app_user_id.
curl -X POST "https://api.1up.health/user-management/v1/user/auth-code" \
-d "client_id=clientidclientidclientid" \
-d "client_secret=clientsecretclientsecret" \
-d "app_user_id=myappsuserid"
Sample Response:
{
"success": true,
"code": "75b74e18e1504fde865f40f4308317b2",
"oneup_user_id": 62198,
"app_user_id": "akuafo100",
"active": true
}

Getting an access token (valid for 2 hours)

Then use the generated authentication code to exchange for the access token, using the ‘client_id’, ‘client_secret’, ‘grant_type=token’, and ‘app_user_id’.
curl -X POST "https://auth.1up.health/oauth2/token" \
-d "client_id=clientidclientidclientid" \
-d "client_secret=clientsecretclientsecret" \
-d "code=codecodecodecodecodecode" \
-d "grant_type=authorization_code"
Sample Response:
{
"access_token": "xxxxxxxxxx",
"token_type": "Bearer",
"expires_in": 7199,
"refresh_token": "yyyyyyyyyy",
"scope": "user/*.*"
}
You can test the access token by either authorizing data from a provider or creating a FHIR resource using the token. Following either step, call the Patient resource to retrieve data the data existing for this resource.

Making a FHIR Request

get
https://api.1up.health
/dstu2/Patient?query-param=queryvalue
Get Patient

Queries across all your users

You can make a request across all your users via client based authentication. This requires the client_id, client_secret, and the x-oneup-user-id headers. Rather than setting the x-oneup-user-id to an actual 1up user id, set the x-oneup-user-id string client and you can query all data for all your client's users.
curl -XGET 'https://api.1up.health/r4/Patient' \
-H 'client_id: clientidclientidclientid' \
-H 'client_secret: clientsecretclientsecret' \
-H 'x-oneup-user-id: client'
This returns a valid FHIR response with data from all created users under this client.
{
"resourceType": "Bundle",
"type": "searchset",
"total": 20800,
"entry": [
{ ... },
{ ... },
{ ... },
]
}