User Management Guide

Learn about 1upHealth's User Management features.
User Management API's
User Management is central to 1upHealth's APIs. You can use these endpoints to create users, and manage their permissions and data. With User Management, you can organize patient data under specific patients. This means that a patient's data that's authorized from multiple sources can be stored under a single user, which makes their patient data easier to work with in applications like Health History.
Before You Begin
To get the necessary OAuth clients keys for the 1upHealth API, you must create a developer account and use the 1upHealth Developer Console.
Rate Limits
You can make a maximum of 300 calls in an hour to the User Management endpoint. If you make more than 300 calls, you’ll receive an HTTP 429 error, which specifies that you sent too many requests.
Create Users
To create users, your applications can use the following request. Each response contains the new user's oneup_user_id, access_token, refresh_token, and app_user_id. 
You can use the app_user_id  to help you to manage the list of users between the 1upHealth API and your own user management system.
Send this request:
$ curl -X POST "https://api.1up.health/user-management/v1/user" \
    -H "client_id: clientidclientidclientid" \
    -H "client_secret: clientsecretclientsecret" \
    -d "app_user_id=myappsuserid"
​
You receive a response similar to the following example:
{
  success: true,
  code: 'accesscodeaccesscodeaccesscode',
  oneup_user_id: 251,
  app_user_id: '1499270216467',
  active: true
}
The code variable is the OAuth2 access code. You must exchange that to get the OAuth2 access token by following the the OAuth2 token grant steps. The access_token and refresh_token are required to access to user data. 
Make sure to use a HIPAA-compliant method of transmission and storage to secure your  access_token and refresh_token, and all other patient data. 
Important
The auth token expires after 7200 seconds (2 hours). To refresh the token, complete the OAuth2 token refresh process.
Generate access token:
curl -X POST "https://auth.1up.health/oauth2/token" \ 
    -d "code=accesscodeaccesscodeaccesscode" \
    -d "client_id=clientidclientidclientid" \
    -d "client_secret=clientsecretclientsecret" \
    -d "grant_type=authorization_code"
You receive a response similar to the following example:
{
   "access_token" => "accesstokenaccesstokenaccesstoken", 
   "token_type" =>"Bearer", 
   "expires_in" => 7200, 
   "refresh_token" => "refreshtokenrefreshtokenrefreshtoken", 
   "scope" => "user"
}
If you need a new auth code for a user that you already created on 1upHealth, you can use the following method to make a request:
curl -X POST "https://api.1up.health/user-management/v1/user/auth-code" \
    -H "client_id: clientidclientidclientid" \
    -H "client_secret: clientsecretclientsecret" \
    -d "app_user_id=myappuserid"
Read & View User List
To see all users, paginate through the users' API endpoint.
curl -X GET "https://api.1up.health/user-management/v1/user" \
    -H "client_id: clientidclientidclientid" \
    -H "client_secret: clientsecretclientsecret" \
    -d "oneup_user_id=123" \
    -d "app_user_id=myappuserid" 
To run a query for individual users, you can add the  oneup_user_id and app_user_id parameters to your request.
Example:
oneup_user_id=123
app_user_id=myappsuserid
Update Users
To change the app_user_id, run the following command. A oneup_user_id is automatically assigned to the user. You can't change or request the oneup_user_id.
curl -X PUT "https://api.1up.health/user-management/v1/user" \
    -H "client_id: clientidclientidclientid" \
    -H "client_secret: clientsecretclientsecret" \
    -d "oneup_user_id=123" \
    -d "app_user_id=newappuserid"
Manage User Associated Patient Data
You can create any FHIR® resource and associate it with a user. 
For example, you can create a Patient resource, and give the user a name, gender, or age. To do this, you can add the user's auth_token to a request when you create or update a FHIR® resource.
Example:
oneup_user_id=123
app_user_id=myappsuserid
Access FHIR® Resources
Create a FHIR® Resource
To create a FHIR® resource, you use the access_token in the Authorization header value. The new resource is available after a short delay (<1 second).
Example:
curl -X POST https://api.1up.health/dstu2/Patient \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer accesstokenaccesstokenaccesstoken" \
  -d '{
  "resourceType": "Patient",
  "id": "135375",
  "meta": {
    "versionId": "1",
    "lastUpdated": "2017-05-26T12:00:41.233-04:00"
  },
  "name": [
    {
      "use": "official",
      "text": "Bilbo Baggins",
      "family": [
        "Baggins"
      ],
      "given": [
        "Bilbo"
      ]
    }
  ],
  "gender": "male",
  "birthDate": "1993-06-20"
}'
This request returns a response with the resource ID and the 1upHealth object. Use the id value for subsequent queries. 
In this example, the ID is 0a0cee5487a8.
{
    "gender":"male",
        "meta": {
            "lastUpdated":"2017-07-18T18:41:54.774Z",
            "versionId":"2"
        },
        "name":[{
            "given":[
                "Bilbo",""
                ],
            "use":"official",
            "text":"Bilbo Baggins",
            "family":"Baggins"
            }],
            "birthDate":"1993-06-20T04:00:00.000Z",
            "resourceType":"Patient",
            "id":"0a0cee5487a8"
}
Get the New FHIR® Resource
To get the new FHIR® resource that you created, you can run a query with the access_token in the Authorization header value.
Example:
curl -X GET https://api.1up.health/dstu2/Patient/oneupresourceid \
  -H "Authorization: Bearer accesstokenaccesstokenaccesstoken"
User Management Reference
Next - APIs
Connect (Patient)
Last modified 2mo ago