User Management Guide

User Management API's

User management is central to 1upHealth's APIs. These endpoints allow you to create users, and manage their permissions and data. If you would like OAuth client keys to the 1upHealth API, create an account and visit our developer console.

Create User

An application can create users via the following call. Each response will contain the new user's oneup_user_id, access_token, refresh_token, and app_user_id. The app_user_id helps you keep track of users between the 1up API and your own user management system.
$ curl -X POST "" \
-H "client_id: clientidclientidclientid" \
-H "client_secret: clientsecretclientsecret" \
-d "app_user_id=myappsuserid"
You will receive a response like this:
success: true,
code: 'accesscodeaccesscodeaccesscode',
oneup_user_id: 251,
app_user_id: '1499270216467',
active: true
The code variable is the OAuth2 access code. You must exchange that to get the OAuth2 access token by following the the OAuth2 token grant steps. The access_token and refresh_token will be used to gain access to user data. Keep those secure via HIPAA compliant means of transmission and storage, along with all other patient data. The auth token expires after 7200 seconds (2 hours). You can also refresh the token by continuing with the OAuth2 token refresh flow.
Generate Access Token:
curl -X POST "" \
-d "code=accesscodeaccesscodeaccesscode" \
-d "client_id=clientidclientidclientid" \
-d "client_secret=clientsecretclientsecret" \
-d "grant_type=authorization_code"
You will receive a response like this:
"access_token" => "accesstokenaccesstokenaccesstoken",
"token_type" =>"Bearer",
"expires_in" => 7200,
"refresh_token" => "refreshtokenrefreshtokenrefreshtoken",
"scope" => "user"
If you need a new auth code for a user you already created on 1upHealth, you can make a request via the following method:
curl -X POST "" \
-H "client_id: clientidclientidclientid" \
-H "client_secret: clientsecretclientsecret" \
-d "app_user_id=myappuserid"

Read & View User List

To see all users, paginate through the users' API endpoint.
curl -X GET "" \
-H "client_id: clientidclientidclientid" \
-H "client_secret: clientsecretclientsecret"
You can also query for individual users by adding the parameters `

Update Users

If you need to change the app_user_id, you can do that via the following command. The oneup_user_id will be assigned, you cannot alter or request it.
curl -X PUT "" \
-H "client_id: clientidclientidclientid" \
-H "client_secret: clientsecretclientsecret" \
-d "oneup_user_id=123" \
-d "app_user_id=newappuserid"

Managing User Associated Patient Data

You can create any FHIR® resource and associate it with the user. For example, you can create a Patient resource, and give the user a name, gender, age, etc. All you need to do is add the user's auth_token to a request when creating or updating a FHIR® resource.

Accessing FHIR® Resources

Create a FHIR® resource

Creating a FHIR® resource now works like any other FHIR® server with OAuth2 credentials. You would use the access_token in the Authorization header value. The newly created resource will be available after a short delay (< 1 second).
curl -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Bearer accesstokenaccesstokenaccesstoken" \
-d '{
"resourceType": "Patient",
"id": "135375",
"meta": {
"versionId": "1",
"lastUpdated": "2017-05-26T12:00:41.233-04:00"
"name": [
"use": "official",
"text": "Bilbo Baggins",
"family": [
"given": [
"gender": "male",
"birthDate": "1993-06-20"
That will return a response with the resource id along with the rest of the 1upHealth object. Use the id value, in this case it is 0a0cee5487a8, for subsequent queries.
"meta": {
"text":"Bilbo Baggins",

Get the new FHIR® resource

Query the recently added FHIR® resource. Again, use the access_token in the Authorization header value.
curl -X GET \
-H "Authorization: Bearer accesstokenaccesstokenaccesstoken"