Create a Source

In order to send data to another member of the Redox network, you will need to acquire an API Key and authenticate with us. We call this a Source record and it allows you to not only POST data to partners but also use our Query-based data models (ClinicalSummary and PatientSearch).

Configuring Your Source

There are 6 steps to configuring your Source:

  1. When logged into your organization on Redox, select Sources from the side nav. Create a Source for your organization.
  2. Name your Source. This is the name your data sharing partners will see, so err on the side of being specific.
  3. Select the appropriate “Environment Type”. If you’re just getting started, your only option will be “Development”. If you are working with us, you will be able to select “Staging” or “Production”. In order to create a Staging or Production Source contact: support@redoxengine.com. After clicking “Create”, you will then be directed to your Source‚Äôs Settings page.
  4. Select your Data Format. This is the format your data is in when you send it to Redox. For almost all of our digital health applications partners, this will always be JSON.
  5. After selecting Data Format and Communication Method you will be provided an API Key to be used when authenticating with Redox. See below for detailed instructions on completing authentication.
  6. Set your Source Secret. This is what you will pass in the body of the POST to the Redox Authentication API. We assign you a random Secret for authentication purposes. You can re-generate the Source Secret at any time.

Authenticating with Redox

In order to send data from your Source to a Destination, you must first authenticate with Redox. Within your Source Settings, you will have both an API Key and a Source Secret. You were assigned the Source Secret when initially creating your Source, but that secret can be changed at any time. To Authenticate with Redox, send a HTTPS POST request to https://api.redoxengine.com/auth/authenticate with two keys in the body of your request:

  • apiKey
  • secret

The response body will contain the following keys:

  • accessToken: This is the token that must be sent with every request.
  • expires: This is the time that your accessToken expires. After this time, you’ll need to authenticate with Redox again.
  • refreshToken: You can use the refreshToken to obtain a new accessToken without requesting a new accessToken using your Source Secret and apiKey. More details below.

Request an accessToken:

curl -X POST https://api.redoxengine.com/auth/authenticate \
    -d '{"apiKey": "not-a-real-api-key", "secret": "super-secret-client-secret"}' \
    -H '{"Content-Type": "application/json"}'

Sample Response:

{
    "accessToken": "13d5faa8-aacd-4a0d-a666-51455b1b2ced", 
    "expires": "2015-03-25T20:52:35.000Z", 
    "refreshToken": "4ed7b234-9bde-4a9c-9c86-e1bc6e535321"
}

To obtain a new accessToken using the refreshToken, make a POST to https://api.redoxengine.com/auth/refreshToken with two keys in the body of your post:

  • apiKey
  • refreshToken

Request an accessToken using a refreshToken:

curl -X POST https://api.redoxengine.com/auth/refreshToken \
    -d '{"apiKey": "not-a-real-api-key", "refreshToken": "4ed7b234-9bde-4a9c-9c86-e1bc6e535321"}' \
    -H '{"Content-Type": "application/json"}'

Sample Response:

{
    "accessToken": "13d5faa8-aacd-4a0d-a666-51455b1b2ced",
    "expires": "2015-03-26T20:52:35.000Z",
    "refreshToken": "4ed7b234-9bde-4a9c-9c86-e1bc6e535321"
}

The response will be the same as if you authenticated using your Source Secret.