Authenticating Redox APIs

Last updated: Nov 14, 2024
HEALTH TECH VENDOR
IMPLEMENTATION
PRODUCT OWNER

To open the data traffic highway, so to speak, you must first authenticate your system to Redox. This is necessary so we can confirm it’s you on the other end before receiving data.

You must authenticate your system with an API key and a secret value. We generate the secret value for you to use to prove your system’s identity to us. When you send an authentication request with the right secret value, we generate an access token that’s good for 5 minutes. The access token allows you to freely initiate requests (e.g., SEND or REQUEST message types).

To verify data from Redox, learn about authenticating incoming data to your system.

Using multiple keys

We recommend having an API key and a secret value for each environment. For most organizations, this means having one per environment type (i.e., development, staging, production).

You can create more than one API key for a given environment, though, depending on how you want to control access. It just depends on your organization’s security practices. For example, if two dev teams work in the same environment, it may be useful for each team to have a key and secret to work in their own context.

Users in your organization can view or manage API keys depending on their assigned environment role. Learn about environment roles.

Ultimately, it’s your call on how many keys to use—yes, you’re welcome for that unintentional, but delightful pun.

Authentication methods

You have two options for authenticating your setup with Redox.

Receiving responses

Once you complete your authentication and receive an access token, you’re ready to initiate and receive requests. Responses to your requests differ based on the type of request made and whether you require a response from your connection’s EHR system. Check out these articles for specifics: