How to Configure APIs:
Please refer to product catalogs for the available APIs and refer to ‘How to subscribe APIs’ page for instructions.
- How to subscribe patient access APIs
- How to subscribe provider access APIs
- Exception & Exception Handling
Create an account / Register an application
Please create an account and register an application using this link
How to subscribe patient access APIs
Subscribe to Interested Product/Plan (Patient Access) so registered app will gain access to Patient Access resources
Security
Generate OAuth token
BSCA Patient Access API is protected with OAuth 2.0. The Authorization Code grant type is used by confidential and public clients to exchange an authorization code for an access token.
After the user returns to the client via the ‘Redirect_URI’, the application will get the authorization code from the URL and use it to request an access token
To test out the BSCA Patient Access API, you must first generate a sample token that represents a beneficiary granting consent.
Authorization:
1. Click the Authorization Link to authorize and get Authorization code
https://dev-ext.blueshieldca.com/as/authorization.oauth2?client_id=[client_id]&response_type=code&scope=interop+openid
Member will login via BSC login screen and Provide the member username and password.
Click “Allow” to Authorize sharing
3) You will be redirected to your Application Redirect_URI with code (Authorization Code) which will be used to get the Access token.
Request
Swap Auth code for ‘access_token’ and ‘id_token’
curl --request POST \
--url https://dev-ext.blueshieldca.com/as/token.oauth2 \
--header 'Authorization: Basic
OGI2YmZlYmE5MTYxNDZjOGExYTA3NmNjZmFlMjhkMTE6ZTcwNGQ5MThmOThkNTg3NmJhZDM 4MWM0MDJlZTQzY2M=' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--cookie PF=tCc40BsL2YCzaVdrpkHzq3 \
--data grant_type=authorization_code \
--data code=YQtXSfYI7AqGIE2WeS0DLEqbHm4H1eooOkdSFqrJ
Response
{
"access_token":
"eyJhbGciOiJSUzI1NiIsImtpZCI6InNjZGYtc2lnbiIsInBpLmF0bSI6Ijh2MDAifQ.eyJzY29wZSI6Im9wZ W5pZCIsImNsaWVudF9pZCI6IjhiNmJmZWJhOTE2MTQ2YzhhMWEwNzZjY2ZhZTI4ZDExIiwiaXNzIjoi aHR0cHM6Ly9kZXYtZXh0LmJsdWVzaGllbGRjYS5jb20iLCJzdWIiOiI5MTAwMTkyODN1c2VyMSIsIn NuIjoiVVNFUjExTEFTVE5BTUUiLCJ0aXRsZSI6IjkxMDAxOTI4MzAwIiwiZ2l2ZW5OYW1lIjoiVVNFUjExRkl SU1ROQU1FIiwiZXhwIjoxNjI3NTc5NjE4fQ.FutQp9ZcYFXwMwwd_E94wML1snhy8n5Qt0sPeJ15Tg 9lnRFlartODXA2WpggkmL4i3AHUupT-xQ1zVJ1Zz9Hc3gjhy7K6iGBh03m44IRRo5pfVm3uTmvFVvawQxWLqLh8taBgiZyq4vrkn-UAUENO6RMiMu3J4FrbYc0hf4nBdxBN86j5iNoYWdnGuYvxR2BN- 444htYEk9UfPgb8FVwou3gadSkYoYSbjXm_aWomMAm9deIbSPn9kfLeoulVDvuTE7NMvmtt1dL F60xnXjrjogwSoEnEGo--djcHmI92b9LHl1z2CCZd6eJYcxdO9rmmr3o4N2XUR1Fix81zO_g",
"refresh_token": "owcUaxuXYz0IJgWgXgZNYEiA62e3BCC0WOQ3ZRenEd",
"id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6InU2Z19DdjBHeUNQQTBIR2x2eks4OXBwSjI4WSJ9.eyJzdWIiOiI5 MTAwMTkyODMwMCIsImF1ZCI6IjhiNmJmZWJhOTE2MTQ2YzhhMWEwNzZjY2ZhZTI4ZDExIiwianR pIjoieUtxYng5d2ltYU93dGo0bFJSWnFqcSIsImlzcyI6Imh0dHBzOi8vZGV2LWV4dC5ibHVlc2hpZW xkY2EuY29tIiwiaWF0IjoxNjI3NTc4MzgyLCJleHAiOjE2Mjc1Nzg2ODIsImF6cCI6IkFwb2xsb19BcHAi LCJhdXRoX3RpbWUiOjE2Mjc1NzgzNzcsInBhdGllbnQiOiJmM2U0MTg5Yi0wNjY5LTQzYmEtODM 3Mi0wZDQwNWUzMTg0NTIiLCJzY29wZSI6ImxhdW5jaCBvZmZsaW5lX2FjY2VzcyBwYXRpZW50L1 BhdGllbnQucmVhZCBwYXRpZW50L0V4cGxhbmF0aW9uT2ZCZW5lZml0LnJlYWQgcGF0aWVu dC9Qcm9jZWR1cmUucmVhZCBwYXRpZW50L0NvbmRpdGlvbi5yZWFkIHBhdGllbnQvT2JzZXJ2 YXRpb24ucmVhZCBwYXRpZW50L0ltbXVuaXphdGlvbi5yZWFkIHBhdGllbnQvQ292ZXJhZ2Ugcm VhZCIsInNtaWxlX2Nkcl9tb2R1bGVfaWQiOiJzbWFydF9hdXRoIiwic21pbGVfY2RyX25vZGVfaW QiOiJNYXN0ZXIiLCJ0b2tlbl90eXBlIjoiQmVhcmVyIn0.Juwd0iGPGqdhf2LvO4HtF8VlZGtkPNYQA UC2JTA-OekzNw61ZTOWVNxlxMkCD03T4mCX_nchczNQggzctB2bGFj- CYUwVL6FNakL_Lh8QeM2EcKKs2vhekxe0AcyU00iP2rrNOhdg64SJeOBJOUPY9QmT1hg274lrYE Xxhikbawf2tIf6WcyY3DdOghbZdMN13mIpNIJ7iGSHt55SpoTj047E3RRVVKDTeXclTrZOVRriIdoAbRVITiBqEipuRrc7z2rLRqkafGYHeqHwhZq2OM8erWprZsTZoKd7Zje2kGHYmOnxfQuwjwV vkHAn7qonnbp7Z8LDWgM4PJRU09PQ",
"token_type": "Bearer",
"expires_in": 1199
}
Calling Patient API
Call the Functional Patient Access API by passing Patient ID as Path Param. You should be seen Patient Id as part of ‘access_token’. Use JWT.io to extract ‘patient’ from the PAYLOAD:DATA.
https://api-dev.blueshieldca.com/bsc/fhir-sandbox/fhir-server/api/v4/patient-access/Patient/{PatientId}
You can try this out in Postman:
curl --location --request GET 'https://api-dev.blueshieldca.com/bsc/fhir-sandbox/fhir-server/api/v4/patient-access/Patient/f3e4189b-0669-43ba-8372-0d405e318452' \
--header 'Authorization: Bearer
eyJhbGciOiJSUzI1NiIsImtpZCI6InNjZGYtc2lnbiIsInBpLmF0bSI6Ijh2MDAifQ.eyJzY29wZSI6Im9wZW5 pZCIsImNsaWVudF9pZCI6IjhiNmJmZWJhOTE2MTQ2YzhhMWEwNzZjY2ZhZTI4ZDExIiwiaXNzIjoiaHR 0cHM6Ly9kZXYtZXh0LmJsdWVzaGllbGRjYS5jb20iLCJzdWIiOiI5MTAwMTkyODN1c2VyMSIsInNuIjoi VVNFUjExTEFTVE5BTUUiLCJ0aXRsZSI6IjkxMDAxOTI4MzAwIiwiZ2l2ZW5OYW1lIjoiVVNFUjExRklSU1RO QU1FIiwiZXhwIjoxNjI3NTc5NjE4fQ.FutQp9ZcYFXwMwwd_E94wML1snhy8n5Qt0sPeJ15Tg9lnRFlart ODXA2WpggkmL4i3AHUupT-xQ1zVJ1Zz9Hc3gjhy7K6iGBh03m44IRRo5pfVm3uTmvFVvawQxWLqLh8taBgiZyq4vrkn-UAUENO6RMiMu3J4FrbYc0hf4nBdxBN86j5iNoYWdnGuYvxR2BN444htYEk9UfPgb8FVwou3gadSkYoYSbjXm_aWomMAm9deIbSPn9kfLeoulVDvuTE7NMvmtt1dLF 60xnXjrjogwSoEnEGo--djcHmI92b9LHl1z2CCZd6eJYcxdO9rmmr3o4N2XUR1Fix81zO_g'- ✓ Grant Type: authorization_code
- ✓ Code: Authorization Code
- ✓ Callback URL: Redirect URI
- ✓ Auth URL: https://dev-ext.blueshieldca.com/as/authorization.oauth2
- ✓ Access Token URL: https://dev-ext.blueshieldca.com/as/token.oauth2/
- ✓ Authorization: Access Token for Functional Call
- ✓ Patient ID: Patient Id
- ✓ Scope: interop
How to subscribe provider access APIs
Select the appropriate API and then click "Get access" followed by plan selection.
Provider Directory API calls
Sample URL: https://api-dev.blueshieldca.com/bsc/fhir-sandbox/fhir-server/api/v4/pdex-plan-net/InsurancePlan?clientId=<value>
CURL Command
CURL Command
curl --request GET \
--header 'accept: application/fhir+json'
Exceptions & Exception Handling
The below link provides details about exception handling for the product.