Onboarding with Prior Authorization API
Prior Authorization Security and Authorization
Our APIs are compliant with the conventions defined in the OAuth 2.0 specification.
Access control through web tokens
All Optum Enterprise APIs on this platform are secured using JSON Web Tokens (JWT).
Security through TLS
All APIs calls are encrypted over HTTPS. Our APIs support connections using Transport Layer Security (TLS) version 1.2 or later.
Bearer token through OAuth2
Optum uses OAuth 2.0 to create a secure connection with our API users, which requires a bearer authorization token to obtain access.
Sandbox
Try our APIs without signing a contract and without any financial obligations by requesting for a sandbox testing environment before using them in your production environment.
NOTE
DO NOT perform load testing or production data testing in the sandbox environment. Please use the sandbox ONLY to view the sample API responses to HTTP requests using our sandbox test responses and to familiarize yourself with our APIs.
To perform load testing and production data testing, we recommend using our APIs in production environment.
- Request for a sandbox account by providing the information in the page.
We will provide the API credentials to access the APIs in the sandbox environment. - Log in to your sandbox using your API credentials to access the APIs. Contact your Optum representative if you do not have this information.
API credentials
Your API credentials include the following information in an API request.
| Field | Value |
|---|---|
client_id | Your client ID provided by Optum |
client_secret | Your client secret provided by Optum |
grant_type | Always client_credentials |
NOTE
You should have two sets of credentials:
- One for the sandbox — to help you test our APIs before signing a contract
- One for production — provided after signing a contract or after processing a subscription
These credentials are specific and unique to an API environment and to your company.
NOTE
Optum strongly recommends that you carefully guard your API access credentials. Avoid sharing them with others.
After receiving your client_id and client_secret for the sandbox environment, you can try or test our APIs by using one of these methods:
-
Resources for API testing/trying
-
If you own a development platform/console to try or test our APIs, download our OpenAPI spec (for example, by clicking the Download OpenAPI Spec) from API Reference section >> Overview section of Prior Authorization API
-
If you do not own a development platform to try or test our APIs, you can create a sandbox and try our APIs using our interactive Try It interface for testing our Inquiry Prior Authorization and Submission Prior Authorization endpoints.
For testing the APIs in the sandbox environment, you can edit the request body by using our Inquiry Sandbox Test Responses and Submission Sandbox Test Responses and send it to view a variety of responses by using a set of secure credentials provided.
IMPORTANT
The sandbox returns a canned response based on the received data. There is no validation check or confirmation of specifically required information. These checks would only occur in the production environment. You have to manually review the companion guides offered by the specific payers to confirm what is required for each.
-
- Use your API credentials provided by Optum to test our Inquiry Prior Authorization and Submission Prior Authorization endpoints.
- You can use the same token across all transactions during the token lifespan and automatically refresh the token just before it expires.
Example
https://sandbox-apigw.optum.com/apip/auth/v2/token
In the preceding example:
sandbox-apigw.optum.com: Base URL/apip/auth/v2/token: Endpoint
The /apip/auth/v2/token/ endpoint allows you to obtain a short-lived access token that must be transmitted with subsequent API requests.
BEARER TOKEN LIFESPAN
The lifespan of a Bearer token is one hour (3600 seconds) for both sandbox and production environments.
We recommend automating transactions to use the tokens generated over the token lifespan. Obtaining tokens for each transaction is less efficient and does not improve the security criteria for any transactions.
We have a list of canned test ID values to use in the sandbox environment, see Inquiry Sandbox Test Responses and Submission Sandbox Test Responses for testing a variety of responses by using a set of secure credentials provided.
At any time, for more information, contact an Optum representative.
- For sandbox API testing, you can edit the request body and send it to the API engine to see various kinds of responses.
IMPORTANT
The sandbox returns canned responses based on the received data. There is no validation check or confirmation of specifically required information. These checks would only occur in the production environment. You would need to manually review the companion guides offered by the specific payers to confirm what is required for each.
NOTE
Do not use real-world values in our sandbox API endpoints! Doing so will generate errors.
NOTE
The JSON attributes in our APIs use camel-case, with the first letter of the attribute in lower case as in
umClearingHouseId,tradingPartnerServiceId(the Payer ID; this will vary based on the payer you want to connect to) Our APIs are case-sensitive and your JSON request body must observe this convention.
NOTE
For sandbox usage, all fields must have the correct predefined values to obtain a successful response. Inventing new PMI values or using real-world PMI values will result in errors. Please provide all of the values, such as
umClearingHouseId,payerId, and so on marked as required (R) in your API requests.
Production
NOTE
If you contract with Optum for API usage, use a separate pair of credentials issued by Optum for your production API environment.
Subscribe to production environment
- To request for a production environment account, reach out to sales @ Prior Autorization team and for the following:
- To either start a new contract
- To have your contract-related questions answered
- If you have an existing account and want to add additional products to it
- Add/remove a product
Prerequisites to use our APIs
Our APIs are private and require credentials to gain access Sign up and request for API credentials.
APIs components
| API Components | Value |
|---|---|
| Bearer Authorization Token Endpoint | /apip/auth/v2/token |
| Request Method | POST |
| Content-Type Header | Always defaults to application/json |
| Authorization Header | Pass the Bearer authorization token to authorization header |
grant_type Field | Always client_credentials |
Reference
- OpenAPI spec:
You can use this JSON document to view all the allowable fields and objects for the API through an OpenAPI swagger preview. All of our API collections provide this specification as an easy download.
NOTE
For more information about the available endpoints, see Inquiry Prior Authorization and Submission Prior Authorization topics.
See also
Updated about 19 hours ago