Security and Authorization V2
Overview
This documentation describes how to use the platform's standard security API to request for a Bearer token that can be used to access the Optum APIs on the platform. The preceding, downloadable OpenAPI specification reflects this implementation. This version of the API is fully compliant with the conventions defined in the OAuth 2.0 specification.
NOTE
Consumers should note that the token name usage is,
access_token, notaccessToken.
Certain legacy APIs exposed through this platform, use a legacy Authorization implementation described at the bottom of this summary. Review the API release notes to determine whether a given API uses the standard or legacy authorization mechanism.
Access control through web tokens
All Optum Enterprise APIs on this platform are secured using JSON Web Tokens (JWT).
Security and authorization
Security through TLS
All APIs calls are encrypted over HTTPS. Our APIs support connections using Transport Layer Security (TLS) version 1.2 or later.
Bearer token through OAuth2
Optum uses OAuth2 to create a secure connection with our API users, which requires a short-lifespan Bearer authorization token to obtain access.
APIs components
| API Components | Value |
|---|---|
| Bearer Authorization Token Endpoint | /apip/auth/v2/token |
| Request Method | POST |
| Content-Type Header | Always defaults to application/json |
| Authorization Header | Pass the Bearer token to authorization header |
grant_type Field | Always client_credentials |
Related Topics
Updated 17 days ago