Security and Authorization FAQs

This section provides tips and solutions to some of the most common questions asked by customers, developer community, and internal staff about the use of our APIs.

What is the authorization token endpoint?

Please see example here Auth/Bearer Token Request & Response. For more information, see Security Protocols and their Implementation.

Are the APIs OAuth 2.0 compliant?

Yes, our APIs are compliant with the OAuth 2.0 specification, which can be found in the attachments.

What grant types are currently supported?

The platform currently supports the client_credentials grant type.

What if my API includes user context?

Platform tokens are appropriate for system-to-system communications. For APIs where user context is required, tokens should be issued by and retrieved from the CIAM system. The API Marketplace supports tokens issued by either of these identity providers.

What is the difference between version 1 and version 2 security and authorization APIs?

  • Version 2 is fully compliant with the expectations outlined in the OAuth 2.0 specification. This is backward-compatible to support the migration of Version 1 clients. The token name usage in v2 is access_token.
  • Version 1 of this API was designed to facilitate the migration of legacy APIs onto the platform. Version 1 should not be used for new implementations. The token name usage in v1 was accessToken.

What is the difference between 'Access Token' & 'IMA-Token'

These are the same, but used to access different portions of our Optum. Any APIs that would fall under this community would use the Access token.

What are {{MN-ClientId}} & {{MN-ClientSecret}} in Claims Attachment Retrieval V1, Claims Attachment Status V1, Claims Attachment Submission V1? How to Generate the {{MN-ClientId}} & {{MN-ClientSecret}} in Sandbox Access?

MN-ClientId and MN-ClientSecret are credentials to access your Optum sandbox. These credentials are provided by Optum Marketplace. You can use these credentials to try our APIs. Please sign up for a sandbox account.


When I tried to generate an auth token from the auth API, I got proxy error, but when I attempt the same with the curl command on the Google Cloud Shell, I am able to generate the AUTH token. Why is this so?

The team is resolving an issue related to the Try It interface in the dev portal. For now, please use the sandbox through our Postman collections to test our APIs. We will keep you informed once the Try It interface issue is resolved. We apologize for the inconvenience caused.