Product Overview

Out-Of-Pocket Estimation

This document provides an overview of the Out-Of-Pocket Estimation API used for both estimation and accumulation of benefits.

The service provides an estimate for out-of-pocket cost of a requested procedure, given a patient's insurance benefits information obtained through the accumulation flow.

Authorization through OAuth2

Access to Change Healthcare APIs is controlled through OAuth2 using the client credentials grant. This is a secure authorization workflow that allows consumers to obtain a short-lived (one hour) access token that must be transmitted with subsequent API requests.

To obtain a token, consumers first need a client_id and client_secret, credentials provided during the customer onboarding process. To request access credentials, please use the 'Contact Us' link to contact the Product Manager of a specific API.



DO NOT perform load testing or production data testing in the sandbox environment. Please use the sandbox ONLY to view sample API responses to HTTP requests using our predefined values and to familiarize yourself with our APIs.

For load testing and production data resting, we recommend using our APIs in production environment.

Obtaining an access token

This section describes how to get an access token in a particular environment.



The lifespan of a Bearer token is one hour (3600 seconds) for both sandbox and production environments.

We recommend automating transactions to use the tokens generated over the token lifespan. Obtaining tokens for each transaction is less efficient and does not improve the security criteria for any transactions.



  • Your Client_id and Client_secret should be replaced with a valid set of credentials
  • The URL is environment-specific and may need to be modified according to the target environment
curl -X POST \
  https://${EDGE_HOSTNAME}${api_basepath} \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  -d 'client_id=<Your-ClientId>&client_secret=<Your-ClientSecret>&grant_type=client_credentials'

A successful call to this API will return a new access_token, which can be used to authorize subsequent calls to other APIs on the platform. By default, the access_token will be valid for one hour from the time of its issuance.

    "access_token": "eyJraWQiOiIxIiwidHlwIjoiSldUIiwiYW...",
    "token_type": "bearer",
    "expires_in": 3600


Use the access token returned in the preceding example response to access the APIs on this platform that are secured through the standard Authorization implementation. Calls to these APIs must include the following headers:

Content-Type: application/json
Authorization: Bearer <Your-Access-Token>

How to try an API?

Refer to the Getting Started section on how to use an API.
Release NotesFAQ
View our Release Notes for more information on the API.Check out our FAQ for help with your questions.