Aidbox
Search…
Aidbox documentation
Overview
Features
Licensing and Support
Aidbox UI
Versioning
Release Notes
FAQ
Getting Started
Run Aidbox in Aidbox Sandbox
Run Aidbox locally with Docker
Run Aidbox as a SaaS
Aidbox configuration
Configure Aidbox and Multibox
Aidbox project
API constructor (beta)
Setup SMTP provider
Zen Configuration
API
FHIR API
REST API
Bulk API
Batch Upsert
Batch/Transaction
Cache
ETAG support
Reactive API
Sequence API
Encryption API
Compartments API
GraphQL API
RPC API
Profiling and validation
Profiling and validation overview
Profiling with zen-lang
Asynchronous resource validation
Profiling with AidboxProfile
Terminology
Aidbox terminology module overview
Import external (not-present) terminologies
Concept
CodeSystem
ValueSet
Handling hierarchies using ancestors
$translate on ConceptMap
Terminology Tutorials
FHIR Implementation Guides
🎓
HL7 FHIR Da Vinci PDex Plan Net IG
§170.315(g)(10) Standardized API for patient and population services
Tutorials
App development guides
Testing with Stresty
Working with Aidbox from .NET
Administration
Receive logs from your app
$matcho
$to-format
Storage
Overview
Database schema
Archiving
AWS S3
GCP Cloud Storage
Azure Blob Storage
Security & Access Control
Overview
Authentication Flows
Access Control
Multitenancy
Core Modules
Entities & Attributes
$json-schema
Monitoring
Logging & Audit
Modules
HL7 v2 Integration
FHIR Resources
Custom Resources
Aidbox Search
First-Class Extensions
Multibox
Multibox box manager API
Multibox monitoring
Plan API
Plan API Overview
Patient Access API
Integrations
Analytics
Audit
Authentication
Tools
Mappings
Aidbox SDK
Contact us
Reference
Configuration
Powered By GitBook
Plan API Overview
Plan API enables healthplan's members to consent to have their health data shared with third-party applications. It also allows third-party application owners to connect to provider and pharmacy directories, further referred to as “public non-member specific data.”
Aidbox Plan API:
  • Enables a developer to register a beneficiary-facing application.
  • Uses the HL7 FHIR standard for beneficiary data and the OAuth 2.0 standard for beneficiary authorization.

Authorization

To use the Plan API OAuth 2.0 a developer has to register an application. An organization has to register as a user by creating a Smart App, validating it in Sandbox and send Production Request for review. A registered application is given a client ID and a client secret. The secret should only be used if it can be kept confidential, such as communication between your server and the respective Plan API.
For insecure implementations, such as mobile apps, PKCE (Proof Key for Code Exchange) is coming soon.

API permissions and scopes

Access tokens have scopes, which define permissions and the resources that the token can access. Scopes are primarily utilized to determine the type of data an application is requesting. Scopes should be explicitly declared. In case of using wildcard, only supported will be provided.
Note: Any Scope not currently listed is not supported Patient Access scopes:
patient/CareTeam.read
patient/Coverage.read
patient/ExplanationOfBenefit.read
patient/Encounter.read
patient/DiagnosticReport.read
patient/MedicationRequest.read
patient/Goal.read
patient/Condition.read
patient/CarePlan.read
Provider Directory Access is publicly availiable. Here is the list of supported resource types:
Organization
Practitioner
Location
PractitionerRole
HealthcareService
Organization
Affiliation
InsurancePlan
Multibox - Previous
Multibox monitoring
Next - Plan API
Patient Access API
Last modified 9mo ago
Copy link
Edit on GitHub
Outline
Authorization
API permissions and scopes