API Reference

7 production FHIR R4 APIs with OpenAPI 3.1 specs, OAuth 2.0 authentication, and interactive sandbox documentation. All APIs return standard FHIR R4 bundles with Da Vinci and US Core profile conformance.

API landscape showing 7 FHIR R4 APIs — Patient Access, Provider Access, Prior Authorization, Payer-to-Payer, Claims Scrubbing, Risk Adjustment, and Encounter Service — 7 production APIs — 4 CMS-0057-F required + 3 operational

Environments

Environment	Base URL	Auth
Production	`https://api.cloudhealthoffice.com/fhir/r4`	OAuth 2.0 (Azure AD)
Sandbox	`https://sandbox.cloudhealthoffice.com/fhir/r4`	Test tokens (synthetic data)
Local Dev	`http://localhost:3000/fhir/r4`	Bearer test-token

Interactive OpenAPI docs are available at the API Sandbox. All requests require an X-Tenant-ID header for multi-tenant routing.

Authentication

Production APIs use OAuth 2.0 with Azure AD (Microsoft Entra ID). The FHIR server publishes a SMART on FHIR configuration at /.well-known/smart-configuration with supported scopes including patient/*.read, user/*.read, and system/*.read.

# Discover OAuth endpoints
curl https://api.cloudhealthoffice.com/fhir/r4/.well-known/smart-configuration

# Get access token (client credentials)
curl -X POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token \
  -d "grant_type=client_credentials" \
  -d "client_id={client_id}" \
  -d "client_secret={client_secret}" \
  -d "scope=api://cloudhealthoffice/.default"

Patient Access API

CMS-9115-F and CMS-0057-F required. Enables patients to access their complete health data via FHIR.

Endpoint	Method	Description
`/Patient/{id}`	GET	Patient demographics and contact information
`/Coverage?patient={id}`	GET	Active benefits and eligibility
`/Claim?patient={id}`	GET	Claims history (X12 837 → FHIR Claim)
`/ExplanationOfBenefit?patient={id}`	GET	Payment details (X12 835 → FHIR EOB)
`/Encounter?patient={id}`	GET	Healthcare visits and services
`/Condition?patient={id}`	GET	Diagnoses and clinical conditions

Provider Access API

Gives in-network providers access to member clinical and claims data with Da Vinci PDex profile conformance.

Endpoint	Method	Description
`/Patient/$member-match`	POST	Match patient across payers without sharing raw identifiers
`/Group/{id}/$export`	POST	Bulk FHIR export for attributed members

Prior Authorization API

Converts prior auth from phone/fax to real-time FHIR with Da Vinci PAS, CRD, and DTR conformance. Bidirectional X12 278 mapping.

Endpoint	Method	Description
`/Claim/$submit`	POST	Submit prior auth request (X12 278 → FHIR)
`/Claim/$inquire`	POST	Check prior auth status
`/Claim/{id}/$cancel`	POST	Cancel existing prior auth
`/Subscription`	POST	Subscribe to auth status updates

Payer-to-Payer API

Enables data exchange when members switch health plans. Supports Bulk FHIR $export operations.

Endpoint	Method	Description
`/Patient/$member-match`	POST	Identify member in source payer system
`/Patient/{id}/$everything`	GET	Complete member record transfer
`/Group/$export`	POST	Bulk transfer for member cohorts

Operational APIs

Claims Scrubbing

NCCI/MUE edit checking, CPT validation, diagnosis code verification, and custom payer scrub rules.

Risk Adjustment

HCC (Hierarchical Condition Category) coding and RAF (Risk Adjustment Factor) score calculation for Medicare Advantage and ACA risk adjustment.

Encounter Service

State and federal encounter submission management for Medicaid MCOs, including encounter data validation, submission tracking, and reconciliation.

OpenAPI specs

Full OpenAPI 3.1 specifications are available in the api/openapi directory on GitHub. Explore them interactively in the API Sandbox.