Important Documentation
Summary Overview: ABCBS APIs
Arkansas Blue Cross Blue Shield Interoperability APIs enable Arkansas Blue Cross Blue Shield members to consent to have their data shared with third party applications. It also allows third party application owners to connect to provider and pharmacy directories, further referred to as "public non-member specific data,"
Arkansas Blue Cross Blue Shield Interoperability APIs provider the functionality listed below:
- Enables developers to register member-facing applications.
- Enables members to provider consent for an application to access their data.
- Utilizes HL7 FHIR standard for member data, provider director and drug formulary; by use of OAuth 2.0/Open ID Connect standard for member authorization.
- Utilizes HL7 FHIR standard for sharing public non-member specific data.
Please Note: Documented search parameters are not all inclusive and that interested developers should request GET [base]/metadata for the full capabilities of the FHIR server.
Capability Statement
The capability statement is a key part of the overall conformance framework in FHIR. It is used as a statement of the feature of actual software, or of a set of rules for an application to provide. This statement connects to all the detailed statements of functionality, such as Structure Definitions and Value Sets. This composite statement of application capability may be used for system compatibility testing, code generation or as the basis for a conformance assessment.
Links to capability statement:
Sandbox https://apipreprod.arkbluecross.com/blueware/V1/FHIR/metadata
Production https://api.arkbluecross.com/blueware/V1/FHIR/metadata
SMART: FHIR & OIDC API
Arkansas Blue Cross and Blue Shield implements OpenID Connect (OIDC) in conjunction with the SMART on FHIR® standalone patient app launch (http://www.hI7.org/fhir/smart-app-launch/). The specification provides a framework for an OpenID Provider (OP) to securely convey an authenticated user's identify to relying partied (RPs) and in turn the RPs will convey the identity to the FHIR APIs.
Authentication Request
An Authentication request is an OAuth 2.0 Authorization Request that request s that the End-User be authenticated by the Authorization Server.
Authorize Endpoints:
Sandbox
GET https://apiprepod.arkbluecross.com/oidc/oauth2/authorize?client_id={Client Key}&redirect_uri={Client's preregistered redirect uri}& response_type= code&state={Opaque value used to maintain state}&nonce={Optional case sensitive string}&scope=+launch/patient+patient/*.read&aud=https://apipreprod.arkbluecross.com/
Production
GET https://api.arkbluecross.com/oidc/oauth2/authorize?client_id={Client Key}&redirect_uri={Client's preregistered redirect uri}& response_type= code&state={Opaque value used to maintain state}&nonce={Optional case sensitive string}&scope=openid+launch/patient+patient/*.read&aud=https://api.arkbluecross.com/
Redirect URI
Client specified redirection URI to which the OP Authentication response will be sent.
Query Parameters in Redirect URI:
- code (Authorization code to be exchanged for bearer token)
- state (State code value from the Authorization Request)
Token Request
A client makes a Token Request by presenting its Authorization Grant (in the form of an Authorization Code) to the Token Endpoint. Among other attributes, the token endpoint response body will include an access token, refresh token, and an ID JSON Web Token (JWT). The ID Token shall be submitted in the Authorization HTTP header when requesting the FHIR APIs.
Sandbox Token Endpoint:
- POST https://apipreprod.arkbluecross.com/oidc/oauth2/token/
- Headers
- Accept: application/json
- Content-Type: application/x-www-form-urlencoded
- Authorization: Basic {Base64 Encoded Sandbox Credentials}
- Token Request Body with Authorization Code: client_id= {Client Key}&grant_type=authorization_code&redirect_uri= {Client’s preregistered redirect uri}&code= {Authorization Code}
- Token Request Body with Refresh Token: client_id= {Client Key}&grant_type=refresh_token&refresh_token= {Refresh Token}
Production Token endpoint:
- POST https://api.arkbluecross.com/oidc/oauth2/token/
- Headers
- Accept: application/json
- Content-Type: application/x-www-form-urlencoded
- Authorization: Basic {Base64 Encoded Sandbox Credentials}
- Token Request Body with Authorization Code: client_id= {Client Key}&grant_type=authorization_code&redirect_uri= {Client’s preregistered redirect uri}&code= {Authorization Code}
- Token Request Body with Refresh Token: client_id= {Client Key}&grant_type=refresh_token&refresh_token= {Refresh Token}
CARIN IG
The CARIN for Blue Button® Framework enables third party application to call FHIR APIs for returning Medicare Advantage and Part D claims and enrollment data. This implementation guide contains the specifications for the FHIR Patient, Coverage, Explanation of Benefit and Organization resources profited from CARIN for Blue Button®.
Error Handling
All of our APIs errors are in the following JSON format:
Support
Need assistance? Reach out to us at EnterpriseIntegrationPlatforms@arkbluecross.com.