Authentication for the Healthy Roster API uses a simple application id and application secret key pair passed as header values on each request. This can be seen in the swagger documentation below.

The two values are provided by Healthy Roster when an integration project is initiated. If a Sandbox environment is provided then the credentials will be different from the production credentials.

The Application Id must be granted permission for every Healthcare Provider account they wish to interact with. Additionally your application will need to be authorized for every API endpoint your application consumes. If you receive a "403 Forbidden" for a request it indicates that your application is attempting to access data or an endpoint that it does not have access to.

A single application id can be used with multiple healthcare providers, or restricted to a single healthcare provider depending on the integration requirements.

To request access to additional endpoints or healthcare providers please work with your integration support representative or email help@healthyroster.com