Do you have a sandbox that I can test before signing a contract?

We sure do. After receiving your client_id and client_secret for our sandbox environment, you can test the API from within our interactive documentation, using an application such as Postman, or from your own stack.

Try our Postman Collection
Run in Postman

What information needs to go in the request header?

In the header for an Eligibility API request, you need to pass an authorization token. You can get the token by making an API call to:

curl -X POST \
  'https://sandbox.apis.changehealthcare.com/apip/auth/v2/token' \
  -H 'Content-Type: application/json' \
  -d '{
  "client_id": "<Your-ClientId>",
  "client_secret": "<Your-ClientSecret>",
  "grant_type": "client_credentials"

This is a precursor to making an Eligibility API call, which might have the following headers:

Content-Type: application/json
Authorization: Bearer <Your-Access-Token>

Read all about our protocols in the [Security -> Authorization] ( /apitools/reference#security-and-authorization-v2-overview) section of this portal.

When you're ready for production, simply remove sandbox from the URL.

What does a typical API call look like?

The Member Benefit Services API uses a POST HTTPS call. You provide the input as JSON in the body of the request:

API Onboarding

See the Security and Authorization API in this portal to learn more about using our APIs. Most of our APIs are private and require credentials to gain access.

What information needs to go in the request header?

You need to pass an authorization token. You can get the token by making an API call to:

Submit an HTTPS POST request to the below URL:

The POST body should include your client_id, client_secret and grant_type
API acccepts both application/x-www-form-urlencoded & application/json as Content-Type

Example cURL command and JSON:

curl -X POST --header 'Content-Type: application/x-www-form-urlencoded' --header -d 'client_id=ns4fQc14Zg4hr44NaSzArVuwszX95X&client_secret=ZIjFyTsNgQNyxI&grant_type=client_credentials' 'https://${EDGE_HOSTNAME}/v1/apis/auth/token'
POST /auth/token HTTP/1.1
host: https://${EDGE_HOSTNAME}/apis/auth/token
Content-Type: application/json

This will return an accessToken, which will be valid for 1 hour

Example response, JSON:


The accessToken provides you access to the APIs you are authorzed to access.

Calling an API with the token

API calls require access tokens to be passed as a Bearer token.

Below are a few examples of how you'll make the API call once you've received your accessToken.

Example cURL command headers:

curl -kX POST "https://${EDGE_HOSTNAME}/cpbs/mbs/v1/realTimeActivation"-H "Content-Type: application/json"
-H "Authorization: Bearer sqhJ1TCBEY8SJA..."

Refer to our API-specific documentation to learn about calling specific Change Healthcare APIs.

Sample API Call

POST /cpbs/mbs/v1/realTimeActivation HTTP/1.1
Host: api-dev.apip.awsnonprod.healthcareit.net
Authorization: Bearer <Your-Access-Token>
Content-Type: application/json
  "actionCode": "A",
  "allowableUses": 99,
  "carrierCode": "DM3",
  "couponFillNumberOverride": "C",
  "couponNumber": "ACOUPONNUM",
  "daysBetweenFillsOverride": 0,
  "groupNumber": "714LOWEROF",
  "insuranceStatus": "0",
  "listId": 36152,
  "maxAccumulatorReset": "1",
  "originatorClaimId": "ATESTORIGINID",
  "recordEffectiveDate": "01/01/2016",
  "recordTerminationDate": "12/31/2016",
  "status": "A"

Sample API Response

  "originatorClaimId": "ATESTORIGINID",
  "responseStatus": "D",
  "claimAuthorizationNumber": "U19171LC51C100",
  "internalDbAction": "I"