This documentation describes how to use the platform's standard security API to request for a bearer token that can be used to access the Optum APIs on the platform. The preceding, downloadable OpenAPI specification reflects this implementation. This version of the API is fully compliant with the conventions defined in the OAuth 2.0 specification.
Consumers should note that the token name usage is,
Certain legacy APIs exposed through this platform, use a legacy Authorization implementation described at the bottom of this summary. Review the Change Log/Release Notes to determine whether a given API uses the standard or legacy Authorization mechanism.
All Optum Enterprise APIs on this platform are secured using JSON Web Tokens (JWT).
All APIs calls are encrypted over HTTPS. Our APIs support connections using Transport Layer Security (TLS) version 1.2 or later.
Optum uses OAuth2 to create a secure connection with our API users, which requires a bearer authorization token to obtain access.
BEARER TOKEN LIFESPAN
The lifespan of a Bearer token is one hour (3600 seconds) for both sandbox and production environments.
We recommend automating transactions to use the tokens generated over the token lifespan. Obtaining tokens for each transaction is less efficient and does not improve the security criteria for any transactions.
|Bearer Authorization Token Endpoint
|Always defaults to
Bearer authorization token to authorization header
Updated about 2 months ago