What information goes in the API request header?

We use two standard HTTP headers in our API requests: Authorization and Content-Type.

The request uses the following headers as follows:

Content-Type: application/json
Authorization: Bearer <Your-Access-Token>

The authorization token is a requirement for making an Integrated Rules Institutional API request. You pass the Bearer authorization token in the Authorization header. Get the token by making an API call to:

curl -X POST \
  '**https://apigw.changehealthcare.com/apip/auth/v2/token/**' \
  -H 'Content-Type: application/json' \
  -d '{
  "client_id": "<Your-ClientId>",
  "client_secret": "<Your-ClientSecret>",
  "grant_type": "client_credentials"
}'

The Content-Type header always defaults to application/json.

NOTE: In production, the lifespan of a Bearer token is two hours (7200 seconds). For Sandbox use, a token lifespan is one hour.

Find out more about our security protocols and their implementation.


Did this page help you?