What information goes in the API Request header?
We use two standard HTTP headers in our API requests: Authorization and Content-Type.
The request uses the following headers as follows:
Content-Type: application/json
Authorization: Bearer <Your-Access-Token>
The authorization token is a requirement for making an Integrated Rules Professional API request. You pass the Bearer authorization token in the Authorization header. Get the token by making an API call to:
curl -X POST \
'**https://apigw.changehealthcare.com/apip/auth/v2/token/**' \
-H 'Content-Type: application/json' \
-d '{
"client_id": "<Your-ClientId>",
"client_secret": "<Your-ClientSecret>",
"grant_type": "client_credentials"
}'
The Content-Type header always defaults to application/json.
| NOTE: In production, the lifespan of a Bearer token is two hours (7200 seconds). For Sandbox use, a token lifespan is one hour. |
Find out more about our security protocols and their implementation.
Updated over 1 year ago