Getting Started

Opala provides a RESTful API to assist you in value-based care. This API fully supports FHIR and provides rich programmatic access to electronic medical record data.

Process Overview

The following diagram outlines the expected workflow that registered providers will follow:

1. Request access to Opala's API.
   For more information, refer to Sandbox Access and Production Access sections below.
2. Request discovery of the applicable ATR Groups. ATR Groups are equivalent to value-based contracts.
   For more information, see Da Vinci - Risk Based Contracts Member Attribution (ATR) List
3. Request bulk export of the ATR Group.
   Pull in sections on Bulk Exports and Asynchronous Requests using Asynchronous Request Pattern .
4. Poll and process the results.
   

Refer to the provider's internal workflows for processing the API response.

Required API Behaviors

CMS requires that an ATR API be able to perform the following queries:

• Retrieve a list of patients
• Retrieve a specific patient
• Retrieve a list of groups
• Retrieve a specific group by its ID
• Discover groups by tax ID

Sandbox Access

Opala provides a sandbox with sample data that registered providers may access to validate connectivity and process sample FHIR resources. The Sandbox environment parallels the Opala production environment but contains no live data: all data available in the Sandbox is created specifically for the sandbox environment and does not correspond to any real-world data. The Sandbox provides complete functionality.

Sandbox access is handled separately from production data access and utilizes Basic Auth workflow along with endpoint whitelisting.

Registering for Sandbox access is a simple process and requires the developer to reach out to their Opala contact and provide the IPs from which ATR requests to the Sandbox API will be placed. This is required for whitelisting.

Once the developer has access to the ATR Sandbox:

• Use the Client ID and Client Secret that Opala provides to make an authentication request and receive an access token.
• Use the access token as a bearer token to place ATR resource requests via the ATR Sandbox endpoint.

Opala's ATR Endpoints

Auth Request: https://api.in.opalahealth.io:46000/v3/oauth/op/oauth/token

ATR Sandbox: https://api.in.opalahealth.io:46000/v2/fhirsbin/r4

For more detailed information about accessing Opala's Sandbox contact Opala's developer support team at developersupport@opala.com

Production Access

To access Opala's Production API you must obtain a pre-authorization by registering your client application with Opala's authentication server. To pre-authorization your client application:

1. Provide Opala with the IPs from which ATR requests to the API will be placed.
2. Generate and share the JSON Web Key Set (JWKS) public key to be used for authentication with Opala. Make sure you securely store your private key.
3. Opala sends you the Client ID. Use this ID on the incoming auth requests to Opala.

To access the ATR API:

1. Authenticate with the ATR API authorization server by requesting an access token using a signed, one-time use Java Web Token (JWT) and sending the request to the authorization access token url https://api.opalahealth.io:45000/v3/oauth/op/oauth/token.
2. Send the access token as a bearer token to request resources from the ATR API via the base url https://api.opalahealth.io:45000/atr/v1/fhir/r4.

For more information about Opala's ATR API resources, start with the Member Attribution Resource Profiles topic in this documentation set.

For more information on FHIR SMART Backend Authorization standards refer FHIR SMART Backend Services .

For more detailed information about accessing Opala's ATR Production environment, contact Opala's developer support team at developersupport@opala.com