The Opala Solution

Working with Accounts

Creating an Opala Account Registering as a Developer with Opala Working with Your Profile

Third-Party Application
  Management

Registering an Application Maintaining an Application Register a New Version of an Application

Payer-to-Payer Data
  Exchange

Registering as a Payer with Opala Transferring Member Health Information Registering Your Organization with Opala
Application Gallery

FHIR at Opala

FHIR for CMS Interoperability Opala's FHIR Servers CMS Implementation Guides

Working with Opala's
  APIs

Using Opala's Sandbox & Production Environments
Introduction Sandbox Settings Using the Sandbox Test User
Endpoints Available: AllergyIntolerance Coverage DiagnosticReport Immunization MedicationRequest Patient
API Queries Setting Up Postman Setting Up Production API Access Using Bundles with Opala's APIs Response Pagination

Opala's API
  Documentation

The Opala Patient Access API The Opala Provider Directory The Opala Member Attribution (ATR) API
Release Notes

© 2021-2023 Opala. All Rights Reserved.

Version 1.1.1.0


Contact Opala's
Documentation Team

Using Opala's Sandbox and Production Environments

Once you have created an account with Opala, you are given access to Opala's sandbox environment. This environment parallels the Opala production environment but contains no live data: all data available in the Sandbox is created specifically for the sandbox environment and does not correspond to any real-world data.

The Sandbox provides complete functionality. Use the sandbox environment to test your application's connectivity and validate all aspects of your application against the test data. Opala recommends validating your application against the sandbox environment before registering your applicatiion.

Once you validate your app in the Sandbox, Opala will give you access to our Production environment, which contains live member data.

Sandbox Settings

The Sandbox Settings page enables you to create an OIDC client to use in the test environment.

To access the Sandbox Settings page:

  1. Login to your account on the Developer Portal.

    Note: You must go to the login page from the main Developer Portal page to log in. If you bookmark the login page and try to sign in directly from that (without going through the Developer Portal) you will receive and error.

  2. In the My Sandbox section of the Developer Portal, select the Go to Settings button.

    Note: You can also select Sandbox Settings from the drop-down list beside the profile icon.

  3. On the Sandbox Settings page you can add, edit, and view your sandbox OIDC (OpenID Connect) client details:
    • App Name. Enter or modify the name of the application you are giving access to the Sandbox. Use the app name as it appears in the supported App Stores and download sites.
    • OIDC Redirect URLs. Enter or modify the URLs to which members are redirected upon successful authentication.
      You can enter a redirect back to your SMART app, your testing tool, your API client, etc.
    • Confidentiality. Indicate whether the app runs in an execution environment that enables the app to protect client secrets (Confidential), or whether the app runs in an execution environment that does not protect client secrets (Public).
      Opala recommends using apps that run in an execution environment that enables the app to protect secrets.
    • Required Scopes. Enter or modify the SMART scopes required for your application.

      Note: openid and profile are default scopes already included in the client definition.

      Opala suggests using the following scopes (at minimum) for developers:
      openid profile
      fhirUser launch/patient offline_access online_access openid patient/*.read profile
      Opala suggests using the following scopes for payer administrators:
      openid profile
      launch/patient fhirUser offline_access online_access patient/AllergyIntolerance.read patient/CarePlan.read patient/CareTeam.read patient/Condition.read patient/Device.read patient/DiagnosticReport.read patient/DocumentReference.read patient/Encounter.read patient/Goal.read patient/Immunization.read patient/Location.read patient/Medication.read patient/MedicationRequest.read patient/Observation.read patient/Organization.read patient/Patient.read patient/Practitioner.read patient/PractitionerRole.read patient/Procedure.read patient/Provenance.read patient/QuestionnaireResponse.read patient/RelatedPerson.read patient/ServiceRequest.read
  4. Save your settings.
    Once you save the settings, the Sandbox Settings page displays the connection details — FHIR Endpoint, Discovery Document, Client ID, and, for confidential apps, Client Secret. The FHIR Endpoint is the base URL for Opala's FHIR server; the Discovery Document describes the surface of the API, how to access it, and how API requests and responses are structured; the Client ID and Client Secret are used to authorize the app to access Opala's APIs.

Using the Sandbox

  1. Enter the Discovery Document URL in a browser or in an API Client to find the Auth and Access Token URLs.

    Note: You can find the Discovery Document URL on your Sandbox Settings page.

  2. Find the Auth and Access Token URLs in the Smart Configuration metadata. These will be needed when connecting via an API client like Postman.
  3. To use your Sandbox client in an API client, enter the provided connection details into the Authorization section and enter the scopes you would like to request access to.
  4. When prompted to log in, use the credentials for the Test User below.
  5. Once you log in you will see a scopes selection page. The scopes you've requested access to in your API client or SMART app are listed here, and, by default, they will all be selected.
  6. Once you have the scopes you need, select the Authorize button.
  7. You are redirected back to your API client, App, Terminal session, etc.
  8. At this point, you have generated an Access Token and should be able to access the synthetic patient, Jane Gold, data using that token.

    Note: See below for the Patient Access API endpoints available in the Opala Sandbox.

Test User

Opala provides a test user for you to use in the sandbox environment. The user is Jane W. Gold. To access this resource, use the following login information:

Patient Access Endpoints Available in the Sandbox for Jane Gold

AllergyIntolerance

URL: http://host:port/api.opalahealth.io:45000/v2/fhir/r4/AllergyIntolerance?patient=Patient/{ID}

Profile: http://hl7.org/fhir/us/core/StructureDefinition/us-core-allergyintolerance

clinicalStatus: http://terminology.hl7.org/CodeSystem/allergyintolerance-clinical

code: http://terminology.hl7.org/CodeSystem/v3-NullFlavor

verificationStatus: http://terminology.hl7.org/CodeSystem/allergyintolerance-verification

Coverage

URL: http://host:port/api.opalahealth.io:45000/v2/fhir/r4/Coverage?beneficiary=Patient/patient=Patient/{ID}

Profile: http://hl7.org/fhir/us/carin-bb/StructureDefinition/C4BB-Coverage

payor: urn:uuid:04b08c84-1feb-11ec-81d4-0242c0a87002

DiagnosticReport

URL: http://host:port/api.opalahealth.io:45000/v2/fhir/r4/DiagnosticReport?patient=Patient/{ID}

code: http://hl7.org/fhir/us/core/ValueSet/us-core-diagnosticreport-category

identifier: http://terminology.hl7.org/CodeSystem/v2-0203

Immunization

URL: http://host:port/api.opalahealth.io:45000/v2/fhir/r4/Immunization?patient=Patient/{ID}

Profile: http://hl7.org/fhir/us/core/StructureDefinition/us-core-immunization

MedicationRequest

URL: http://host:port/api.opalahealth.io:45000/v2/fhir/r4/MedicationRequest?subject=Patient/{ID}

Profile: http://hl7.org/fhir/us/core/StructureDefinition/us-core-medicationrequest

medicationCodeableConcept: http://terminology.hl7.org/CodeSystem/v3-NullFlavor

medicationCodeableConcept: http://www.nlm.nih.gov/research/umls/rxnorm

Patient

Profile: http://hl7.org/fhir/us/carin-bb/StructureDefinition/C4BB-Patient

identifier: http://terminology.hl7.org/CodeSystem/v2-0203

type: http://hl7.org/fhir/us/carin-bb/ValueSet/C4BBPatientIdentifierType

Setting Up a Client for Production Access

For information about setting up a client application, see Registering an Appliction.

For information about setting up a Payer Administrator, see Setting Up Production API Access for a Payer.

Top