Welcome to the BCBS ND Developer Portal! Our portal provides access to BCBSND's APIs. You can learn more about our APIs by visiting our API Catalog.

If you are a 3rd party developer who is new to our developer portal and would like to subscribe to our APIs, please implement the below steps.

Step 1: Register for a developer account

Sign up as a developer to begin the process of creating an API. Click on the following link to register your account.

 

 

The fields marked with asterisk (*) are mandatory fields. We encourage developers to thoroughly go through BCBSND’s Terms of Service and BCBSND’s Privacy Policy before signing up.
Followed by a successful sign up, you will receive welcome email that looks as follows:

Please use your email address as the login name to sign in.
After successful login, you can register application and subscribe to the APIs.

Step 2: Register your application

If you are a 3rd party developer or organization subscribing to FHIR Patient Access API, please make sure to provide the following information when registering the application.

  • Application Name
  • Client Type
  • Redirect URL

 

 

If a 3rd party application is a native, desktop or single page application which is not capable of securely storing secret key, please choose the client type as “public”. “Public” type application can retrieve access token by implementing OAuth2.0 Authorization Code with PKCE Flow.

Registered applications capable of securing client secret can choose client type “Confidential”. “Confidential” type application can retrieve access token by implementing OAuth2.0 Authorization Code Flow or OAuth2.0 Authorization Code with PKCE Flow.

A registered application, by default, will be in “Pending approval” mode.



When the registered application is approved by BCBSND’s CMS administrator group, a confirmation email will be sent to the developer’s email address with the corresponding details.

 

Step 3: Retrieve Access Token

The following section outlines the details of BCBSND’s OAuth2.0 Authorization Server. Any 3rd party registered application subscribing to Patient Access API (version R4) can leverage the below details to successfully retrieve access token.

Authorization URL: https://bcbsndprodb2c.b2clogin.com/bcbsndprodb2c.onmicrosoft.com/B2C_1A_bluemember_signup_signin/oauth2/v2.0/authorize

Access Token URL:
https://bcbsndprodb2c.b2clogin.com/bcbsndprodb2c.onmicrosoft.com/B2C_1A_bluemember_signup_signin/oauth2/v2.0/token

Supported Scopes:

Public Client: openid, https://bcbsndprodb2c.onmicrosoft.com/fhir/patientaccess/patient.READ
Confidential Client: openid, offline_access, https://bcbsndprodb2c.onmicrosoft.com/fhir/patientaccess/patient.READ

Step 4: Invoke Patient Access API

Once your application successfully retrieves the access token, you can invoke the Patient Access API (version R4) endpoints by passing the OAuth2.0 access token as Bearer token in the HTTP "Authorization" header.

We encourage developers to play with our Patient Access API in sandbox environment (version R4-Sandbox). The sandbox version is secured using API Key. As a 3rd party developer, you can self-generate API Key and leverage it within your registered application to test the API in sandbox. The responses returned by Patient Access API, in sandbox, are mocked and does not reflect information of a real BCBSND's member. 

If you encounter any issues during developer registration or application registration process, please contact our support.