Authenticating and sending data via Redox

Last updated: Sep 5, 2025
HEALTH TECH VENDOR
IMPLEMENTATION
PRODUCT OWNER

To open the data traffic highway, so to speak, you must first authenticate your system to Redox.

What is authentication?

Authentication is the process of proving your system’s identity to Redox. Before you can send data, you must authenticate to establish a secure, trusted connection.

You can use these authentication methods for these communication method types:

Communication method
How to authenticate
API
OAuth API key (recommended) or legacy API key
SFTP
Username and password assigned by the SFTP server
MLLP
VPN configuration

Why is authentication necessary?

Think of authentication like a digital secret handshake. By presenting valid authentication, your system tells Redox, “I am who I say I am, and you can trust the data I’m about to send.”

This process is essential for securing protected health information (PHI) and ensuring data is only sent from authorized sources.

How API authentication works

An OAuth API key includes an ID and a public key/private key pair. A legacy API key includes an ID and a secret value. The IDs are assigned by Redox, and you can generate a private key/public key pair or secret value in the Redox dashboard.

When you send an authentication request with the correct private key or secret value, we generate an access token that’s good for 5 minutes. The access token allows you to initiate requests (e.g., SEND or REQUEST).

Two methods of API authentication

You have two options for authenticating your API requests:

Access control with multiple API keys

We recommend having at least one API key for each environment type (i.e., development, staging, production). However, you can create multiple API keys for an environment, depending on how you want to control access. It just depends on your organization’s security practices.

For example, if two dev teams work in the same environment, it may be useful to have different API keys for each team to work in their own context.

Users in your organization can view or manage API keys depending on their assigned environment role. Learn about environment roles.

What to expect from responses

After receiving an access token, you’re ready to initiate requests. But initiating is just one side of the exchange.

Responses differ based on the request type. Check out these articles to learn about handling your connection’s responses or responding to requests from your connection: