Create and verify an endpoint

Last updated: Feb 27, 2024

To receive data, you must first verify your system's endpoint, or destination.

Only for engineer or implementer roles

Any user in a given environment may view connectivity settings, including sources, destinations, API keys, and authentication credentials. However, you must be assigned to an engineer or implementer role to manage them (i.e., create, verify, edit, or delete). Learn about roles.

This how-to is only for users with an engineer or implementer role.

Log in to the Redox dashboard.
From the navigation menu, click the Developer page.
By default, the API Keys tab displays. From the tab options, click the Endpoints tab.
Navigate to the Endpoints tab
Any created endpoints display. If you’re a new user, you should see a Redox API Endpoint already configured by default. You can use this for generating test requests. If you want to create a new endpoint, click the Create Endpoint button.
Other methods or formats
If you want to configure non-API destinations (i.e., endpoints for alternative communication methods or formats), navigate to the Others tab.
A new modal opens with a field for the endpoint name. Enter the name and click the Add button.
Add a new endpoint

Endpoint region field
If your organization is configured for multiple regions, an additional field displays for you to designate the region for the endpoint.
If your organization is configured only for one region, this additional field doesn't appear.
The Settings page for the new endpoint opens. The Name field displays the endpoint name you entered previously.
In the Redox API Endpoint field, enter the URL for this endpoint to receive data. The URL should use SSL/TLS encryption, which means it needs to start with https://.
In the Verification Token field, click the Change Token button. The Change Verification Token modal appears, which has a blank field for you to enter the verification token.
Verification token
The verification token is a value that you decide and Redox uses in the header of any request you receive to verify that the request is from a legitimate endpoint. Treat it like a password. We recommend you use a unique, long alphanumeric string value that's difficult to brute force or guess.
After entering the verification token, click the Save Changes button.
Your changes are saved and the Settings page displays again. In the Verification Method field, select either the GET or POST radio button. We recommend using POST if your endpoint allows it. However, GET can be used for verification too.
When all of your information is entered, click the Verify & Save button in the bottom right corner.
Troubleshooting verification errors
In case you run into any errors, check out our troubleshooting tips for verifying an endpoint.
We receive the verification token and send a test verification request to you. If you selected POST as the verification method, you receive a request with the following payload body:
Example: POST verification token
json
1
{
2
"verification-token":"[your-verification-token]",
3
"challenge":"2e73f864-a0e9-4764-a7d5-91fe5836db22"
4
}
If you selected GET as the verification method, you receive a request with this query string containing two values:
Example: GET verification token
bash
1
?challenge=2e73f864-a0e9-4764-a7d5-91fe5836db22&verification-token=your-verification-token
To verify your endpoint and save your settings, you must first verify that the verification token matches the value you entered in Connection Settings.
To complete the verification test, you must respond to the POST or GET request with the challenge value that we provided in the test. You can add the challenge value anywhere in the body of the response.
Example: Challenge value
json
1
{
2
"challenge":"2e73f864-a0e9-4764-a7d5-91fe5836db22"
3
}

What about more secure auth options?

In case you want to use a beefier security system to authenticate incoming API requests, you have the option to use custom endpoint authentication. With the Redox Platform API, you can:

Check what auth strategies are available.
Create or edit an auth credential.
Retrieve details for a destination (or endpoint) in your dashboard organization.
Update a destination's auth credential.

(Spoiler alert!) Redox supports these auth strategies for your endpoints:

Google Workload Identity Federation (WIF)
OAuth 2.0 Two-legged
SMART Backend
JWT Bearer

To manage and set up for yourself, check out these Redox Platform API specs for technical details:

To get help with setting up custom endpoint authentication without the Platform API, submit a ticket via our Help Desk.

FHIR® is a registered trademark of Health Level Seven International (HL7) and is used with the permission of HL7. Use of this trademark does not constitute an endorsement of products/services by HL7®.