Migrate from a legacy API key to an OAuth API key

Last updated: Apr 8, 2025

DEVELOPER

There are two ways to authenticate API requests via Redox: Using legacy API keys or our recommended OAuth API keys. Learn about authentication methods.

Use this guide if you’re currently using legacy API keys but would like to migrate to OAuth API keys. Bonus, you can successfully migrate to OAuth API keys without needing a downtime.

Only for engineer roles

Any user in a given environment may view connectivity settings, including sources, destinations, API keys, and authentication credentials. However, you must be assigned to an engineer role to manage them (i.e., create, verify, edit, or delete). Learn about roles.

This how-to is only for users with an engineer role.

Log in to the Redox dashboard.
Make sure that you’re in the same environment (i.e., development, staging, production) that your existing legacy API key is in. If you’re not in the same environment, select the correct environment from the drop-down field on the top left.
Follow the steps for creating a new OAuth API key.
Update your system to use the new OAuth API key. Include the Redox-Source-Id header in your API requests. If you don’t know where to find the source ID, learn how to manage source details.
Once you fully migrate your application to the new OAuth API key, rotate the legacy API key’s secret by generating a new secret value.
You can keep both your legacy API keys and OAuth API keys in your system without causing conflicts.
Don't delete your old key
Don't delete your legacy API key to rotate the secret. Some legacy API key setups require Redoxer support to configure.

FHIR® is a registered trademark of Health Level Seven International (HL7) and is used with the permission of HL7. Use of this trademark does not constitute an endorsement of products/services by HL7®.