Last updated: Dec 8, 2025
DEVELOPER
HCO
HEALTH TECH VENDOR
There are two ways to authenticate API requests via Redox:
- legacy API keys
- (Recommended) OAuth API keys
Learn more about authenticating and sending data.
If you’re currently using legacy API keys but would like to migrate to OAuth API keys, follow the instructions below. This migration can be performed with zero downtime.
- A user must be assigned to an engineer role to create or authenticate API keys. Learn about user roles.
- Log into the same environment (development / staging / production) where your legacy API key exists.
- Log in to the Redox dashboard.
- Select the correct environment (i.e., where your legacy API key exists) from the drop-down field on the top left.
- Update your application to authenticate using the new OAuth API key.
- If you have more than one source, include the Redox-Source-Id header in your API requests. You can find the source ID on the Developer > Sources tab. Learn more about managing source details.
- Confirm that your outgoing requests are succeeding with the new API key.
Don’t delete your old key
- Once you fully migrate your application to the new OAuth API key, rotate the legacy API key’s secret by generating a new secret value.
- You can keep both your legacy API keys and OAuth API keys in your system without causing conflicts.