Migrate from a legacy key to an OAuth key

Last updated: Feb 26, 2024

There are two ways to authenticate API requests via Redox: using our legacy API keys or our recommended OAuth API keys. Learn about authentication methods.

Use this guide if you're currently using legacy API keys but would like to migrate to OAuth API keys. Bonus, you can successfully migrate to OAuth API keys without needing a downtime.

Only for engineer or implementer roles

Any user in a given environment may view connectivity settings, including sources, destinations, API keys, and authentication credentials. However, you must be assigned to an engineer or implementer role to manage them (i.e., create, verify, edit, or delete). Learn about roles.

This how-to is only for users with an engineer or implementer role.

Log in to the Redox dashboard.
Make sure that you're in the same environment (i.e., development, staging, production) that your existing legacy API key is in. If you're not in the same environment, select the correct environment from the drop-down field on the top left.
Follow the steps for creating a new OAuth API key.
Update your system to use the new OAuth key. Include the Redox-Source-Id header in your API requests with the value of the header set to the ID of your legacy API key.
Once you fully migrate your application to the new OAuth key, rotate the legacy key's secret by generating a new secret value.
Don't delete your old key
Don't delete your legacy API key to rotate the secret. Some legacy API key setups require Redoxer support to configure.

You can keep both your legacy API keys and OAuth keys in your system without causing conflicts.

FHIR® is a registered trademark of Health Level Seven International (HL7) and is used with the permission of HL7. Use of this trademark does not constitute an endorsement of products/services by HL7®.