Flexpa Claims Data API
Health-insurance claims delivered as FHIR ExplanationOfBenefit resources, plus patient-portability operations such as Patient $everything, the International Patient Summary ($summary), and PDF export ($pdf).
Health-insurance claims delivered as FHIR ExplanationOfBenefit resources, plus patient-portability operations such as Patient $everything, the International Patient Summary ($summary), and PDF export ($pdf).
openapi: 3.0.1
info:
title: Flexpa API
description: >-
Flexpa lets applications connect a patient to their health insurance plan and
retrieve claims and clinical data as normalized FHIR R4 resources. Patients
authorize access through Flexpa Link using OAuth 2.0 with PKCE, producing a
Patient Access Token. Server-to-server Application Access Tokens are minted
with the client_credentials grant using publishable and secret keys. The FHIR
API is served under https://api.flexpa.com/fhir.
termsOfService: https://www.flexpa.com/legal/terms
contact:
name: Flexpa Support
url: https://www.flexpa.com/docs
version: '1.0'
servers:
- url: https://api.flexpa.com
paths:
/oauth/authorize:
get:
operationId: authorize
tags:
- Link
summary: Start the Flexpa Link OAuth 2.0 PKCE authorization flow.
description: >-
Redirects the patient into the Flexpa Link experience to select their
health plan and authorize access. On success Flexpa redirects back to the
application's redirect_uri with an authorization code.
parameters:
- name: response_type
in: query
required: true
schema:
type: string
enum:
- code
- name: client_id
in: query
required: true
description: Your publishable key.
schema:
type: string
- name: redirect_uri
in: query
required: true
schema:
type: string
format: uri
- name: scope
in: query
required: false
schema:
type: string
- name: state
in: query
required: false
schema:
type: string
- name: code_challenge
in: query
required: true
schema:
type: string
- name: code_challenge_method
in: query
required: true
schema:
type: string
enum:
- S256
responses:
'302':
description: Redirect back to redirect_uri with an authorization code.
/oauth/token:
post:
operationId: token
tags:
- Access Tokens
summary: Exchange a code, refresh a token, or mint an Application Access Token.
description: >-
The token endpoint supports the authorization_code grant (with PKCE
code_verifier) to obtain a Patient Access Token, the refresh_token grant to
renew it, and the client_credentials grant (Basic auth with
publishable_key:secret_key) to mint a server-to-server Application Access
Token. Application Access Tokens are JWTs signed with ES256 and live for 30
minutes.
requestBody:
required: true
content:
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/TokenRequest'
responses:
'200':
description: A token response.
content:
application/json:
schema:
$ref: '#/components/schemas/TokenResponse'
/fhir/metadata:
get:
operationId: getCapabilityStatement
tags:
- FHIR
summary: FHIR capability statement.
description: Returns the FHIR CapabilityStatement describing supported resources and operations.
responses:
'200':
description: A FHIR CapabilityStatement resource.
/fhir/Patient:
get:
operationId: searchPatient
tags:
- FHIR
summary: Search Patient resources.
security:
- bearerAuth: []
parameters:
- $ref: '#/components/parameters/identifier'
responses:
'200':
description: A FHIR Bundle of Patient resources.
content:
application/fhir+json:
schema:
$ref: '#/components/schemas/Bundle'
'429':
$ref: '#/components/responses/Syncing'
'422':
$ref: '#/components/responses/SyncFailed'
/fhir/Patient/{id}:
get:
operationId: readPatient
tags:
- FHIR
summary: Read a single Patient resource.
security:
- bearerAuth: []
parameters:
- $ref: '#/components/parameters/resourceId'
responses:
'200':
description: A FHIR Patient resource.
/fhir/Patient/{id}/$everything:
get:
operationId: patientEverything
tags:
- Claims Data
summary: Return all resources in the patient compartment.
security:
- bearerAuth: []
parameters:
- $ref: '#/components/parameters/resourceId'
responses:
'200':
description: A FHIR Bundle of all patient compartment resources.
content:
application/fhir+json:
schema:
$ref: '#/components/schemas/Bundle'
/fhir/Patient/{id}/$summary:
get:
operationId: patientSummary
tags:
- Claims Data
summary: Generate an International Patient Summary (IPS) document.
security:
- bearerAuth: []
parameters:
- $ref: '#/components/parameters/resourceId'
responses:
'200':
description: A FHIR IPS Bundle.
/fhir/Patient/{id}/$pdf:
get:
operationId: patientPdf
tags:
- Claims Data
summary: Export comprehensive patient health data as a PDF.
security:
- bearerAuth: []
parameters:
- $ref: '#/components/parameters/resourceId'
responses:
'200':
description: A PDF document.
content:
application/pdf:
schema:
type: string
format: binary
/fhir/Coverage:
get:
operationId: searchCoverage
tags:
- FHIR
summary: Search Coverage resources.
security:
- bearerAuth: []
parameters:
- $ref: '#/components/parameters/patient'
- $ref: '#/components/parameters/status'
responses:
'200':
description: A FHIR Bundle of Coverage resources.
content:
application/fhir+json:
schema:
$ref: '#/components/schemas/Bundle'
'429':
$ref: '#/components/responses/Syncing'
/fhir/Coverage/{id}:
get:
operationId: readCoverage
tags:
- FHIR
summary: Read a single Coverage resource.
security:
- bearerAuth: []
parameters:
- $ref: '#/components/parameters/resourceId'
responses:
'200':
description: A FHIR Coverage resource.
/fhir/ExplanationOfBenefit:
get:
operationId: searchExplanationOfBenefit
tags:
- Claims Data
summary: Search ExplanationOfBenefit (claims) resources.
description: >-
Returns health-insurance claims as FHIR ExplanationOfBenefit resources.
Supports FHIR R4 search parameters including patient, created, provider,
coverage, status, and identifier.
security:
- bearerAuth: []
parameters:
- $ref: '#/components/parameters/patient'
- name: created
in: query
schema:
type: string
- name: provider
in: query
schema:
type: string
- name: coverage
in: query
schema:
type: string
- $ref: '#/components/parameters/status'
- $ref: '#/components/parameters/identifier'
responses:
'200':
description: A FHIR Bundle of ExplanationOfBenefit resources.
content:
application/fhir+json:
schema:
$ref: '#/components/schemas/Bundle'
'429':
$ref: '#/components/responses/Syncing'
'422':
$ref: '#/components/responses/SyncFailed'
/fhir/ExplanationOfBenefit/{id}:
get:
operationId: readExplanationOfBenefit
tags:
- Claims Data
summary: Read a single ExplanationOfBenefit resource.
security:
- bearerAuth: []
parameters:
- $ref: '#/components/parameters/resourceId'
responses:
'200':
description: A FHIR ExplanationOfBenefit resource.
/fhir/Practitioner:
get:
operationId: searchPractitioner
tags:
- FHIR
summary: Search individual providers by NPI, name, or specialty.
security:
- bearerAuth: []
responses:
'200':
description: A FHIR Bundle of Practitioner resources.
content:
application/fhir+json:
schema:
$ref: '#/components/schemas/Bundle'
/fhir/Organization:
get:
operationId: searchOrganization
tags:
- FHIR
summary: Search healthcare organizations by NPI, name, or location.
security:
- bearerAuth: []
responses:
'200':
description: A FHIR Bundle of Organization resources.
content:
application/fhir+json:
schema:
$ref: '#/components/schemas/Bundle'
/fhir/ViewDefinition/$run:
post:
operationId: runViewDefinition
tags:
- FHIR
summary: Extract structured (tabular) data using a SQL-on-FHIR ViewDefinition.
security:
- bearerAuth: []
requestBody:
required: true
content:
application/fhir+json:
schema:
type: object
responses:
'200':
description: Structured extraction output.
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
description: >-
A Patient Access Token (from the authorization_code flow) or an Application
Access Token (from the client_credentials flow), sent as
Authorization: Bearer {access_token}.
parameters:
resourceId:
name: id
in: path
required: true
schema:
type: string
patient:
name: patient
in: query
schema:
type: string
status:
name: status
in: query
schema:
type: string
identifier:
name: identifier
in: query
schema:
type: string
responses:
Syncing:
description: >-
The patient's data is still being synchronized from the payer (typically
under one minute). Retry after a short delay.
SyncFailed:
description: Synchronization with the payer failed.
schemas:
TokenRequest:
type: object
required:
- grant_type
properties:
grant_type:
type: string
enum:
- authorization_code
- refresh_token
- client_credentials
code:
type: string
description: The authorization code (authorization_code grant).
code_verifier:
type: string
description: The PKCE verifier (authorization_code grant).
redirect_uri:
type: string
format: uri
client_id:
type: string
description: Your publishable key.
refresh_token:
type: string
description: The refresh token (refresh_token grant).
TokenResponse:
type: object
properties:
access_token:
type: string
token_type:
type: string
example: Bearer
expires_in:
type: integer
description: Token lifetime in seconds.
refresh_token:
type: string
description: Present when the offline_access scope was granted.
scope:
type: string
Bundle:
type: object
description: A FHIR R4 Bundle of resources.
properties:
resourceType:
type: string
example: Bundle
type:
type: string
example: searchset
total:
type: integer
entry:
type: array
items:
type: object