Flexpa Link

Use Link to help your users connect health plan data to your app

Adding Flexpa Link to your app lets your users authorize access to their health plan data. Your app can then use the Flexpa API to retrieve patient health plan and clinical data.

Flexpa Link will handle the SMART on FHIR authentication flow and error handling for each health data source that we support. Flexpa Link works across all modern browsers.

To use Flexpa Link you will need:

A frontend app to start the authentication flow with a user. Flexpa Link runs in an <iframe> and can be added to your frontend with a <script> tag.
A backend web server to complete the authentication flow (complete the next section).
A pair of API Keys. Contact us for live access.

To try Flexpa Link, see the Demo.

Authentication flow

The diagram below shows how Flexpa Link is used to obtain a public_token, which is exchanged for a patient access_token, which is finally used with the Flexpa API.

The flow starts when your user wants to link their plan data to your app.

Your frontend application opens Flexpa Link with your publishable_key using the create() and open() functions in the install step below.

In the onSuccess callback you will receive a public_token.

You must exchange the public_token (along with your secret_key) for a functioning access_token.

This step happens on your backend server.

Use the access_token to make requests to Flexpa API to access the user's health plan data.

Install

You can add Flexpa Link to your application within a couple of minutes.

Inside an HTML document add the Flexpa Link script like so to create a global FlexpaLink object in your application:

<head>
...
<script src="https://js.flexpa.com/v1/"></script>
</head>

Create

Next, we need to initialize FlexpaLink by calling create. Use the publishable_key_test or publishable_key_live key provided by us:

FlexpaLink.create({
  // Replace with your publishable key
  publishableKey: '...', 
  onSuccess: (publicToken) => {
    // Send `publicToken` to your backend to exchange it for a patient `access_token`
    // https://www.flexpa.com/docs/sdk/login#exchange
    console.log('publicToken: ', publicToken)
  }
});

Open

To start the authentication flow where your users will link their health data, you'll need to use the open() function on the FlexpaLink object. For example, opening on a button click:

<button onclick="FlexpaLink.open()">Link your health data</button>

Exchange public token for access token

See extended documentation for the exchange step in the Flexpa API docs

Extended docs

When a user successfully links a health data source, FlexpaLink will call the onSuccess callback you defined in the create step. This callback receives a public_token. For security reasons, this public_token cannot be used to access the Flexpa API directly. Instead, it must be exchanged for an access_token.

To exchange a public_token for an access_token send an HTTP POST request to https://api.flexpa.com/link/exchange with a Content-Type: application/json header and a JSON body containing the public_token and your secret_key API key.

cURL example:

curl -X POST https://api.flexpa.com/link/exchange \
  -H 'Content-Type: application/json' \
  -d '{
    "public_token": "public_token_950fae5f-7903-4ce1-9414-9b44c4e55263",
    "secret_key": "<your-secret-key>""
  }'

That's it! You now have an access_token to make requests to Flexpa API.

Questions? Check out our community support Discord serverJoin Discord server

Next steps

API Reference

Use Flexpa API as a unified API to access Explanation of Benefits and more

Build with Flexpa API →

Quickstart

Get started with a cloneable quickstart project

Try it out →