App Developers

Connect Your App to CDPHP® Data

Patient Data

Are you interested in connecting your app to CDPHP data for the Patient Access API, as defined in the Center for Medicare and Medicaid Services (CMS) Interoperability Patient Access Final Rule (CMS-9115-F)? If so, please follow the instructions on how to get started through our partner, 1UpHealth.

Formulary Data

As mandated by the Centers for Medicare and Medicaid Services, CDPHP has made its Formulary Coverage Plan and Formulary Drug data publicly available as HL7 FHIR R4 API resources at the following two endpoint locations:

Formulary Coverage Plan:

Formulary Drug:

FHIR resources adhere to the DaVinci PDEX US Drug Formulary IG Profiles.

No authentication token is required to access the two URL endpoint locations above. Both FHIR server endpoints are hosted by CDPHP partner, 1upHealth.

Provider Directory Data

As mandated by the Centers for Medicare and Medicaid Services, the CDPHP FHIR Directory API meets the specification as outlined in the Da Vinci PDEX Plan-Net Implementation Guide and conforms to the technical standard for data exchange via secure API.

Instructions below are provided as a courtesy for you to get started. This is meant for developers who are familiar with HL7 APIs and assumes understanding of how APIs work.

Additional specific API documentation is available on the HealthSparq Developer Hub.

  1. Obtain a public token from our token service at Make sure to include the required meta data and header information to the endpoint. This specifies which of our directories you are attempting to query. Each requested token will expire after 15 minutes. No authentication is required because this is a public token. This is a deviation from the JOT methodology because we don't use a client and secret; it's simply passing a public token request. There is no need to pass the token as an authenticated bearer token. It needs to be passed as a subject token inside the header section of your call.

    curl --location --request POST '' \
          --header 'Content-Type: application/json' \
          --data-raw '{

    Use the token below to make calls to the FHIR provider directory API

    Auth Token Target:

  2. Include the following required FHIR Provider Call Required Headers:

        --header 'Accept: application/json' \
         --header 'Content-Type: application/json' \
         --header 'Subject-Token: (FYI - public token to be passed with this header)'


  3. In accordance with Da Vinci PDEX Plan-Net Implementation Guide, we recommend querying the metadata endpoint first to generate a capability statement for our API before querying any other data.

Note: The mandate requires this information to be publicly available. If you have questions, please refer to the Da Vinci PDEX Plan-Net Implementation Guide, as our organization cannot support developer specific questions.