Authentication

​

Overview

​

Generating an API key

1. Log in to the Shasta provider portal.
2. Navigate to Settings > API at app.shasta.health/provider/settings/api.
3. Click Create API Key.
4. Give the key a descriptive name (e.g. “Production Eligibility” or “Staging”).
5. Copy the key immediately — it will only be shown once.

​

Storing your API key securely

• Never commit API keys to source control. Use environment variables or a secrets manager instead.
• Store the key in an environment variable such as SHASTA_HEALTH_API_KEY.
• In production, use a secrets manager like AWS Secrets Manager, Google Secret Manager, HashiCorp Vault, or your platform’s built-in secrets (e.g. Vercel Environment Variables).
• Restrict access to the key to only the services and team members that need it.
• Rotate keys periodically and revoke any that are no longer in use.

​

Using the API key

Authorization: Key <your-api-key>

curl -X POST https://app.shasta.health/api/eligibility \
  -H "Authorization: Key $SHASTA_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "tradingPartnerServiceId": "60054",
    "provider": {
      "organizationName": "Shasta Medical Group",
      "npi": "1234567890"
    },
    "subscriber": {
      "firstName": "Jane",
      "lastName": "Doe",
      "dateOfBirth": "19800115",
      "memberId": "XYZ123456"
    }
  }'

​

Error responses

{
  "code": "UnauthorizedException",
  "message": "Unauthorized"
}

{
  "code": "AccessDeniedException",
  "message": "Site is not configured for eligibility checks"
}

​

Next steps