Federal Demonstration Partnership Expanded Clearinghouse

FDP EXPANDED CLEARINGHOUSE API TERMS OF USE (v 2/7/2018)

This Business Use Agreement describes the purpose and function of the Expanded Clearinghouse's System-to-System Application Programming Interface (API), and the responsibilities and expectations of the Authorized Users of the API. An Authorized User is any Participating Organization in the Expanded Clearinghouse who requests and is granted access to the API by FDP. Authorized Users agree to adhere to the terms of this agreement in order to maintain access to the API.

Becoming an Authorized User

  • To Become an Authorized User, a Participating Organization must request, and then receive from FDP, an API access token.
  • The request for token will be made via a form accessed on the FDP Clearinghouse site on the Data Access page. A member of the Participating Organization with a Clearinghouse site account must log in to access this form. The form requires a technical contact name and email address (which do not have to be the same as the user submitting the form). Acceptance of these terms of use is required to submit the form.
  • Should the FDP elect to expand access to the API at some future date, this document will be updated to reflect any modifications to the process for becoming an authorized user.

Functions of the Expanded Clearinghouse API

    The API:
  • Provides read-only access for Authorized API users to Participating Organizations profile data stored in the Expanded Clearinghouse site. Details are provided in the API Spec document located at https://app.swaggerhub.com/apis/vumc/fdp_ech.
  • Tracks each call to the API, including the authorization token and the IP address of each request.

Requirements of API Authorized Users

    Authorized Users of the FDP ECH API shall not:
  • make excessive requests to the API. The API includes rate limiting or throttling technology to limit the number of requests from an individual user over a finite period of time.
  • share authorization token with third parties. Knowingly sharing the token is grounds for having your access to the API terminated via disabling of the authorization token. Authorized User may share their token with their software vendor (as applicable), provided vendor does not use the token to provide API access for its other customers.
  • provide data to third parties. Data access is permitted only for the Authorized User and, as applicable, Authorized User's software vendor (for use with Authorized User's instance of vendor's software). Authorized User shall not share the output from the API with any third parties without the consent of the FDP Expanded Clearinghouse Working Group.

Abuse of any of these requirements is grounds for termination of API access, at the discretion of the FDP.

Best Practices

    In addition to the above requirements, Authorized Users agree to use best efforts to adhere to the following Best Practices in their local implementations of the API:
  • Local persistent storage of Profile data: Storing the entire profile data set in persistent local storage is strongly discouraged. Profile data may change frequently and at non-regular intervals. FDP recommends retrieving individual profile data on demand (optionally with local caching discussed below). Local storage of the data may result in concurrency issues and making business decisions on out-of-date data. The API provides real-time access to a "system-of-record" data source, there's few good use cases for creating a complete local copy of all the data. If Authorized User's use case demands--or local system's technology requires--storage of the entire data set, FDP expects that Authorized User will implement a refresh of the entire data set on a frequent basis, no less than once per month and ideally once per week, in order to ensure local system is working with the most current Participating Organization data.
  • Local short-term caching: As allowed by Authorized User's local system, local short-term caching of API output (e.g. 5-15 minutes) is strongly recommended to reduce instances of multiple identical calls to the API over short time periods. This minimizes load on the clearinghouse servers.

By accessing the API using their authorization token, the Authorized User agrees to all terms and conditions above.