API Endpoints Overview

IAS provides RESTful endpoints that support identity token issuance, retrieval initiation, status monitoring, result access, and audit review.

Token Issuance

Token issuance endpoints are used to obtain a signed IAS identity token after successful identity verification with an approved Credential Service Provider (CSP).

Depending on your integration model, your system may:

• Obtain a signed identity token directly from your CSP
• Use a Health Gorilla endpoint when supported by your implementation

IAS identity tokens are time-bound and must be validated before initiating retrieval.

Initiate Retrieval

Retrieval endpoints initiate a person-authorized query through QHIN enabled exchange.

When a retrieval request is accepted:

• The service returns 202 Accepted
• Retrieval processing begins asynchronously

Your system must monitor status until processing completes.

Monitor Retrieval Status

Status endpoints return the current processing state of a retrieval request.

Terminal states include:

• completed
• partial
• failed

Your system must monitor retrieval status until a terminal state is reached before consuming results.

Retrieve Results

Result endpoints return FHIR R4 Bundle resources containing DocumentReference resources.

Results may include:

• DocumentReference resources
• Binary resources

Large result sets may require pagination. Your system must follow pagination instructions provided in the response.

Retrieve Audit Metadata

Audit endpoints return metadata associated with a retrieval request, including provenance and processing details.

Use audit responses to correlate IAS activity with your system logs and compliance records.