User Management Reference

get
Get Users

https://api.1up.health/user-management/v1/user
Get the list of all the users that exist inside your 1up Developer Application, with the option of filtering by specific users
Request
Response
Request
Query Parameters
app_user_id
optional
string
The user ID you specified when creating a user in 1up for this application
oneup_user_id
optional
string
The 1up assigned numeric ID for the user
client_secret
required
string
1 of 2 API keys gnerated in creating a new app.
client_id
required
string
1 of 2 API keys generate in creating a new app.
Response
200: OK
User successfully retrieved.
{
"oneup_user_id" : "string",
"app_user_id" : "string",
​
// Indicates whether the user is active or not
"active" : "boolean",
},
400: Bad Request
Could not find a user matching this query.
{
// would be non-empty if an error occurred during the request
"error" : "string",
},

post
Create User

https://api.1up.health/user-management/v1/user
Will cause a user to be created with the attributes passed in the request body. The request won't fail if the user already exists but rather will return error saying this user already exists.
Request
Response
Request
Form Data Parameters
app_user_id
required
string
Self defined username.
client_secret
required
string
1 of 2 API keys generated in creating a new app.
client_id
required
string
1 of 2 API keys generated in creating a new app.
Response
200: OK
User successfully created.
{
"success" : "boolean",
"code" : "string",
"app_user_id" : "string",
"oneup_user_id" : "string",
"active" : "boolean",
}
400: Bad Request
Could not create user.
{
// would be non-empty if an error occurred during the request
"error" : "string",
}

put
Update User

https://api.1up.health/user-management/v1/user
Can be used to modify an existing user object. It is possible to modify the app_user_id, but the oneup_user_id is assigned when the user is created and cannot be changed.
Request
Response
Request
Form Data Parameters
oneup_user_id
required
string
System generated user id, which compliments the username.
client_id
required
string
1 of 2 API keys generated in creating a new app.
client_secret
required
string
1 of 2 API keys generated in creating a new app.
Response
200: OK
User successfully updated.
{
"oneUpUserId" : 123456789,
"success" : true
}

put
Deactivate User

https://api.1up.health/user-management/v1/user
Request
Response
Request
Path Parameters
client_secret
required
string
1 of 2 API keys generated in creating a new app.
client_id
required
string
1 of 2 API keys generated in creating a new app.
active
required
string
Set param to "false".
oneup_user_id
required
string
User id generated from creating a new user.
Response
200: OK
User deactivated.
{
"oneUpUserId" : 123456789,
"success" : true
}

put
Grant Permission to User

https://api.1up.health/dstu2/Patient/patientid/_permission/oneup_user_id_to_gain_access
When making a request to the 1upHealth FHIR® API using a user's access_token, the resources returned will be scoped to only the resources that the user has permissions to view. However, sometimes when building an app you might want to support the ability for users to grant access to other users to see certain records. This endpoint allows you to grant access to resources to arbitrary users.
Request
Response
Request
Headers
Authorization
required
string
This access token is owned by user who owns the resource. This endpoint receives authentication in the form of a http bearer authentication header.
Response
200: OK
Permissions successfully granted.
{
"success" : true
}
400: Bad Request
Permissions cannot be altered.
{
"error" : "the resource owner permissions cannot be altered",
"success" : false
}

delete
Revoke Permissions From User

https://api.1up.health/dstu2/Patient/patientid/_permission/oneup_user_id_to_lose_access
This endpoint allows you to remove permissions that have been granted to users to see other users' FHIR® resources.
Request
Response
Request
Headers
Authorization
required
string
This endpoint receives authentication in the form of a http bearer authentication header.
Response
200: OK
Permissions successfully revoked.
{
"success" : true
}