You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<pclassName='qpp-docs-page-updated'>Last Updated: 08/31/2023</p>{/* IMPORTANT: update this Last-Updated value if you have made any changes to this page's content. */}
12
-
<h2className='ds-h2'style={{marginTop: 0}}id='advanced-tutorial'>Tutorial: Add and update data via API</h2>
12
+
<h2className='ds-text-heading--2xl'style={{marginTop: 0}}id='advanced-tutorial'>Tutorial: Add and update data via API</h2>
13
13
<p>
14
14
In the <LinkToIdto='/tutorial'text='first tutorial'/> we covered how to create a measurement set and retrieve the score in two different API requests. We're now going to build on the previous tutorial by adding another measure to the measurement set we created in the previous tutorial. All of these examples serve to illustrate how the Submissions API can make it easier to react to and fix issues that arise.
Copy file name to clipboardExpand all lines: src/app/components/guides/authorization-and-authentication.tsx
+3-3Lines changed: 3 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -5,12 +5,12 @@ const AuthenticationAndAuthorization: React.FC<DocPageProps> = ({dataTestId}: Do
5
5
return(
6
6
<divdata-testid={dataTestId}>
7
7
<pclassName='qpp-docs-page-updated'>Last Updated: 08/26/2020</p>{/* IMPORTANT: update this Last-Updated value if you have made any changes to this page's content. */}
8
-
<h2className='ds-h2'style={{marginTop: 0}}>Submissions API Authentication and Authorization</h2>
9
-
<pclassName='ds-text'>
8
+
<h2className='ds-text-heading--2xl'style={{marginTop: 0}}>Submissions API Authentication and Authorization</h2>
9
+
<pclassName='ds-text-body--md'>
10
10
To submit directly to QPP using the Submissions API, Qualified Registries and QCDRs use CMS-provided tokens in their API calls. You can learn more about the Submissions API authentication and authorization model for Qualified Registries and QCDRs <LinkToIdto='/qualified-registries-and-qcdrs'text='here'/>.
11
11
</p>
12
12
13
-
<pclassName='ds-text'>
13
+
<pclassName='ds-text-body--md'>
14
14
We support OAuth Authentication, which provides client applications with secure, delegated access to the Submissions API. You can learn more about using OAuth with the Submissions API <LinkToIdto='/getting-started-with-oauth'text='here'/>.
<pclassName='qpp-docs-page-updated'>Last Updated: 08/31/2023</p>{/* IMPORTANT: update this Last-Updated value if you have made any changes to this page's content. */}
10
-
<h2className='ds-h2'style={{marginTop: 0}}>Tutorial: Create and Score Data via API</h2>
10
+
<h2className='ds-text-heading--2xl'style={{marginTop: 0}}>Tutorial: Create and Score Data via API</h2>
11
11
<p>
12
12
The Submissions API is an easy way to manage your performance data with CMS. Performance data is organized into submissions, which can have many measurements. Measurements within a submission are also grouped by category (e.g. quality) and submission method (e.g. registry) and program name (e.g. mips) into measurement sets.
Let's walk through an example of how you might submit performance data as a registry API user!
19
19
</p>
20
20
21
-
<h3className='ds-h3'id='creating-a-measurement-set'>Create a new measurement set</h3>
21
+
<h3className='ds-text-heading--xl'id='creating-a-measurement-set'>Create a new measurement set</h3>
22
22
<p>
23
23
We need to create a <em>measurement set</em> first. We can do that by asking the API to create a measurement set record in the CMS database. In API terms, this means making a <code>POST</code> (synonym for <em>create</em>) request to the <code>/measurement-sets</code> endpoint.
<h3className='ds-h3'id='scoring-a-submission'>Scoring a submission</h3>
37
+
<h3className='ds-text-heading--xl'id='scoring-a-submission'>Scoring a submission</h3>
38
38
<p>
39
39
With the submission <code>id</code> we were given, we can ask the API to calculate the submission score with a GET request. We don't need to include a request body this time since we're only interested in retrieving the score, and CMS doesn't need any information other than the submission <code>id</code>.
<pclassName='qpp-docs-page-updated'>Last Updated: 08/31/2023</p>{/* IMPORTANT: update this Last-Updated value if you have made any changes to this page's content. */}
9
-
<h2className='ds-h2'style={{marginTop: 0}}>Getting Started Using QPP OAuth</h2>
10
-
<pclassName='ds-text'>
9
+
<h2className='ds-text-heading--2xl'style={{marginTop: 0}}>Getting Started Using QPP OAuth</h2>
10
+
<pclassName='ds-text-body--md'>
11
11
Using OAuth with the Submissions API allows QPP participants to use their own QPP credentials to login through your application to submit their data to and view performance feedback from QPP. Before you can request production access, you will need to use the Developer Preview Environment to build, test and demo your OAuth application.
12
12
</p>
13
13
14
-
<h2className='ds-h2'id='oauth'>Using OAuth in the Developer Preview</h2>
15
-
<pclassName='ds-text'>
14
+
<h2className='ds-text-heading--2xl'id='oauth'>Using OAuth in the Developer Preview</h2>
15
+
<pclassName='ds-text-body--md'>
16
16
To use the QPP Submissions API with OAuth, you must create a Developer Preview account and register the application.
17
17
</p>
18
-
<pclassName='ds-text'>
18
+
<pclassName='ds-text-body--md'>
19
19
Create an account for Developer Preview at <ExternalLinkhref={envConfig.qppCmsPreviewUrl}/>.
20
20
</p>
21
21
22
-
<h3className='ds-h3'>Connect to EHR or reporting application</h3>
23
-
<pclassName='ds-text'>
22
+
<h3className='ds-text-heading--xl'>Connect to EHR or reporting application</h3>
23
+
<pclassName='ds-text-body--md'>
24
24
Log in to Developer Preview (<ExternalLinkhref={envConfig.qppCmsPreviewUrl}/>).
25
25
</p>
26
-
<pclassName='ds-text'>
26
+
<pclassName='ds-text-body--md'>
27
27
Locate your EHR (search by the EHR name as it appears in the <ExternalLinkhref={envConfig.chplHealthItUrl}text='CHPL database'/>).
28
28
</p>
29
-
<pclassName='ds-text'>
29
+
<pclassName='ds-text-body--md'>
30
30
If you cannot locate your EHR or are a registry user, create one manually.
31
31
</p>
32
-
<pclassName='ds-text'>
32
+
<pclassName='ds-text-body--md'>
33
33
After requesting the role, it may take a few minutes to populate.
34
34
</p>
35
35
36
-
<h3className='ds-h3'>Register an Application</h3>
37
-
<pclassName='ds-text'>
36
+
<h3className='ds-text-heading--xl'>Register an Application</h3>
37
+
<pclassName='ds-text-body--md'>
38
38
Once you are connected, you can use the OAuth APIs directly on the <ExternalLinkhref={`${envConfig.qppCmsPreviewUrl}/api/auth/docs/#/OAuth`}text='Auth API'/>. Also, Development Preview contains a UI (<ExternalLinkhref={`${envConfig.qppCmsPreviewUrl}/user/applications`}text='here'/>) where you can create and manage your OAuth applications.
39
39
</p>
40
-
<pclassName='ds-text'>
40
+
<pclassName='ds-text-body--md'>
41
41
Registering and testing your application within the Developer Preview is required prior to being granted production OAuth access.
Terms of Service and Privacy Policy are optional for the test environment, but required for production.
54
54
</li>
55
55
</ul>
56
-
<pclassName='ds-text'>
56
+
<pclassName='ds-text-body--md'>
57
57
In the test environment, a registered application is assigned a client ID and, if applicable, a client secret. The secret should only be used if it can be kept confidential, such as for communication between your server and the Submissions API.
58
58
</p>
59
-
<pclassName='ds-text'>
59
+
<pclassName='ds-text-body--md'>
60
60
Additional support along with a sample OAuth Client, can be found in the QPP Github at: <ExternalLinkhref='https://github.com/CMSgov/qpp-submissions-docs/tree/master/oauth_sample'/>.
61
61
</p>
62
62
63
-
<h2className='ds-h2'id='create-user'>Create test users in the Developer Preview</h2>
64
-
<pclassName='ds-text'>
63
+
<h2className='ds-text-heading--2xl'id='create-user'>Create test users in the Developer Preview</h2>
64
+
<pclassName='ds-text-body--md'>
65
65
To support Developer Preview integration and testing, we created the <ExternalLinkhref={`${envConfig.qppCmsPreviewUrl}/api/synthetic-data/docs/index.html`}text='Test Data Service'/>. Using this API, you can reserve specific scenarios in the Test Data Service to test granting access to their QPP authorizations and try out different special scoring scenarios. Please visit the Interactive Documentation to learn more about setting up test users in Developer Preview.
66
66
</p>
67
67
68
-
<h2className='ds-h2'id='production-api-access'>Production API Access</h2>
69
-
<pclassName='ds-text'>
68
+
<h2className='ds-text-heading--2xl'id='production-api-access'>Production API Access</h2>
69
+
<pclassName='ds-text-body--md'>
70
70
To submit data via OAuth and the Submissions API during the submission window, your application must be approved for production use by QPP. To apply for production access, you must demonstrate your application to QPP and attest that your organization:
71
71
</p>
72
72
<ul>
73
73
<li>Is a US-based company</li>
74
74
<li>Agrees to CMS API Terms of Use</li>
75
75
<li>Participated in the CMS QPP Submissions API Developer Preview</li>
76
76
</ul>
77
-
<pclassName='ds-text'>
77
+
<pclassName='ds-text-body--md'>
78
78
You will also be asked to provide:
79
79
</p>
80
80
<ul>
81
81
<li>A company website</li>
82
82
<li>A point of contact</li>
83
83
<li>URL to Application Privacy or Terms of Use</li>
84
84
</ul>
85
-
<pclassName='ds-text'>
85
+
<pclassName='ds-text-body--md'>
86
86
To request production access, please email the QPP Help Desk at [email protected] to set up a demonstration with the QPP team. In order to have sufficient time to go through the approval process, requests for production access for an upcoming submission period should be made no later than November 1 prior to submissions opening.
<pclassName='qpp-docs-page-updated'>Last Updated: 07/01/2021</p>{/* IMPORTANT: update this Last-Updated value if you have made any changes to this page's content. */}
62
-
<h2className='ds-h2'style={{marginTop: 0}}>Qualified Registries and QCDRs</h2>
63
-
<pclassName='ds-text'>
62
+
<h2className='ds-text-heading--2xl'style={{marginTop: 0}}>Qualified Registries and QCDRs</h2>
63
+
<pclassName='ds-text-body--md'>
64
64
Qualified Registries and QCDRs entities that are authorized by the Centers for Medicare & Medicaid Services (CMS) to submit Quality Measures, Promoting Interoperability Measures, and/or Improvement Activities on behalf of MIPS eligible clinicians, groups, and/or virtual groups for a specified performance year can submit directly to the Submissions API using an API token.
65
65
</p>
66
-
<pclassName='ds-text'>
66
+
<pclassName='ds-text-body--md'>
67
67
Tokens are specific to your organization and are specific to the environment within the Submissions API. Developer Preview tokens are for testing against the Submissions API in the Developer Preview environment. Production token are for submitting during the specific performance year's submissions window to the production environment of the Submissions API.
68
68
</p>
69
-
<pclassName='ds-text'>
69
+
<pclassName='ds-text-body--md'>
70
70
If you are a Registry or QCDR using the Developer Preview, you have an API key that is associated with an 'organization'. This affects what endpoints you are authorized to use, and what behavior each endpoint has.
71
71
</p>
72
-
<pclassName='ds-text'>
72
+
<pclassName='ds-text-body--md'>
73
73
At a high level, your API key allows you to create and edit data using the <code>/measurement-sets</code> and <code>/measurements</code> endpoints. You cannot create data using the <code>/submissions</code> endpoint. For more information about what you're authorized to do with the Submissions API, click <LinkToIdto='/developer-preview#authorization'text='here'offset='130'/>.
You must authenticate your account when using the Submissions API. Authenticate via bearer auth by adding your API token to the header of every request using the key value: <strong>Authorization: Bearer [YOUR API TOKEN]</strong>.
79
79
</p>
80
-
<pclassName='ds-text'>
80
+
<pclassName='ds-text-body--md'>
81
81
API keys carry many privileges, and must not be shared in publicly accessible areas such as GitHub and in client-side code. Even within organizations, access must be limited to staff embedding it in software.
82
82
</p>
83
-
<pclassName='ds-text'>
83
+
<pclassName='ds-text-body--md'>
84
84
Your API key carries many privileges, so be sure to keep it secret! Do not share your secret API key in publicly accessible areas such GitHub, client-side code, and so forth.
85
85
</p>
86
-
<pclassName='ds-text'>
86
+
<pclassName='ds-text-body--md'>
87
87
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests in the Developer Preview without authentication will also fail.
88
88
</p>
89
-
<pclassName='ds-text'>
89
+
<pclassName='ds-text-body--md'>
90
90
Please see <ExternalLinkhref={`${envConfig.cmsGithubIo}/qpp-developer-preview-docs/getting-started`}text='Getting Started'/> for instructions on how to download your registry token.
If you are a current Qualified Registry or QCDR using the Submissions API, you have an API key that is associated with an 'organization'. This affects what endpoints you are authorized to use, and what behavior each endpoint has.
96
96
</p>
97
-
<pclassName='ds-text'>
97
+
<pclassName='ds-text-body--md'>
98
98
In general, if you have an organization-type API key, you can:
<h2className='ds-h2'>Retrieve your API tokens</h2>
130
-
<pclassName='ds-text'>
129
+
<h2className='ds-text-heading--2xl'>Retrieve your API tokens</h2>
130
+
<pclassName='ds-text-body--md'>
131
131
To retrieve your Developer Preview and production tokens, you must have a HARP account that has a Security Official role for your Qualified Registry or QCDR. Please see <ExternalLinkhref={`${envConfig.cmsGithubIo}/qpp-developer-preview-docs/getting-started`}text='Getting Started'/> for instructions on how to download your registry token..
<pclassName='qpp-docs-page-updated'>Last Updated: 01/05/2021</p>{/* IMPORTANT: update this Last-Updated value if you have made any changes to this page's content. */}
9
-
<h2className='ds-h2'style={{marginTop: 0}}>The Submissions API enables submissions and real-time performance scoring of Quality Payment Program (QPP) data. </h2>
10
-
<pclassName='ds-text'>
9
+
<h2className='ds-text-heading--2xl'style={{marginTop: 0}}>The Submissions API enables submissions and real-time performance scoring of Quality Payment Program (QPP) data. </h2>
10
+
<pclassName='ds-text-body--md'>
11
11
The Submissions API is a RESTful API. It has predictable, resource-oriented URLs, and uses HTTP response codes to indicate API errors. It uses standard HTTP features, like HTTPS authentication and HTTP verbs, which are understood by off-the-shelf HTTP clients.
12
12
</p>
13
-
<pclassName='ds-text'>
13
+
<pclassName='ds-text-body--md'>
14
14
The Submissions API supports cross-origin resource sharing, allowing you to interact securely with the API from a client-side web application (though you should never expose your secret API key in any public website's client-side code).
15
15
</p>
16
-
<pclassName='ds-text'>API responses are returned in JSON, including errors.</p>
16
+
<pclassName='ds-text-body--md'>API responses are returned in JSON, including errors.</p>
Visit the <ExternalLinkhref={`${envConfig.qppCmsPreviewUrl}/api/submissions/public/docs`}text='Interactive Documentation'/> to learn more about the endpoints available in the Submissions API.
0 commit comments