A valid API key is required per product and environment. For example, if you want to develop towards invoice and claim submissions, you will require two separate product api keys for the compliance environment, and then an additional two api keys for when you want to move into production.
When connecting to Provider APIs, digital certificate authentication is done before the api key authentication. This means for connecting to the test (compliance) environment, you will need a valid digital certificate and passphrase.
In production, clinics/practices will be using their own digital certificate – therefore, your application will need to be able to reference the user’s digital certificate when connecting to the APIs. Digital certificates will expire after 1 year, and the user will need to request a new digital certificate and use that once they receive it.
Vendor ID authorisation:
Vendor IDs will be tied to a single organisation, and only digital certificates associated with that organisation will be able to access information related to the vendors which are linked to the organisation.