How to set POST Callback URLs / Redirect URIs?

[Ashish Narnoli]

Hi,

I have setup demo application in Flutter for integrating Bluebutton 2.0 using https://www.npmjs.com/package/cms-bluebutton-sdk in Google Cloud Functions.

In the Sandvox I have added application and provided '/bluebutton-callback' as my Callback URLs / Redirect URIs in BB. Everything works fine with this setup. 

My '/bluebutton-callback' API receives GET request but when I change '/bluebutton-callback' to accept POST request, it breaks. 

Does BB Callback URLs / Redirect URIs accepts only  GET apis or POST can also be used. Please suggest.

Thanks

[Developer Group for CMS Blue Button API]

Hi Ashish,
The Blue Button API does not support POST, please use GET instead. You can see our swagger documentation here: https://sandbox.bluebutton.cms.gov/docs/openapi

If you have a specific use case for POST requests, feel free to email us at bluebuttonapi@ cms.hhs.gov and we may be able to point you in the right direction.

Thanks,
The Blue Button 2.0 API Team

[Ashish Narnoli]

Hello Team,

I wanted to make '/bluebutton-callback' secure so that only Bluebutton can access it. I understand BB sends State and other Params while calling back for which I can make logic to protect API.

But my goal is - even the request should not reach to our '/bluebutton-callback' URL.

To make it secure I was thinking if it is a POST request from BB to our '/bluebutton-callback' then I may introduce CORS or allowed-origin or BB can provide Token or BB IP Whitelisting or any other way.

Looking forward for your suggestion so that our  '/bluebutton-callback' can be utilised by BlueButton only as Redirect URI?

Thanks