Developer Group for CMS Blue Button API
Hello Blue Button 2.0 Community, Â
Following our announcement about the authorization time limit feature, we’ve implemented 2 new related features based on feedback from our developer community:
Responses from the token endpoint now include access grant expiration dates to make it easier to see when access will need to be refreshed for a user. This was previously only displayed to Medicare enrollees on the initial permission screen, and not available via the API. This will let application developers determine when an authorization grant has expired or is about to expire.Â
For apps in the 13-month and 10-hour category, token responses will now have the field access_grant_expiration that contains the last day and time an access grant will be valid without needing to authenticate.Â
For apps in the research category, the access_grant_expiration field in the token response will be blank.Â
An example of a token response with the new field can be found in our documentation here.Â
We’ve added a new /revoke endpoint which can be used to remove an enrollee’s previously granted access in a standardized way.Â
This endpoint will revoke an access token and the underlying data access grant. This will require the user to re-authorize an application with their Medicare login if they wish to share data again.Â
To revoke an access token, POST to the BB2.0 API /revoke endpoint with the following parameters:
Client_id
Client_secret
Token
Documentation on revoking tokens can be found here.Â
Support
If you have questions or feedback, please email us at BlueButtonAPI @cms.hhs.gov or post your questions here in the Google Group.Â
-The Blue Button 2.0 API Team