Onboarding

Request Access

All API requests to the HealthSherpa ICHRA APIs require authentication via API keys. Each partner will receive unique keys for each environment (Staging and Production). The API Key must be passed via request headers for all endpoints.

Contact Lauren Rodriguez ([email protected]) to help get set up with an API Key.

API Keys & Staging Authentication

All API requests require or allow for authentication via API keys.

• Each partner receives unique keys for staging and production.

• Include your API key in all requests using the x-api-key header.

The Application Deeplink API in Production is not strictly required, but recommended. One benefit of passing an API Key is that we automatically whitelist any valid _agent_id passed in your request.

In Staging, Basic Auth is required for it to work. Please reach out to your on-boarding representative for the Staging basic authentication credentials.

Example Request

POST /api/v1/quotes HTTP/1.1
Host: api.ichra-staging.healthsherpa.com
x-api-key: your_api_key_here
Content-Type: application/json
Accept: */*

Example cURL

Base URLs

Deeplink API Allowlisting

The Deeplink API requires that the _agent_id be set up in an allowlist in our system before calls can be made in production. Once ready to move to production, reach out to the team and we will set your agency up.

There are scenarios in which your agency may want to use the _agent_id of another agent/agency, as part of your service. To support this, we automatically allowlist downstream a _agent_id if you authenticate the request via an API key we provide to you.

Key Management

• API keys are provisioned during onboarding.

• To rotate or request new keys, contact your HealthSherpa account manager.

• Never expose your API key in client-side code.

• HealthSherpa may rotate or revoke keys for security reasons.