Difference between revisions of "FAQ"

From Updox API
Jump to: navigation, search
(How do I convert a file to base64-encoding?)
Line 13: Line 13:
 
Yes. There is no way to distinguish different users with identical direct addresses, even if they belong to different Accounts or Vendors. For example, for a Direct message sent to <code>johnsmith@direct.updoxqa.com</code>, there will just be one unique <code>johnsmith@direct.updoxqa.com</code>. This necessarily implies that Direct addresses setup using the default <code>direct.updoxqa.com</code> domain will collide with all vendors testing with that default domain.
 
Yes. There is no way to distinguish different users with identical direct addresses, even if they belong to different Accounts or Vendors. For example, for a Direct message sent to <code>johnsmith@direct.updoxqa.com</code>, there will just be one unique <code>johnsmith@direct.updoxqa.com</code>. This necessarily implies that Direct addresses setup using the default <code>direct.updoxqa.com</code> domain will collide with all vendors testing with that default domain.
  
==== Why am I getting a Bad Request response when attempting to perform [[API_Method_DirectMessageSend|DirectMessageSend]] only when I try to attach a file? ====
+
==== Why am I getting a Bad Request response when calling [[API_Method_DirectMessageSend|DirectMessageSend]] with an attached file? ====
This happens when the attachment fileData is null or has not been [[Base64-Encoding|base-64 encoded]], the fileName is null, or the mimeType are null.
+
This happens when the attachment fileData is null or has not been [[Base64-Encoding|base-64 encoded]], the fileName is null, or the mimeType is null.
  
 
==== Can patients send Direct messages? ====
 
==== Can patients send Direct messages? ====
This is not functionality we see in use at any sort of scale - as such, it is not currently available.
+
Yes, using the [[API_Method_PatientDirectMessageSend|PatientDirectMessageSend]] API call.
  
==== How often should I scan for new Direct messages? ====
+
==== How often can I call MessageCountSince? ====
We ask that this not happen more frequently than once every 1-3 minutes.
+
We ask that you not make the [[API_Method_MessageCountSince|MessageCountSince]] API call more frequently than once every 1-3 minutes.
  
 
==== Does [[API_Method_DirectMessageSend|DirectMessageSend]] always return a messageId? ====
 
==== Does [[API_Method_DirectMessageSend|DirectMessageSend]] always return a messageId? ====
 
Upon successful send, yes.
 
Upon successful send, yes.
  
==== For what reasons would our vendor credentials / applicationId + applicationPassword ever change? ====
+
==== For what reasons would our Vendor credentials (applicationId and applicationPassword) ever change? ====
They will only change when moving from QA to Production or if the credentials are ever compromised by an attacker.
+
These credentials would only change when moving from QA to Production or if the credentials are ever compromised by an attacker.  Regardless of the ''reason'' for a change, it will always be done with advance warning and in coordination with affected parties.
  
==== Why don't I get an MDN back on failure like I do on success? ====
+
==== Why don't I get an MDN back for a failed Direct message send? ====
We only get an MDN back on successes. In fact, during testing, the test scripts explicitly state that a passing requirement of a failure is that no MDN is received.  The reason we don't get an MDN back on failure is because in almost every case the failure is because the receiving system either does not have or does not trust the senders certificate. Since the MDN needs to be encrypted with the senders certificate to send back, there's no way for the receiving system to properly encrypt a message to send back an MDN on failure. In the rare case that the MDN could be encrypted and sent back, there's no reason or requirement for the receiving system to send back that failure notice.
+
We only get an MDN back on successes. In fact, during testing, the test scripts explicitly state that a passing requirement of a failure is that no MDN is received.  The reason we don't get an MDN back on failure is because in almost every case the failure is because the receiving system either does not have or does not trust the sender's certificate. Since the MDN needs to be encrypted with the sender's certificate to send back, there is no way for the receiving system to properly encrypt a message to send back an MDN on failure. In the rare case that the MDN could be encrypted and sent back, there is no reason or requirement for the receiving system to send back that failure notice.
  
 
== Vetting ==
 
== Vetting ==
  
 
==== What is "vetting" and how does it work? ====
 
==== What is "vetting" and how does it work? ====
[[Vetting]]
+
See our [[Vetting]] write-up.
  
==== Does a newly created Test user automatically get marked as [[Vetting|Vetted]]? ====
+
==== Will all Users be marked as vetted once one User is? ====
Yes.
+
Yes, unless your strategy uses address-level certs (as opposed to domain-level certs).
 
+
==== At what level (practice/account or user) is the Vetted flag set? ====
+
At the user level
+
 
+
==== Will all users be marked as Vetted once one user is? ====
+
Yes
+
  
 
==== Where does "phone on file" come from? ====  
 
==== Where does "phone on file" come from? ====  
 
The NPI database maintained by [https://nppes.cms.hhs.gov/ CMS].
 
The NPI database maintained by [https://nppes.cms.hhs.gov/ CMS].
  
==== What if the "phone on file" number is outdated?  ====
+
==== What happens during the vetting process if the call doesn't get to the User? ====
The user can change the number on the form.
+
Regardless of the reason (straight to voicemail, answering service, out of service, wrong number), the vetting process fails if the user is not contacted directly.
 
+
==== What happens during the vetting process if the call doesn't get to the user? ====
+
Regardless of the reason (straight to voicemail, answering service, out of service, wrong number), the vetting process fails if the user is not contacted directly. This is why the "phone on file" number can be altered/updated.
+
  
  
 
== How do I... ==
 
== How do I... ==
==== How do I know if a directAddress is already in use without encountering a race condition between checking and creating? ====
+
==== How do I know if a Direct address is already in use? ====
During the [[API_Method_UserCreate|UserCreate]] call, if the directAddress is already taken, the error code and message of <code>4610</code> - <code>{{Response_Code_4610}}</code>
+
During the [[API_Method_UserCreate|UserCreate]] call, if the Direct address is already taken, the error code and message of <code>4610</code> - <code>{{Response_Code_4610}}</code> will be returned, indicating that the call has not been successful.
  
==== How do I hide/delete/remove a user or account? ====
+
==== How do I hide/delete/remove a User or Account? ====
Calling the respective update method for updating the [[User_Management|user]] or [[Account_Management|account]] and setting the <code>active</code> to <code>false</code> will accomplish this.
+
Calling the respective update method for updating the [[User_Management|user]] or [[Account_Management|account]] and settin <code>active</code> to <code>false</code> will accomplish this.
  
 
== Authentication/Authorization ==
 
== Authentication/Authorization ==
==== Why am I getting a 4011 or 4012 response? ====
+
==== Why am I getting a 4011 or 4012 failure response? ====
These error messages are returned when either the supplied [[API_Method_PracticeUpdate|practice/accountid is not active]] or the supplied [[API_Method_UserUpdate|user is not active]].
+
These error messages are returned when either the supplied Account (<code>4011</code>) or User (<code>4012</code>) is not active.  See documentation and code examples for managing [Manage_Accounts|Accounts] and [Manage_Users|Users].
  
  

Revision as of 13:38, 5 December 2013

Contents

Direct Messaging

What happens if we don't provide a Direct domain when setting up an Account?

If no Direct address is provided, direct.updoxqa.com will be used as the default Direct domain for the practice. For example, a user setup with the Direct address johnsmith<code> will have the full Direct address <code>johnsmith@direct.updoxqa.com.

What happens if we don't provide a Direct address when setting up a Account?

If no Direct address is provided, the practice will be unable to send practice-level Direct messages, as there is no default value. Note that many partners do not enable sending Direct messages from the practice, and sending from the practice requires authorizing with the practice user.

What happens if we don't provide a Direct address when setting up a User?

If no Direct address is provided, the user will be unable to send Direct messages as there is no default value.

Do Direct addresses need to be unique within the domain?

Yes. There is no way to distinguish different users with identical direct addresses, even if they belong to different Accounts or Vendors. For example, for a Direct message sent to johnsmith@direct.updoxqa.com, there will just be one unique johnsmith@direct.updoxqa.com. This necessarily implies that Direct addresses setup using the default direct.updoxqa.com domain will collide with all vendors testing with that default domain.

Why am I getting a Bad Request response when calling DirectMessageSend with an attached file?

This happens when the attachment fileData is null or has not been base-64 encoded, the fileName is null, or the mimeType is null.

Can patients send Direct messages?

Yes, using the PatientDirectMessageSend API call.

How often can I call MessageCountSince?

We ask that you not make the MessageCountSince API call more frequently than once every 1-3 minutes.

Does DirectMessageSend always return a messageId?

Upon successful send, yes.

For what reasons would our Vendor credentials (applicationId and applicationPassword) ever change?

These credentials would only change when moving from QA to Production or if the credentials are ever compromised by an attacker. Regardless of the reason for a change, it will always be done with advance warning and in coordination with affected parties.

Why don't I get an MDN back for a failed Direct message send?

We only get an MDN back on successes. In fact, during testing, the test scripts explicitly state that a passing requirement of a failure is that no MDN is received. The reason we don't get an MDN back on failure is because in almost every case the failure is because the receiving system either does not have or does not trust the sender's certificate. Since the MDN needs to be encrypted with the sender's certificate to send back, there is no way for the receiving system to properly encrypt a message to send back an MDN on failure. In the rare case that the MDN could be encrypted and sent back, there is no reason or requirement for the receiving system to send back that failure notice.

Vetting

What is "vetting" and how does it work?

See our Vetting write-up.

Will all Users be marked as vetted once one User is?

Yes, unless your strategy uses address-level certs (as opposed to domain-level certs).

Where does "phone on file" come from?

The NPI database maintained by CMS.

What happens during the vetting process if the call doesn't get to the User?

Regardless of the reason (straight to voicemail, answering service, out of service, wrong number), the vetting process fails if the user is not contacted directly.


How do I...

How do I know if a Direct address is already in use?

During the UserCreate call, if the Direct address is already taken, the error code and message of 4610 - direct address error: direct address is taken will be returned, indicating that the call has not been successful.

How do I hide/delete/remove a User or Account?

Calling the respective update method for updating the user or account and settin active to false will accomplish this.

Authentication/Authorization

Why am I getting a 4011 or 4012 failure response?

These error messages are returned when either the supplied Account (4011) or User (4012) is not active. See documentation and code examples for managing [Manage_Accounts|Accounts] and [Manage_Users|Users].


Testing

How can we set up test accounts?

Follow this Quickstart guide.

What is the URL to access the Webapp outside the API?

https://updoxqa.com/app/html/login.html


Miscellaneous

What HTTP Methods are supported?

All API calls should be done using the POST HTTP method.

Can one practice have multiple accountIds?

AccountId is unique for a practice. If the same practice wants multiple accounts, you must create unique accounts with unique accountIds and duplicate all of the users and settings across both accounts.

What is an "account level message"?

Account level messages are messages sent to and from a practice. They differ from user level messages in that all of the users of a practice can view account-level messages.

Why are certain fields not marked "Required" that sure seem like they should be required (like PatientId in PatientMessageRetrieve, or any boolean field)?

For PatientId, this is a data type nuance. Since Java primitive type long cannot be null, when we convert the JSON to an Object, it will automatically assign a value of 0 to the field. Thus, we have no way to require it to be passed without pattern-matching the JSON string, which may be unreliable. This nuance also applies to boolean fields.

Is it possible to have a user assigned to more than one practice?

Yes. Additionally, userIds need only be unique within the account/practice they are created in.

Is it possible to have a patient to more than one practice?

Yes. Additionally, patientIds need only be unique within the account/practice they are created in.

What is HMAC and how do I use it?

Documentation for HMAC authentication

Why are the subject, filename and content are getting processed/changed when I send CC*.xml and/or PDF files?

Processing of submitted CC*.xml and PDF files is an option that can be turned on or off.