FAQ
Direct Messaging
What happens if we don't provide a direct address when setting up a practice?
If no direct address is provided, direct.updoxqa.com is the default direct address for the practice.
What happens if we don't provide a direct address when setting up a user?
If no direct address is provided, the user will be unable to send direct messages - there is no default value.
Must Direct addresses be unique within the domain?
Yes. There is no way to distinguish different users with identical direct addresses, even if they belong to different accounts or vendors.
Why am I getting a Bad Request response when attempting to perform DirectMessageSend only when I try to attach a file?
Things to check for:
- The attachment has been base64-encoded
Can patients send Direct messages?
This is not functionality we see in use at any sort of scale - as such, it is not currently available.
How often should I scan for new Direct messages?
We ask that this not happen more frequently than once every 1-3 minutes.
Does DirectMessageSend always return a messageId?
Upon successful send, yes.
For what reasons would our vendor credentials / applicationId + applicationPassword ever change?
They will only change when moving from QA to Production or if the credentials are ever compromised by an attacker.
Vetting
What is "vetting" and how does it work?
Does a newly created Test user automatically get marked as Vetted?
Yes.
At what level (practice/account or user) is the Vetted flag set?
At the user level
Will all users be marked as Vetted once one user is?
Yes
Where does "phone on file" come from?
The NPI database maintained by CMS.
What if the "phone on file" number is outdated?
The user can change the number on the form.
What happens during the vetting process if the call doesn't get to the user?
Regardless of the reason (straight to voicemail, answering service, out of service, wrong number), the vetting process fails if the user is not contacted directly. This is why the "phone on file" number can be altered/updated.
How do I...
How do I know if a directAddress is already in use without encountering a race condition between checking and creating?
During the UserCreate call, if the directAddress is already taken, the error code and message of 4610</4610> - <code>direct address error: direct address is taken
How do I hide/delete/remove a user or account?
Calling the respective update method for updating the user or account and setting the active
to false
will accomplish this.
How do I convert a file to base64-encoding?
Language | Source Code Examples |
---|---|
C# | byte[] xmlDataByteArray; System.IO.FileStream inFile; inFile = new FileStream("C:\\filename.ext", FileMode.Open, FileAccess.Read); xmlDataByteArray = new byte[inFile.Length]; long bytesRead = inFile.Read(xmlDataByteArray, 0, Convert.ToInt32(inFile.Length)); inFile.Close(); String strBase64 = Convert.ToBase64String(xmlDataByteArray, 0, xmlDataByteArray.Length); |
Java | File file = new File("c:\filename.ext"); byte[] bytes = loadFile(file); byte[] encoded = Base64.encodeBase64(bytes); String encodedString = new String(encoded); |
Authentication/Authorization
Why am I getting a 4011 or 4012 response?
These error messages are returned when either the supplied practice/accountid is not active or the supplied user is not active.
Testing
How can we set up test accounts?
Follow this Quickstart guide.
What is the URL to access the Webapp outside the API?
https://updoxqa.com/app/html/login.html
Miscellaneous
What HTTP Methods are supported?
All API calls should be done using the POST HTTP method.
Can one practice have multiple accountIds?
AccountId is unique for a practice. If the same practice wants multiple accounts, you must create unique accounts with unique accountIds and duplicate all of the users and settings across both accounts.
What is an "account level message"?
Account level messages are messages sent to and from a practice. They differ from user level messages in that all of the users of a practice can view account-level messages.
Why are certain fields not marked "Required" that sure seem like they should be required (like PatientId in PatientMessageRetrieve, or any boolean field)?
For PatientId, this is a data type nuance. Since Java primitive type long cannot be null, when we convert the JSON to an Object, it will automatically assign a value of 0 to the field. Thus, we have no way to require it to be passed without pattern-matching the JSON string, which may be unreliable. This nuance also applies to boolean fields.
Is it possible to have a user assigned to more than one practice?
Yes. Additionally, userIds need only be unique within the account/practice they are created in.
Is it possible to have a patient to more than one practice?
Yes. Additionally, patientIds need only be unique within the account/practice they are created in.
What is HMAC and how do I use it?
Documentation for HMAC authentication