In order to store the data securely and allow only authorised users access to specific subsets of data, Healthcode employs a data tenancy construct called site. The below schematic shows the interrelationship between customer accounts, site and OAuth clients.
Healthcode customers are issued with the unique site identifiers as part of the registration process. You can also find this id within the My Account section within your Healthcode Account.
In order for the APIs to return correct data, the OAuth clients integrating with the Healthcode APIs need to specify the specific site they are trying to query. This needs to be done by passing an HTTP header SU-SiteId
.
curl --request GET
--url '{get_remittance_endpoint}'
--header 'Authorization: Bearer eyJraWQiOiJyc2ExIiw...PBmmkLHDI7Ueg'
--header 'content-type: application/json'
--header 'SU-SiteId': 'HC00ABC'
Note, you should only try querying sites corresponding to your products/services subscription with Healthcode. The APIs validate the supplied site details to verify the caller indeed has access to the specific tenancy.
If you are a software service provider, you will need to request the relevant organisation with the Healthcode site subscription to supply you the site details.