Documentation

Availity API Guide

Updated on Fri, 10/31/2025 - 15:59

Introduction
Product Overview
Authentication
Security & Cross-Site Scripting Prevention
Collection Resources
HTTP Status & Error Codes
Demo Services
Availity API Workflow
Contact Information

Introduction

Scope

The purpose of this Availity API Guide is to communicate product overviews, documentation, and additional information about using Availity's REST APIs to build a custom healthcare data exchange application.

Overview

Availity, LLC, is a market leader in secure healthcare data exchange. The Availity® Health Information Network is operationally HIPAA compliant, accepting and processing in a secure environment all American National Standards Institute (ANSI) Accredited Standards Committee (ASC) X12N standard transactions mandated by the Health Insurance Portability and Accountability Act (HIPAA).

Availity's real-time REST APIs allow developers to write compelling healthcare applications with connectivity to every health plan nationwide and access to more than 8.8 million daily healthcare transactions. Your application can reach more than a million providers with robust tools that simplify transactions and translate complex data responses.

Benefits

Building your application with Availity's REST APIs offers the following benefits:

Predictable, resource-oriented URLs that return JSON and XML representations, including errors using HTTP response codes.
Trusted security through OAuth2, SHA256, or MD5 over HTTPS.
Standard responses to HIPAA inquiries for eligibility, claim status, claim predeterminations, and other transactions.
Web calls for real-time responses.
Comprehensive documentation, including authentication and coding examples with sample responses.
Ability to register online and get an API key to get started right away.

Supported EDI transactions

The table displays information about the healthcare electronic data interchange (EDI), also called HIPAA, transactions Availity supports.

Availity-supported HIPAA transactions

Format	Version support	Transaction type
ASC X12N 837	005010X223A2	Institutional claims
ASC X12N 837	005010X222A1	Professional claims
ASC X12N 837	005010X224A2	Dental claims
ASC X12N 270 and 271	005010X279A1	Eligibility and benefits inquiry and response
ASC X12N 275	005010X210	Additional information to support a claim or encounter (also known as medical attachments)
ASC X12N 276 and 277	005010X212	Claim status request and response
ASC X12N 278	005010X217	Services request (authorization and referral) for review/response
ASC X12N 278	005010X216	Services review notification and acknowledgement
ASC X12N 835	005010X221A1	Claim payment/advice (also known as electronic remittance advice)

Rules for format, content, and data element values for each transaction are listed in the individual ASC X12 Technical Report Type 3 (TR3) implementation guides. For a cost, you can obtain TR3s from the publisher, Washington Publishing Company (WPC) (http://www.wpc-edi.com/). WPC offers implementation guides for each transaction type in a regular version and a combined version, which contains the addenda.

Notes on documentation in this guide

cURL

Availity uses cURL for all samples in this guide so you can try them. You can download cURL software if needed. Be sure to include your API key and specific IDs for calls.

Sample requests

The sample requests in this guide are examples only and not runnable as is. Substitute all call-specific parameters (such as API keys, access tokens, and ID numbers) with your own values.

Date/time format

Availity APIs use the ISO 8601 format:

"createdDate": "2014-06-16T18:38:12.000+0000"
        Text Copied!

Product overview

Availity's web service REST API products offer predictable, resource-oriented URLs and use HTTP response codes to indicate success and failure conditions. These APIs all return JSON and XML representations, including errors, while some have the ability to return CSV, PDF, PNG, and XLS representations.

Refer to each API's reference section for documentation of endpoints, request parameters, sample requests and responses, and response definitions.

Note: Sample requests are examples only and not runnable as is, so be sure to substitute all call-specific parameters
(API Keys, access tokens, and response IDs) with your own values.

Healthcare HIPAA Transactions

The APIs included in Availity's HIPAA Transactions product allow your application to exchange HIPAA-compliant X12N transactions. The Availity Partner OAuth2 Provider 1.0.0 API is described in the Authentication section.

Availity Payer List 1.0.4

This API allows you to query the list of available payers and transactions based on your Availity contract.

Learn More

Configurations 1.0.0

Availity's Configurations API can help save weeks of development time by providing details for each payer Availity supports, as well as the required fields for a specific payer, required field combinations, validation patterns that can be used by your frontend applications, code/values for populating selection groups, and more.

If you've ever tried to support access to multiple health plans in your application, you know how difficult this can be. Although standards such as ASC X12N transactions and HL7 exist, many health plans support these standards at different levels. Traditionally, this would leave the burden on the developer to figure out how to normalize this information across the range of health plans the application must support. Instead, by using the Configurations resource to build your application, you can ensure you always have the most current data and validation requirements for each health plan.

Learn More

Coverages 1.0.0

Supporting the ASC X12N 270 and 271 transactions (Healthcare Eligibility Benefit Inquiry and Response), this API allows you to find and manage a member's coverage information.

Learn More

Service Reviews 2.0.0

Find, create, and manage authorizations to perform a healthcare service or refer a patient to another provider with this API, which enables the ASC X12N 278 transaction (Health Care Services Review – Request for Review and Response).

Learn More

Claim Statuses 1.0.0

This API enables the standard ASC X12N 276 and 277 transactions (Health Care Claim Status Request and Response), which allow you to find, create, and manage claim status information.

Learn More

Care Cost Estimator – Professional and Institutional

A care cost estimator (CCE), also known as a predetermination, is a claim request for payment that a healthcare provider submits to a health plan before it has provided a service or items to a member. Claim predeterminations allow patients to learn early whether a particular healthcare service is covered by their health plan. Your application can use the Professional or Institutional Care Cost Estimator API to submit a claim predetermination and to find and manage previous claim predetermination requests.

Availity offers two Care Cost Estimator APIs: Professional (for physicians, suppliers, and other non-institutional providers) and Institutional (for hospitals, skilled nursing facilities, and other institutions).

Learn More

Add-On API products

Enhanced Claim Status (claim-status 1.0.0)

Enhanced Claim Status supports both the HIPAA 276/277 transaction as well as several proprietary requests to gather additional claim status information. With Enhanced Claim Status, health plans can add additional summary and detail search options and customize the X12N 277 response with additional information fields, including remark codes and descriptions, amount fields (deductible, discount, copay, co-insurance, patient responsibility), group number, line of business, provider type (rendering, billing), and many more.

Learn More

Service Reviews Add-On APIs

Availity offers two add-on APIs that work in conjunction with the Service Reviews API to enhance the ASC X12N 278 transaction:

IsAuthRequired – Allows providers to determine whether a payer requires an authorization for a service before completing the authorization request.
Auth Attachments – Enables third-party submitters to add attachments to an existing authorization.

Learn More

Eligibility & Benefits Value-Add APIs

Availity offers two APIs that add functionality to the eligibility and benefits (ASC X12 270/271) transaction:

Care Reminders: A multi-payer API that supports the real-time request and retrieval of care reminders for use within an eligibility and benefits transaction.
Member ID Card: A multi-payer API that supports the real-time request and retrieval of member ID cards during an eligibility and benefits inquiry. The service supports both PDF and PNG documents.

Learn More

Authentication

Availity REST APIs support the application-only authentication method, which is based on the Client Credentials Grant flow of the OAuth 2.0 spec. All Availity REST APIs support OAuth 2.0 over HTTPS for authentication, including requests to demo resources.

To make a REST API request to Availity, you must first follow the steps listed in the Get Started section. After you have created your API account, registered your application, and subscribed to an API product, you must take two steps to make an initial API request:

Get an OAuth 2.0 access token.

Make a POST request to the Availity Partner OAuth2 Provider 1.0.0 API (endpoint: POST/v1/token). This request returns a response that contains an access_token, token_type, and expiration_time. The access token is only valid for five minutes:

Token Request:

curl -i -X POST "https://api.availity.com/v1/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&scope=$SCOPE_PERMISSION&client_id=$API_KEY&client_secret=$CLIENT_SECRET"Text Copied!

Response Header:

HTTP/2 200
date: Tue, 28 Oct 2025 10:32:06 GMT
content-type: application/json
content-length: 860
x-forgerock-transactionid: c1eb6d43-7422-496f-8bba-07e202686d8f
x-tyk-trace-id: 3923b3a3f95b68349438482e99bf4e6bText Copied!

Token Response:

{
"access_token":"eyJhbGciOiJSUzI1NiIsImtpZCI6IjF2em5DYVZPMHNSZlRpV3htdU5yT1NaV2hQWSIsInR5cCI6IkpXVCJ9.eyJl...",
"consented_on":1761647526,
"expires_in":300,
"scope":"$SCOPE_PERMISSION",
"token_type":"Bearer"
}Text Copied!

Note: The request body parameters are case sensitive. Make sure grant_type=client_credentials, client_id=your_api_key, client_secret=your_client_secret, and scope=$SCOPE_PERMISSION match exactly as they are shown.

Enter the two scopes separated by single space.
Please refer to the image below for a better understanding.

Access and Credentials Info:

Scope Permission:

Call the API with the access token.

Use the access token from Step #1 to make a request to an Availity REST API. The example below illustrates making a request to the Availity Payer List resource and includes the Availity demo endpoints.

Sample Request:

curl -i -X GET "https://api.availity.com/v1/availity-payer-list" \
-H "Authorization: Bearer $ACCESS_TOKEN"Text Copied!

Sample Response:

{
    "totalCount": 1000,
    "count": 2,
    "offset": 0,
    "limit": 2,
    "payers": [
        {
            "name": "PAYER_ALPHA",
            "payerId": "PAY000001",
            "displayName": "INSURANCE TYPE A",
            "processingRoutes": [
                {
                    "transactionDescription": "Professional Claims",
                    "submissionMode": "Batch",
                    "effectiveDate": "2025-01-01T00:00:00.000+00:00",
                    "availability": "Available",
                    "enrollmentRequired": false
                },
                {
                    "transactionDescription": "Facility Claims",
                    "submissionMode": "Portal",
                    "effectiveDate": "2025-01-01T00:00:00.000+00:00",
                    "availability": "Available",
                    "enrollmentRequired": true
                }
            ]
        },
        {
            "name": "PAYER_BETA",
            "payerId": "PAY000002",
            "displayName": "INSURANCE TYPE B",
            "processingRoutes": [
                {
                    "transactionDescription": "Pharmacy Claims",
                    "submissionMode": "EDI",
                    "effectiveDate": "2025-02-15T12:00:00.000+00:00",
                    "availability": "Pending",
                    "enrollmentRequired": false
                },
                {
                    "transactionDescription": "Dental Claims",
                    "submissionMode": "Portal",
                    "effectiveDate": "2025-02-15T12:00:00.000+00:00",
                    "availability": "Available",
                    "enrollmentRequired": true
                }
            ]
        }
    ]
}Text Copied!

Security and cross-site scripting prevention

One of the most commonly exploited web security vulnerabilities is cross-site scripting (XSS). This type of attack tricks a company into serving malicious JavaScript to users' browsers. This is possible because browsers do not distinguish between text to show the user and scripts to execute.

Availity continually works to keep both your data and ours as secure as possible. We employ two methods to help prevent XSS attacks:

Input validation and sanitization
Encoding resources specifically for their intended use and context

Input validation and sanitization

Availity has implemented whitelist rules for data validation that are carefully designed to provide protection even against future vulnerabilities introduced by browser changes. If you send a request to an API that contains characters that we've determined to be unsafe, you'll receive an HTTP 400 response with an inbound injection error message. You must fix the data and resubmit your request. The best way to avoid receiving this error is to ensure that you use proper input validation and sanitization on your side before calling an API.

Response resource encoding

Different encoders exist for each given context; i.e., an HTML body string encode isn't the same as a JavaScript string encode. This is where problems can arise, as XSS attacks also vary from context to context. If encoding isn't done properly for the context in which you're displaying the data, an attack can slip through.

Availity does not provide response resource encoding for an API by default. To take advantage of encoding, you must opt in by sending an X-Response-Encoding-Context request header with one of the following values:

HTML: for use in HTML entities
HTML_ATTRIBUTE: for use in HTML attribute values
CSS: for use in stylesheets and style tags
URL: for use in a URL
JAVA_SCRIPT: for use in JavaScript data values
XML: for use in XML entities
XML_ATTRIBUTE: for use in XML attribute values

Availity recommends that you use the appropriate response encoding context if you will be displaying API resources directly in your application.

Encoding examples

Below is an example request showing how the Availity API response changes when using the X-Response-Encoding-Context: HTML header. This header ensures special characters, such as parentheses(), are escaped for safe display in HTML.

Sample Request:

curl -X "GET" "https://api.availity.com/v2/service-reviews" \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H "X-Response-Encoding-Context: HTML"

Text Copied!

Response without "X-Response-Encoding-Context: HTML" header:

{
    "userMessage": "This system had an internal error.",
    "developerMessage": "API client account information missing for ApiKey ( 936108d4-e911-4bec-b3aa-b3ce1cfdfb3a )",
    "reasonCode": 0,
    "statusCode": 500
}

Text Copied!

Response with "X-Response-Encoding-Context: HTML" header:

{
    "userMessage": "This system had an internal error.",
    "developerMessage": "API client account information missing for ApiKey &#x28; 936108d4-e911-4bec-b3aa-b3ce1cfdfb3a &#x29;",
    "reasonCode": 0,
    "statusCode": 500
}

Text Copied!

Collection resources

If you need to interact with multiple resources at once, you must do so with a collection resource. A collection is a first-class resource that contains additional resources and supports pagination, sorting, and searching.

Collection resource response fields

Field	Description	Min	Max	Default	Type
links	Set of resource URIs.	-	-	-	Object
offset	The zero-based starting index in the collection of the first item to return.	0	-	0	Integer
limit	The maximum number of collection items to return for a single request.	1	50	50	Integer
count	The number of items returned.	0	-	-	Integer
totalCount	Total number of items available that match the parameters specified.	0	-	-	Integer
resources	An array containing the current page of resources. The attribute name is the plural name of the resource type, such as coverages. The size of the array can be less than the requested limit when, for example, the limit requested is greater than the maximum allowed or the response returned less than the limit amount.	0	-	-	Array

Pagination

When a collection resource contains a large number of resource instances, all of them may not be included in a single response. Instead, pagination breaks up the results into one or more pages of data. You can request additional pages as separate requests. Here's an example of a collection resource partial response:

Sample Request:

curl -i -X GET "https://api.availity.com/v1/availity-payer-list?offset=10&limit=2" \
-H "Authorization: Bearer $ACCESS_TOKEN"
Text Copied!

Sample Response:

{
    "totalCount": 9999,
    "count": 2,
    "offset": 0,
    "limit": 2,
    "payers": [
        {
            "name": "PAYER_ALPHA",
            "payerId": "PAY000001",
            "displayName": "INSURANCE TYPE A",
            "processingRoutes": [
                {
                    "transactionDescription": "Professional Claims",
                    "submissionMode": "Batch",
                    "effectiveDate": "2025-01-01T00:00:00.000+00:00",
                    "availability": "Available",
                    "enrollmentRequired": false
                },
                {
                    "transactionDescription": "Facility Claims",
                    "submissionMode": "Portal",
                    "effectiveDate": "2025-01-01T00:00:00.000+00:00",
                    "availability": "Available",
                    "enrollmentRequired": true
                }
            ]
        },
        {
            "name": "PAYER_BETA",
            "payerId": "PAY000002",
            "displayName": "INSURANCE TYPE B",
            "processingRoutes": [
                {
                    "transactionDescription": "Pharmacy Claims",
                    "submissionMode": "EDI",
                    "effectiveDate": "2025-02-15T12:00:00.000+00:00",
                    "availability": "Pending",
                    "enrollmentRequired": false
                },
                {
                    "transactionDescription": "Dental Claims",
                    "submissionMode": "Portal",
                    "effectiveDate": "2025-02-15T12:00:00.000+00:00",
                    "availability": "Available",
                    "enrollmentRequired": true
                }
            ]
        }
    ]
}
Text Copied!

Query parameters

Availity APIs use cursor-based pagination with two optional query parameters:

Offset: the zero-based starting index in the collection of the first item to return. Default is 0.
Limit: the maximum number of collection items to return for a single request. Minimum value is 1; maximum value is 50.

Link relations

The links field contains link relations depending on the page and the number of resources returned. When a link relation is not available, you will receive a null value when trying to access it.

Assume the API response contains a total of 102 records, with offset=10 and limit=2 (meaning the response returns 2 records starting from the 10th record).

Link relation	Definition	HREF
self	URL used to retrieve the collection resources.	https://api.availity.com/v1/availity-payer-list?offset=10&limit=2
first	URL to retrieve the first page of resources.	https://api.availity.com/v1/availity-payer-list?offset=0&limit=2
last	URL to retrieve the last page of resources.	https://api.availity.com/v1/availity-payer-list?offset=100&limit=2
next	URL to retrieve the next page of resources.	https://api.availity.com/v1/availity-payer-list?offset=12&limit=2
prev	URL to retrieve the previous page of resources.	https://api.availity.com/v1/availity-payer-list?offset=8&limit=2

HTTP status and error codes

When REST API responses contain an error or warning, they return a response body with extended error information. Conventional HTTP status codes indicate the success or failure of an API request. In general, codes in the 2XX range indicate success; codes in the 4XX range indicate missing required parameters or authentication/authorization failures; and codes in the 5XX range indicate an error within Availity's or downstream servers. Here's a sample error response:

{
"userMessage": "The requested resource does not exist.",
"developerMessage": "The requested resource does not exist. Please check that you're using the proper resource ID.",
"reasonCode": 0,
"statusCode": 404
}
Text Copied!

The following table defines general HTTP status codes for various API requests.

HTTP status code definitions

Code	Status	Verb	Definition
200	OK	GET, PUT	You successfully retrieved or updated an existing resource.
200	OK	GET by ID	The operation was successful and returns 0 or more resources. The metadata count property in the response body contains the number of resources returned.
200	OK	PATCH	You successfully updated field(s) in an existing resource.
201	Created	POST	You successfully created a new resource.
202	Accepted	GET, POST, PUT, DELETE, PATCH	The request has been accepted for processing, but the processing has not been completed. The location header contains the URI to monitor for status updates.
204	No content	DELETE	The service fulfilled the request, which may have removed a resource from the server cache, server database, or external resource. The API client can consider the resource no longer available.
303	See other	GET	The response to the request can be found under a different URI provided in the location header and should be retrieved using a GET method on the URI.
400	Bad Request	GET by ID	The resource did not understand the request due to malformed query parameters.
400	Bad Request	POST	The resource did not understand the request due to malformed syntax.
400	Bad Request	PUT	The resource did not understand the request due to malformed syntax.
401	Unauthorized	GET, POST, PUT, DELETE, PATCH	The API client is not authorized to make this request. The request requires user authentication.
403	Forbidden	GET, POST, PUT, DELETE, PATCH	The server understood the request, but is refusing to fulfill it. This may be temporary or permanent, depending on the use case.
404	Not Found	GET, PUT, DELETE, PATCH	The service has not found anything matching the request URI. There is no indication whether the condition is temporary or permanent.
405	Method Not Allowed	GET, POST, PUT, DELETE, PATCH	The method specified in the request-line is not allowed for the resource identified by the request-URI.
406	Not Acceptable	GET, POST, PUT, DELETE, PATCH	The resource identified in the request is only capable of generating response entities that have unacceptable content characteristics according to the accept headers sent in the request.
409	Conflict	POST, PUT, DELETE, PATCH	The service could not complete the request due to a conflict with the current state of the resource.
410	Gone	GET, PUT, DELETE, PATCH	The requested resource is no longer available and has no known forwarding URI. This condition is permanent.
415	Unsupported Media Type	GET, POST, PUT, PATCH, DELETE	The server refuses to service the request because the entity of the request is in a format not supported by the requested resource for the requested method.
422	Unprocessable Entity	POST, PUT, PATCH, DELETE	The JSON/XML request entity is properly formed and the media type is supported; however, validation failed or the request entity is a different type or version than the service supports.
429	Too Many Requests	GET, POST, PUT, PATCH, DELETE	The transaction rate limit has been exceeded.
500	Internal Server Error	GET, POST, PUT, PATCH, DELETE	The service encountered an unexpected condition that prevented it from fulfilling the request.

The following table defines the attributes that may be returned in an error response:

Error response attributes

Attribute	Definition	Type
statusCode	HTTP status code	Integer
reasonCode	Internal error code (currently not used)	Integer
userMessage	Error message appropriate for displaying to end user	String
developerMessage	A more detailed error message appropriate for a developer	String
url	URL where more information on the error can be found	String
errors	A collection of extended error messages	Array
errors.code	Service-specific error code	Integer
errors.errorMessage	Service-specific error message for error code	String

Refer to the reference documentation for individual APIs for information on API-specific status and error codes.

Demo services

Availity offers a trial package that allows you to begin exploring our APIs without completing a formal application process. Using demo data (without personal health information [PHI]), you'll get up to speed quickly, at no cost to you.

You can choose which demo response you want by sending a header with X-Api-Mock-Scenario-ID in your request. The value is the ID of the response scenario you want. For demo response confirmation, inspect the response header for X-Api-Mock-Response: true. You can find supported response scenarios in each applicable API's reference section.

Note: Not all Availity APIs support demo response scenarios.

Note:The Demo environment returns canned responses; therefore, the data you receive does not change based on the request.

Refer to the Get Started section for instructions on subscribing to the Demo environment.

Availity API workflow

The Availity API workflow follows a standard OAuth 2.0 pattern for authentication and authorised data access. Below are the typical steps to interact with Availity APIs using the Token API and Availity Payer List API:

Send the Initial Request to Generate a Token
- Use the Token API endpoint: POST https://api.availity.com/v1/token
- Provide your credentials (client_id/api_key, client_secret/api_secret) and grant type (client_credentials) in the request body.
- Provide the required scopes.
- Sample Token Request:
```
curl -i -X POST "https://api.availity.com/v1/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials&client_id=your_api_key&client_secret=your_client_secret&scope=healthcare-hipaa-transactions healthcare-hipaa-transactions-demo"Text Copied!
```

Receive the Token Response
The initial response is the response to your initial request, which contains three key pieces of information:
- The response includes an access_token, expires_in, and token_type.
- This token is valid for a limited duration (e.g., 300 seconds).
- Sample Token Response:
```
{
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjF2em5DYVZPMHNSZlRp...",
"consented_on": 1761718428,
"expires_in": 300,
"scope": "healthcare-hipaa-transactions healthcare-hipaa-transactions-demo",
"token_type": "Bearer"
}Text Copied!
```

Request Data Using the Access Token
Use the access token to make an authenticated request to a subscribed API, such as the Availity Payer List API.
```
curl -i -X GET "https://api.availity.com/v1/availity-payer-list" \
-H "Authorization: Bearer $ACCESS_TOKEN"Text Copied!
```

Receive the API Response

A successful response (HTTP 200 OK) returns the requested data.

Sample API Response:

{
  "totalCount": 102,
  "count": 2,
  "offset": 10,
  "limit": 2,
  "payers": [
    {
      "name": "Mock Payer A",
      "payerId": "100000001",
      "displayName": "Mock Coverage A"
    },
    {
      "name": "Mock Payer B",
      "payerId": "100000002",
      "displayName": "Mock Coverage B"
    }
  ]
}Text Copied!

Contact information

Availity Client Services

For questions, assistance, and support, log in to Availity Essentials and submit an online support ticket (24/7) by navigating to Help & Training > Availity Support on Availity Essentials.

Days of operation: Monday through Friday

Eastern Time Zone	Central Time Zone	Mountain Time Zone	Pacific Time Zone
8:00 a.m. to 8:00 p.m.	7:00 a.m. to 7:00 p.m.	6:00 a.m. to 6:00 p.m.	5:00 a.m. to 5:00 p.m.