CMS Health Tech Ecosystem

Partner onboarding, self-service token management, OAuth 2.0 client registration, and pipeline monitoring

Live API Status — CMS Ecosystem

Probing production endpoints…

Rate Limits & SLA

Rate limit

500 req/min

Burst

30 req/sec

Uptime SLA

99.9%

Support

Business hours · 8h

P95 latency

< 250ms token

Retention

Partner audit 3y

Partner Onboarding

Apply Sign in

Organization

Legal name, type, contact, optional NPI

Integration

Use case, capabilities, data direction

Account

Portal password, agreements, submit

All partner signup and sign-in is at developers.parkerapex.com. The legacy CMS Portal (cms.prod) is retired.

Partner Types

Health System / Hospital

Payer / Health Plan

EHR / Health IT Vendor

Laboratory

Pharmacy

Research / Academic

Public Health Agency

Other Healthcare Organization

Self-Service Features

Multi-Token Management

Create, list, revoke scoped API tokens

OAuth 2.0 Registration

Self-service client_credentials registration

Legal Document Access

Download MNDA, BAA, consent forms

Pipeline Monitoring

Push metrics, sync rates, data quality

Available OAuth Scopes

cms.fhir.r4.read

Read FHIR R4 resources

cms.fhir.r5.read

Read FHIR R5 resources

cms.fhir.bundle.push

Push FHIR transaction bundles

cms.fhir.rest.write

Write individual FHIR resources

cms.sdk.read

Read SDK catalog

cms.partner.read

Read partner information

cms.partner.write

Submit partner applications

cms.pipeline.read

Read pipeline health metrics

Legal Templates (v2026-03)

Mutual Non-Disclosure Agreement (MNDA)

File: cms_mnda_v2026_03.txt

Sections: 10 · Term: 2 years + 3yr survival

Governing Law: Delaware

HIPAA Business Associate Agreement (BAA)

File: cms_hipaa_baa_v2026_03.txt

Sections: 8 · Term: Until PHI returned/destroyed

Governing Law: 45 CFR 164

CMS Ecosystem API Endpoints

POST

/cms/partner-login

Partner Authentication

180ms/450ms10/min200

POST

/cms/tokensBearer

Create Scoped Token

120ms/300ms5/min201

GET

/cms/tokensBearer

List Active Tokens

50ms/130ms30/min200

DELETE

/cms/tokensBearer

Revoke Token

60ms/150ms10/min200

POST

/cms/oauth/registerBearer

200ms/500ms3/hour201

POST

/oauth/token

OAuth Token Exchange

100ms/250ms30/min200

GET

/cms/pipeline/healthBearer

Pipeline Health Status

80ms/200ms60/min200

GET

/cms/pipeline/partnersBearer

Per-Partner Pipeline Metrics

120ms/350ms30/min200

GET

/cms-ecosystem/sdk-catalogBearer

SDK Catalog

30ms/80ms60/min200

Integration toolkit

Sandbox API Playground OpenAPI Try-it-out Certification Webhooks

Postman collection (3 requests)Import the same JSON into Insomnia

Official SDKs

Generate TypeScript client →·Python →·All SDKs

CMS Partner APIs certification track

11 required items · platform + product-specific checks

Full checklist →

First authenticated API call in sandbox
OAuth or API key with least-privilege scopes
FHIR R4 read against sandbox lake
GPID boundary headers on write paths
Webhook HMAC-SHA256 verification implemented
Webhook idempotency by delivery ID

+8 more on the certification page

Complete all required items before production go-live

Webhook events for CMS Partner APIs

Subscribe at /webhooks — verify HMAC-SHA256 signatures

Event catalog →

pipeline.sync.completedPipeline

FHIR or batch sync job finished successfully.

{
  "event": "pipeline.sync.completed",
  "job_id": "job_abc123",
  "partner_gpid": "CMS-00000001",
  "resource_types": [
    "Patient",
    "Observation"
  ],
  "records_processed": 1240,
  "completed_at": "2026-06-13T20:00:00Z"
}

pipeline.sync.failedPipeline

Sync job failed after retries.

{
  "event": "pipeline.sync.failed",
  "job_id": "job_abc123",
  "error_code": "VALIDATION_ERROR",
  "message": "Bundle entry 14 failed FHIR validation",
  "failed_at": "2026-06-13T20:01:00Z"
}

partner.token.revokedCMS / Partners

API key or OAuth client revoked — rotate credentials.

{
  "event": "partner.token.revoked",
  "token_id": "tok_abc",
  "partner_gpid": "CMS-00000001",
  "revoked_at": "2026-06-13T17:00:00Z",
  "reason": "admin_action"
}