⌘K
Sign upSign in

Identity & GPID Resolution

Golden Record Patient Identity — deterministic SHA-256 matching, dual-verified data, lifecycle management

GPID Format (Patient)

APX-XXXXXXXX

8-digit hex

GPID Format (CMS)

CMS-XXXXXXXX

8-digit numeric

GPID Format (System)

{PRD}-{TYPE}-{N}

Product-type-seq

Match Algorithm

SHA-256

Deterministic

Entity Types

22

Patient to service

Live API Status — Identity & GPID

Probing production endpoints…

Rate Limits & SLA

Rate limit

1,000 match/min

Burst

50 req/sec

Uptime SLA

99.95%

Support

24×7 P1 · 1h

P95 latency

< 180ms match

Retention

Audit 7 years

Identity Resolution Pipeline

Demographics Input

name, DOB, email, phone

SHA-256 Hash

Deterministic fingerprint

Registry Lookup

Match against GPID registry

Confidence Score

0-1 match confidence

GPID Assignment

New or existing GPID

Dual Verification

Cross-source validation

Match

Query-only — match demographics without creating records. Returns candidates with confidence scores.

POST /api/identity/match Match Types: DETERMINISTIC, PARTIAL, NONE

Merge

Merge duplicate GPIDs into a survivor. Approval required. Creates immutable identity.merged.v1 event.

POST /api/identity/merge Reasons: deterministic_exact, manual_review, probabilistic

Split

Split falsely merged GPIDs. Approval required. Creates immutable identity.split.v1 event.

POST /api/identity/split Reasons: false_merge_detected, manual_correction, legal_request

GPID Source Origins

8 valid source origins for GPID creation, tracked via X-Apex-Source header.

pulse
provider
lake
cms
beacon
prime
catalyst
tefca

Identity Status Lifecycle

ACTIVE

Verified, live record

SHADOW

Auto-created, pending verification

PROVISIONAL

Partially matched

CONFLICT

Duplicate detection triggered

MERGED

Merged into survivor GPID

SPLIT

Split from parent GPID

Identity API Endpoints

POST
/api/identity/matchService

Match Demographics

85ms/220ms120/min200
POST
/api/identity/resolveService

Resolve or Create GPID

120ms/350ms60/min200
GET
/api/identity/{gpid}Bearer

Get Identity Record

55ms/150ms120/min200
POST
/api/identity/mergeBearer

Merge GPIDs

300ms/800ms10/min200
POST
/api/identity/splitBearer

Split GPID

350ms/900ms10/min200

Integration toolkit

SandboxAPI PlaygroundOpenAPI Try-it-outCertificationWebhooks
Postman collection (14 requests)Import the same JSON into Insomnia

Official SDKs

Generate TypeScript client →·Python →·All SDKs

GPID certification track

12 required items · platform + product-specific checks

Full checklist →
  • First authenticated API call in sandbox
  • OAuth or API key with least-privilege scopes
  • FHIR R4 read against sandbox lake
  • GPID boundary headers on write paths
  • Webhook HMAC-SHA256 verification implemented
  • Webhook idempotency by delivery ID

+9 more on the certification page

Complete all required items before production go-live

Webhook events for GPID

Subscribe at /webhooks — verify HMAC-SHA256 signatures

Event catalog →
identity.matchIdentity / GPID

GPID match or merge completed for a subject.

{
  "event": "identity.match",
  "gpid": "APX-1A2B3C4D",
  "match_type": "DETERMINISTIC",
  "identity_status": "ACTIVE",
  "subject_gpid": "APX-1A2B3C4D"
}
identity.mergeIdentity / GPID

Two GPID records merged into golden record.

{
  "event": "identity.merge",
  "survivor_gpid": "APX-1A2B3C4D",
  "merged_gpids": [
    "APX-OLD001"
  ],
  "merged_at": "2026-06-13T18:00:00Z"
}