The purpose of this reference document is to detail how athenaOne environments interact with athenahealth's API and the Developer Portal.
In athenaOne, there are multiple tablespaces, which are groups of data files specific to a client’s practice. athenahealth has two distinct tablespace environments: the preview tablespace/ “sandbox” and the production tablespace. In the preview tablespace, partners can build, test, and troubleshoot their API solutions using non-sensitive dummy data. The production tablespaces store the client’s live and sensitive health data of patients.
Types of Tablespace Access
Front-end access provides partners with a user name and login to tablespaces via athenaOne User Interface. Back-end access grants a partner access to a tablespace’s API. For both front-end and back- end access, specific credentials (keys and secrets) are necessary. Partners can only use their preview tablespace credentials (keys and secrets) to access, and modify preview tablespaces and their production tablespace credentials to access and modify the production tablespaces.
All partners receive a dedicated preview tablespace, with front and back end access. Partners are granted only back-end access to a client’s production tablespace, after the client has sign an Authorization and Consent agreement. athenahealth does NOT grant Partners front-end access to production tablespaces to avoid compromising patients’ personal health information. Partners should NOT request or receive front end access to their client’s tablespaces.
Developer Portal Interactions
How does the developer portal interact with the athenaOne tablespaces?
athenaOne and the Developer Portal are separate entities with different structures. The Developer Portal gives partners the ability to understand the structure of our APIs and how code interacts with the back-end of athenahealth. In I/O Docs, partners can use either their preview or production credentials to place calls or query athenahealth’s API and the relevant tablespaces. Though I/O docs is a testing tool to understand how athenahealth’s API code is structured, the calls and queries yield and can even change the data within the preview or production tablespaces. For this reason, partners are only granted back-end access to a client's production tablespace's API, in order to avoid compromising sensitive patient health information.