Find an API

Search public APIs with auth details & Postman guides

← All APIs

CMS Blue Button 2.0 API

sandbox.bluebutton.cms.gov · Health

Health OAuth2 Free Tier Healthcare Medicare Patient Data

US Medicare beneficiary data API — claims history, provider encounters, and prescription drug records for 53M+ Medicare patients. Uses FHIR R4 and SMART on FHIR. Free sandbox available.

Authentication

OAuth2 OAuth2 Authorization Code flow. Register at bluebutton.cms.gov/developers for credentials. Sandbox uses synthetic test data.

Sample Requests

GET Get patient coverage

Get Medicare coverage data for the authenticated patient.

https://sandbox.bluebutton.cms.gov/v2/fhir/Coverage

Hover any highlighted part to learn what it does

Headers — extra info sent with the request
Authorization Bearer YOUR_TOKEN 
curl -X GET "https://sandbox.bluebutton.cms.gov/v2/fhir/Coverage/" \
  -H "Authorization: Bearer YOUR_TOKEN"
import requests
headers = {
    "Authorization": "Bearer YOUR_TOKEN"
}
response = requests.get(
    "https://sandbox.bluebutton.cms.gov/v2/fhir/Coverage/",
    headers=headers,
)
print(response.json())
const url = 'https://sandbox.bluebutton.cms.gov/v2/fhir/Coverage/';

const response = await fetch(url, {
  headers: {
    'Authorization': 'Bearer YOUR_TOKEN'
  },
}); 
const data = await response.json();
console.log(data);
package main

import (
	"fmt"
	"io"
	"net/http"
)

func main() {
	targetURL := "https://sandbox.bluebutton.cms.gov/v2/fhir/Coverage/"
	req, _ := http.NewRequest("GET", targetURL, nil)
	req.Header.Set("Authorization", "Bearer YOUR_TOKEN")

	client := &http.Client{}
	resp, _ := client.Do(req)
	defer resp.Body.Close()
	body, _ := io.ReadAll(resp.Body)
	fmt.Println(string(body))
}
require "net/http"
require "json"

uri = URI("https://sandbox.bluebutton.cms.gov/v2/fhir/Coverage/")

http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = uri.scheme == "https"

req = Net::HTTP::Get.new(uri)
req["Authorization"] = "Bearer YOUR_TOKEN"

res = http.request(req)
puts JSON.parse(res.body)
<?php
$url = "https://sandbox.bluebutton.cms.gov/v2/fhir/Coverage/";
$opts = ["http" => [
    "method" => "GET",
    "header" => implode("\r\n", [
        "Authorization: Bearer YOUR_TOKEN"
    ]),
]];
$ctx = stream_context_create($opts);
$res = file_get_contents($url, false, $ctx);
print_r(json_decode($res, true));

Postman Setup Guide

Get Postman ↗
  1. Register at bluebutton.cms.gov/developers for sandbox credentials
  2. Sandbox uses synthetic patients — no real PHI
  3. Test patient credentials: BBUser00000 / PW00000!
  4. Standard FHIR R4 endpoints: /Patient, /Coverage, /ExplanationOfBenefit, /Profile
  5. Production access requires CMS approval and HIPAA compliance

Open documentation ↗