APIs Affected

All Facility APIs

Explanation Feature

Right now the "specific" version of facilities returns one kind of object, but the "all" (and filtered) version returns another. This means that for the same API endpoint we end up having to marshal

For example, calling:

https://dev-api.vets.gov/services/va_facilities/v0/facilities/all

gives me a Boston Vet Center that looks like this:

{
            "type": "Feature",
            "geometry": {
                "type": "Point",
                "coordinates": [
                    -71.0361051099999,
                    42.3445959000001
                ]
            },
            "properties": {
                "id": "vc_0101V",
                "name": "Boston Vet Center",
                "facility_type": "vet_center",
                "classification": null,
                "website": null,
                "address": {
                    "mailing": {},
                    "physical": {
                        "zip": "02210",
                        "city": "Boston",
                        "state": "MA",
                        "address_1": "7 Drydock Avenue",
                        "address_2": "Suite 2070",
                        "address_3": null
                    }
                },
                "phone": {
                    "main": "857-203-6461 x"
                },
                "hours": {
                    "friday": "800AM-600PM",
                    "monday": "800AM-700PM",
                    "sunday": "-",
                    "tuesday": "800AM-800PM",
                    "saturday": "-",
                    "thursday": "800AM-800PM",
                    "wednesday": "800AM-700PM"
                },
                "services": {},
                "satisfaction": {},
                "wait_times": {}
            }
        }

whereas calling the api for this facilty directly gives me this:

https://dev-api.vets.gov/services/va_facilities/v0/facilities/vc_0101V

{
    "data": {
        "id": "vc_0101V",
        "type": "va_facilities",
        "attributes": {
            "name": "Boston Vet Center",
            "facility_type": "vet_center",
            "classification": null,
            "website": null,
            "lat": 42.3445959000001,
            "long": -71.0361051099999,
            "address": {
                "mailing": {},
                "physical": {
                    "zip": "02210",
                    "city": "Boston",
                    "state": "MA",
                    "address_1": "7 Drydock Avenue",
                    "address_2": "Suite 2070",
                    "address_3": null
                }
            },
            "phone": {
                "main": "857-203-6461 x"
            },
            "hours": {
                "monday": "800AM-700PM",
                "tuesday": "800AM-800PM",
                "wednesday": "800AM-700PM",
                "thursday": "800AM-800PM",
                "friday": "800AM-600PM",
                "saturday": "-",
                "sunday": "-"
            },
            "services": {},
            "satisfaction": {},
            "wait_times": {}
        }
    }
}

Differences include:

1. It's called "feature" rather than "data" - normalize on one ("Facility") would be nice but as long as it's one or the other, I can make that facility on my side. Data seems more reasonable than feature, which makes no sense in the /all context (at least to me).

2. Lat and Long are in different places with different structures and labels. Please use the labeled versions in the individual facility model.

3. In the single-api return, it's called "attributes" but in the all return version it's called properties. No real care about which, but sure would like it to be one or the other.

Value Provided by Feature

The current system creates work and duplicate marshaling code for the API developer. It's a PIA and makes me want to wait for a future version. I would expect /all or even a filtered version to return the same json objects, just filtered down based on the request, not a totally different object.

If you agree I can break out each of the above listed differences as a bug report.

Acceptance Criteria

Return the same object in both the / version for all & filtered versions. The version in / which is pretty clear and easy to use/convert from json to reasonable objects.

Thank you.

APIs Affected

Facilities API (all implementation)

Brief Summary

When filtering by health, it claims certain organizations do not have urgent care, but they all have same-day primary care (?) which is not listed as a service. Is it safe to assume that "Primary Care" is the same as "Same Day Primary Care" - is there a "non-same day primary care?" - the services list only accounts for "Primary Care" but this press release makes it sound like they are synonymous. (https://www.va.gov/opa/pressrel/pressrelease.cfm?id=3998)

Even more confusing...what's "primary_care_urgent" in the context of the satisfaction scores? Is that primary care...or urgent care...or really fast primary care :)

"satisfaction": {
"health": {
"primary_care_urgent": 0.92,
 "primary_care_routine": 0.89,
},
                    "effective_date": "2018-05-22"
                },

What is Urgent Care in that context? These seems to be VA-specific terminology but want to be sure I've got it right.

This is NOT urgent. I'm just confused by the terminology and if I'm giving people the right information. It does not prevent from using the API.

Steps to Reproduce

API: https://dev-api.vets.gov/services/va_facilities/v0/facilities/all?type=health&healthservice=UrgentCare

Web: https://www.accesstopwt.va.gov/Main/FindFacilities?LocationText=94087&Radius=50&SortOrder=0&UserLatitude=-1&UserLongitude=-1&SameDayServiceView=true

See slightly different results, would be nice to normalize or understand/document the difference. Thank you!

APIs affected (if applicable)

Benefits Intake

How can we help?

Stephen (@spardue) from VAClaimHelper.com is requesting a rate limit increase. He says:

The benefits report API keeps on returning a 429. My clients frequently like to check the status of their submissions. Can you increase the rate for my key?

What have you tried?

n/a

Additional context

n/a

⚠️ Please read before submitting: As this is a public forum, please do not include any sensitive information (such as your VA API OAuth Client ID, VA API OAuth Client Secret, VA API key, Name, Address, Phone Number, Social Security Number, Medical Record Number, etc).

Explanation

As a non-Veteran developer, I have no idea how to test the application. I did the example authentication flow using express however I am not able to get a token cause I have never served. I did create an account using ID.me but of course, it returned an issue even though I can log in into ID.me fine on its parent site.

Error when trying to login:

https://imgur.com/LUKt5Qq.jpg

Value provided by the feature

I would be able to test the functions of a Veteran with history. I'd be able to check status, past records, and etc. without having to be a Veteran. I'd also be able to test my application without a live user.

Acceptance criteria

Test data in dev-api.va.gov of a user which I can authenticate and authorize to get test data to test my applications.

APIs Affected

VA Facilities API

Explanation Feature

User would supply the 2 letter abbreviation for a state or locale and returned would be a list of the facilities in that locale.

Value Provided by Feature

Perhaps just return summary data (ID, Facility Name, and Facility Type) so this could be used to populate a drop-down without the overhead of returning all the data for each facility.

Acceptance Criteria

The ability for every facility to be returned given it matched the state/locale provided in the call.

I'm having a problem with something.

⚠️ Please read before submitting: As this is a public forum, please do not include any sensitive information (such as your VA API OAuth Client ID, VA API OAuth Client Secret, VA API key, Name, Address, Phone Number, Social Security Number, Medical Record Number, etc).

We are continually striving to improve our process and APIs. Your input and feedback ensures we are serving both Veterans and people like you. Thank you!

Feedback

APIs affected (if applicable)

https://dev-api.va.gov/services/argonaut/v0/Observation

What I expected to happen

Returned Observation values with a reasonable number of significant digits

What actually happened

Returned Observation with an unreasonable number of significant digits:

"valueQuantity": {
   "value": 27.400075701930987,
   "unit": "mmol/L",
   "system": "http://unitsofmeasure.org",
   "code": "mmol/L"
}

Severity of the issue

• High severity: Blocking work

• Medium severity: Not blocking work, but needs attention

• Low severity: Needs attention in a timely manner

• I am unable to use the API

• I was able to use the API, but am not getting the results I expected

• I was able to workaround the issue

Steps to reproduce

HTTP GET https://dev-api.va.gov/services/argonaut/v0/Observation?_count=20&patient=1017283148V813263

⚠️ Please read before submitting: As this is a public forum, please do not include any sensitive information (such as your VA API OAuth Client ID, VA API OAuth Client Secret, VA API key, Name, Address, Phone Number, Social Security Number, Medical Record Number, etc).

OpenID Connect Authentication API

I am having trouble trying to do a redirection in Javascript.

Your application will need to redirect the Veteran's browser to our OpenID authorization server with a request like this:

HTTP/1.1 302 Found
Location: https://dev-api.va.gov/oauth2/authorize?
  client_id=s6BhdRkqt3
  &response_type=id_token
  &response_mode=fragment
  &redirect_uri=<yourRedirectURL>
  &scope=openid%20profile%20email

I try to set window.location equal to
https://dev-api.va.gov/oauth2/authorize?client_id=<client-ID>&response_type=id_token&response_mode=fragment&redirect_uri=http://firstcivdivcareers.com/clear in the console to try and replicate it and I recieve a Cannot GET /oauth2/authorize

Is it possible to show more documentation for an Implicit flow?

https://developer.va.gov/explore/verification/docs/authorization

Acceptance criteria

A small example with vanilla JS to show how a redirect should look and how to authenticate with this path works.

⚠️ Please read before submitting: As this is a public forum, please do not include any sensitive information (such as your VA API OAuth Client ID, VA API OAuth Client Secret, VA API key, Name, Address, Phone Number, Social Security Number, Medical Record Number, etc). For test apps, please make sure you are using your registered redirect URL, not the URL provided in the example.

APIs affected (if applicable)

All

How can we help?

Our middleware application, Clinical Pipe, is utilized by the HCP to transfer the veteran's data to sponsored research database. I haven't seen any documentation in regards to integrating our application in the launch sequence from the EHR front end.

What have you tried?

Reading the documentation.

Additional context

None.

⚠️ Please read before submitting: As this is a public forum, please do not include any sensitive information (such as your VA API OAuth Client ID, VA API OAuth Client Secret, VA API key, Name, Address, Phone Number, Social Security Number, Medical Record Number, etc).

APIs affected (if applicable)

Health
Benefits Intake
Benefits Claims

Explanation

I am working on an application based on the Benefits Intake API. Here is a high-level overview of some features that would be helpful. All of these assume the Veteran has authorized my app to access their PII.

*If a Veteran is submitting a new disability claim, I want to add features to let them request and schedule a a disability exam with a VA provider at a location of their choosing as part of claim submission.
*I'd like to send a notification to the Benefits Claims API when a disability exam appointment is Scheduled, Changed, or Cancelled
*I'd like to subscribe to an event notification when an exam appointment is confirmed
*I'd like to submit a request to change an existing appointment
*I'd like to subscribe to an event notification when my DBQ has been sent to VBMS
*I'd like to subscribe to an event notification if more documents/evidence is required

Value provided by feature

These features will provide an underlying framework that will allow Veterans/VSOs to have more control over their benefits & have common interactions across VBA/VHA. This will also provide additional capabilities that can be integrated into VSO software.

Acceptance criteria

If the following capabilities are available on the platform (assume transaction/request IDs will be provided on req/resp payloads).

Health API

*Submit a facility & date range, receive a list of available appointment slots for all PCPs, with a slotID on the response payload
*Submit an appointment request, evssID, and SlotID, receive an appointmentID & status
*Submit an appointmentID, receive current status
*Submit evssID, receive status of DBQ
*Submit evssID as optional parameter on any transaction

Benefits API

*Submit an appointmentID, appointment status & claim tracking number/ID, receive confirmation
*Submit evssID, receive status/sub-status that additional information is required from the VA & unique ID of the correspondence (i.e. CorrespondenceID)
*Submit a "CorrespondenceID" and receive PDF of the VBA-generated letter requesting information
*Submit documents with evssID and CorrespondenceID as metadata, receive upload confirmation

test

APIs Affected

Facilities API, V0

Brief Summary

Sometimes you use "-" for closed, other times you use the word "closed"

Example:

VA Facility vba_343h

 "hours": {
                    "Friday": "8:00AM-4:00PM",
                    "Monday": "8:00AM-4:00PM",
                    "Sunday": "Closed",
                    "Tuesday": "8:00AM-4:00PM",
                    "Saturday": "Closed",
                    "Thursday": "8:00AM-4:00PM",
                    "Wednesday": "8:00AM-4:00PM"
                },

compare that to San Jose (vha_640BY)

"hours": {
                    "Friday": "800AM-430PM",
                    "Monday": "800AM-430PM",
                    "Sunday": "-",
                    "Tuesday": "800AM-630PM",
                    "Saturday": "800AM-1200PM",
                    "Thursday": "800AM-430PM",
                    "Wednesday": "800AM-430PM"
                },

It appears that when it's a VBA, it's "closed" but when it's a VHA or other health-related facility, it's a "-" -- I've not looked at every one, but looking at the following VBAs (vba_666, vha_610A4a, vha_610A4, vba_583) all use the "closed" and all the VHA's I looked at use "-"

I did not look at all 400 VBA sites. That could be a red herring.

Severity of the Issue

It's a big pain in the butt, but it's not preventing me from moving forward, just more case statements and checking for results.

Steps to Reproduce

Call the API for the above examples...

APIs Affected

VA Facilities API

Explanation Feature

The ability to pull data for those facilities whose Parent_Station_Number (VAST field) match the ID submitted in the call.

Value Provided by Feature

This would allow the user to get a collection of related facilities. For example, clinics that belong to a parent medical center. In the past we have supported an application (Our Doctors) that required having a list of which VA Medical Center a VA Clinic was a part of. Although we no longer support that application, a feature such as that will allow us, among other things, to quickly see if all VA Clinics are currently represented on their VAMC's website (for example, https://www.washingtondc.va.gov/locations/index.asp).

Acceptance Criteria

Supply Parent_Station_Number and the facilities returned should match what is in VAST.

APIs Affected

Veteran Verification

Explanation Feature

X feature

Value Provided by Feature

X value

Acceptance Criteria

X works

⚠️ Please read before submitting: As this is a public forum, please do not include any sensitive information (such as your VA API OAuth Client ID, VA API OAuth Client Secret, VA API key, Name, Address, Phone Number, Social Security Number, Medical Record Number, etc).

APIs affected (if applicable)

Facilities API
https://developer.va.gov/explore/facilities/docs/facilities

Explanation

Please add the VISN number and the complexity level columns from the VAST database to the Facility API for a single facility and list all facility endpoints (Geo boundaries and /all) 😄

Value provided by feature

Some applications vital facility information such as the VISN number and the complexity level for a single facility to do data read-outs and scan-ability.

Acceptance criteria

• VISN column exposed in Geo boundary facilities endpoint
• VISN column exposed in /all facilities endpoint
• VISN column exposed in single facility endpoint
• Complexity level column exposed in Geo boundary facilities endpoint
• Complexity level column exposed in /all facilities endpoint
• Complexity level column exposed in single facility endpoint

I am following the Authorization Code Flow.
when I call the API about getting token
I have received the result as missing refresh_token, expires_in

1. this is our authorization request :

https://dev-api.va.gov/oauth2/authorization?client_id=0oa3hkrbd0QG8IY0c2p7&redirect_uri=https://web.samsungphr.com/fhir/oauth/va.html&response_type=code&scope=launch/patient openid profile email veteran_status.read&state=7a99720c4fa90559cfa73494dbbf2abaec803cf2

2. when we can get the 'code' from redirect page. we call the api to get the tokens.
   POST /oauth2/token HTTP/1.1
   Host: dev-api.va.gov
   Content-Type: application/x-www-form-urlencoded
   Authorization: Basic {base64 encoded client id + ':' + client secret}

grant_type=authorization_code&code={your code}

3. but we can't find the refresh_token and expries_in. we didnot ask the grant type for id_token.
   this is our response

[{"access_token":"eyJraWQiOiJib2dG*************","token_type":"Bearer","expires_at":1553234539,"scope":"patient/Patient.read launch/patient profile veteran_status.read openid","id_token":"eyJraWQiOi*************************","patient":"1017283148V813263","state":"7a99720c4fa90559cfa73494dbbf2abaec803cf2"}]

Please let me know how to get refresh_token in Authorization Code Flow.

⚠️ Please read before submitting: As this is a public forum, please do not include your VA API OAuth Client ID, VA API OAuth Client Secret, VA API key, or any Personally Identifiable Information (PII) or Protected Health Information (PHI) in your report. For test apps, please make sure you are using your registered redirect URL, not the URL provided in the example.

Email address

[email protected]

APIs affected (if applicable)

API version (if applicable)

What I expected to happen

What actually happened

<myserver
acquires auth2/authorization code "thecode"
sends POST to https://dev-api.va.gov/oauth2/token
with query elements
?grant_type=authorization_code
&code=thecode
&redirect_uri=myserviceuri
HTTP Headers
Authorization: Basic myid:mysecret
Host: dev-api.va.gov
receives {"error":"unsupported_grant_type","error_description":"Only authorization and refresh_token grant types are supported"}
tried grant_type=authorization_code (as documented) and
grant_type=authorization
same error either way>

Severity of the issue

• High severity: Blocking work

• Medium severity: Not blocking work, but needs attention

• [x ] Low severity: Needs attention in a timely manner

• I am unable to use the API

• I was able to use the API, but am not getting the results I expected

• I was able to workaround the issue
  

Steps to reproduce

1. LAMP ... client browsers Chrome and Firefox on opensuse, android, and windows

APIs Affected

v0/facilties

https://dev-api.vets.gov/services/va_facilities/v0/facilities?type=health&page=1&per_page=20

Brief Summary

The above call returns zero facilities. It's a cut and paste from the documentation.

Return value:

{"data":[],"links":{"self":"https://dev-api.vets.gov/services/va_facilities/v0/facilities?page=1&per_page=20&type=health","first":"https://dev-api.vets.gov/services/va_facilities/v0/facilities?page=1&per_page=20&type=health","prev":null,"next":null,"last":"https://dev-api.vets.gov/services/va_facilities/v0/facilities?page=1&per_page=20&type=health"},"meta":{"pagination":{"current_page":1,"per_page":20,"total_pages":1,"total_entries":0}}}

This happens with or without accept:application/json being set.

Severity of the Issue

Semi-Blocker.

Here's the workaround I'm going to use (because I don't' want to spend another day on marshaling objects around) - I can call the bounding box version (I have not tried that yet, I hope it works?) and then just pull out the health ones myself. I mean, there is a workaround, but that might not work for other people doing other projects. I can do that because in a 25/50km radius I'm probably only going to get 5-6 so iterating over the whole list isn't the end of the world. But it kinda blows (technically speaking, that is) :)

Steps to Reproduce

Call the API on your documentation page or CURL.

curl -X GET "https://dev-api.vets.gov/services/va_facilities/v0/facilities?type=health" -H "accept: application/json"

We are continually striving to improve our process and APIs. Your input and feedback ensures we are serving both Veterans and people like you. Thank you!

Feedback

Since the Address Validation API does not require OAuth, we should probably separate it from the Veteran Verification APIs.

The developer.va.gov/apply page requires you to enter an OAuth Redirect URI if you want to get a dev key for a Veteran Verification API.

Address Validation could go under facilities perhaps? though it is a more general thing that it seems like USPS might offer. At any rate, we should account for the possibility of someone internal to VA wanting to request a dev key.

While trying to run the sample app, I am getting this error when I go to auth page (http://localhost:8080/auth)

Error: state missing from the response
at Client.authorizationCallback (/va-oauth/node_modules/openid-client/lib/client.js:367:29)
at OpenIDConnectStrategy.authenticate (/va-oauth/node_modules/openid-client/lib/passport_strategy.js:144:27)
at attempt (/va-oauth/node_modules/passport/lib/middleware/authenticate.js:361:16)
at authenticate (va-oauth/node_modules/passport/lib/middleware/authenticate.js:362:7)
at Layer.handle [as handle_request] (/va-oauth/node_modules/express/lib/router/layer.js:95:5)
at next (/va-oauth/node_modules/express/lib/router/route.js:137:13)
at Route.dispatch (/va-oauth/node_modules/express/lib/router/route.js:112:3)
at Layer.handle [as handle_request] (/va-oauth/node_modules/express/lib/router/layer.js:95:5)
at /va-oauth/node_modules/express/lib/router/index.js:281:22
at Function.process_params (/va-oauth/node_modules/express/lib/router/index.js:335:12)

I am new to this. I tried adding state along with client id and client secret, but still getting same error.

#97 APIs affected (if applicable)

Developer Veteran Authentication API

What I expected to happen

1. Authorize and receive access_token
2. Redirect user for OAuth login
3. User should be redirected back to the specified request_uri URL

What actually happened

An error in the URL where a # is being used incorrectly instead of a ? is causing the redirect from dev-api.va.gov/oauth2/redirect to the redirect_uri specified during authorization to break and output "An unknown error has occurred."

After the customer approves access to the veteran status, they're redirected to a url similar to the one below (I've removed much of the params to shorten it)

https://dev-api.va.gov/oauth2/redirect#access_token=eyJraWQiOiJUdWZhS3pD...

There is a # after /oauth2/redirect and before access_token, this needs to be a ?, not a #

When the full URL is copied and the # replaced with a ? it redirects back to the request_uri as it should.

Severity of the issue

• [ x ] High severity: Blocking work

• Medium severity: Not blocking work, but needs attention

• Low severity: Needs attention in a timely manner

• I am unable to use the API

• [x ] I was able to use the API, but am not getting the results I expected

• I was able to workaround the issue
  

Steps to reproduce

1. Authorize app access to veteran status using one of the id.me test accounts.
2. Wait for the attempted redirect back to the request_uri specified during authorization.

APIs Affected

Facility API

Explanation Feature

Would be awesome to get a URL to the image used on VA.gov for the facility, for example,
https://www.boston.va.gov/locations/Jamaica_Plain_.asp has this image https://www.boston.va.gov/images/jamaicaplain.jpg and the other facilities seem to follow the same method.

Certainly not urgent, but would be super handy and punch up the UX (cards, on-screen, app) for my apps.

Value Provided by Feature

Provide vets with a way to see what the facility looks like, visual consistency with the VA website.

Acceptance Criteria

APIs Affected

VA Facilities API

Explanation Feature

Along with the daily hours returned for a facility, include the HoursNote field from VAST in the results.

Value Provided by Feature

This would be especially helpful for Medical Centers which are open 24 hours a day but their administrative office is only open during business hours. That information seems to be available in the HoursNote field of VAST.

Acceptance Criteria

Please provide the following information

• Contact Name: Rob Morrison

• Contact Email: [email protected]

• Contact Phone Number: 858-224-7807

• Organization Name: GovX

• Website: www.shopvcs.com

• URL of Privacy Policy: https://www.shopvcs.com/t/privacy-policy

• Do you agree to the VA API Platform Terms of Service

Next Steps

The VA will:

• Verify this request is made by a US Company
• Verify that all provided information is accurate
• Confirm that your privacy policy is understandable by a Veteran using your App or Service
• View a live demo of your App or Service using the development environment

APIs affected (if applicable)

Address Validation AP

https://api.va.gov:8000/address-validation/address/v1/validate

API version (if applicable)

What I expected to happen

1. I tested above API from SoapUI

2. Provided API Key

3. I should get correct address after validation.

What actually happened

1. I got Connection refused exception

Severity of the issue

Issue could b

• [ X] High severity: Blocking work

• Medium severity: Not blocking work, but needs attention

• Low severity: Needs attention in a timely manner

• I am unable to use the API

• I was able to use the API, but am not getting the results I expected

• I was able to workaround the issue
  

I know the last thing you want to do is change the API signature, but making it "lat" and "long" is a bummer. (Specifically Facility Attributes). It really makes marshalling Java objects a pain. I'm sure anyone in a typed language is going to feel similarly.

Either the google maps (lat/lng) (see below) or HCA methods (they use latitude and longitude spelled out...but they also quote the values, so ) would be greatly appreciated and are probably very familiar to your user base. I could also see lots of reasons for you to DNF this. Thanks for considering.

 "formatted_address" : "1600 Amphitheatre Parkway, Mountain View, CA 94043, USA",
         "geometry" : {
            "location" : {
               "lat" : 37.4224764,
               "lng" : -122.0842499
            },
            "location_type" : "ROOFTOP",
            "viewport" : {
               "northeast" : {
                  "lat" : 37.4238253802915,
                  "lng" : -122.0829009197085
               },
               "southwest" : {
                  "lat" : 37.4211274197085,
                  "lng" : -122.0855988802915
               }
            }

Any calls to facilities/all throws a 500 error. Calls to individual locations continue to work. This has happened 5-6 times over 24 hours, so doubtful it's specific to server state.

https://dev-api.vets.gov/services/va_facilities/v0/facilities/all

Headers:
apikey: <not shown, but works with other calls>

Response:

{
    "errors": [
        {
            "title": "Internal server error",
            "detail": "Internal server error",
            "code": "500",
            "status": "500"
        }
    ]
}

This is related to an issue reported where a consumer is not capturing updated statuses from VA: To update this, what we are finding on our end is that we appear to be hitting the API rate limit. We are trying to make 20-25 api calls per hour to get updates on upwards of 2000 open items. It appears that we can only query 100 records at a time.

The result is that the statuses are not getting updated accurately on all claims. I think this is why our users would see something short of "Complete" despite the fact that the claim is in VBMS already.

The "Validated date" is something we set when we receive either a "Complete" status, or when the submission hits an error.

Do we know what the rate limit is by any chance?

Email address

[email protected]

APIs affected (if applicable)

<veteran_status.read>

How can we help?

<Receiving json resonse "{"errors":[{"title":"Not authorized","detail":"Not authorized","code":"401","status":"401"}]}">

What have you tried?

<Making the request as documented with the access_token received via the Open ID / OAuth process>

Additional context

<VA Oauth Response (some id values below have been replaced with the field name)
Time: 1554090453

Raw Authorization Approval Information
[access_token]=(eyJraWQiOiJib2dGS2JqQ0c3VDc0UWh1ZnRiZVFwR3RxenVp...848)
[token_type]=(Bearer)
[expires_at]=(1554094052)
[scope]=(openid veteran_status.read)
[id_token]=(eyJraWQiOiJib2dGS2JqQ0c3VDc0UWh1ZnRiZVFwR3RxenVp...846)
[state]=(2)

JWT Access Token Header
[kid]=(kid)
[alg]=(RS256)

JWT Access Token Data
[ver]=(1)
[jti]=(AT.byYX-U3OiJl6AmosQX6GNwNVj6oGEavWqzKB8PDzuRw)
[iss]=(https://deptva-eval.okta.com/oauth2/default)
[aud]=(api://default)
[iat]=(1554090452)
[exp]=(1554094052)
[cid]=(cid)
[uid]=(uid)
[scp]=(array)
[sub]=(sub)

JWT ID Token Header
[kid]=(kid)
[alg]=(RS256)

JWT ID Token Data
[sub]=(00u2jpw2kx2ONsmva2p7)
[ver]=(1)
[iss]=(https://deptva-eval.okta.com/oauth2/default)
[aud]=(aud)
[iat]=(1554090452)
[exp]=(1554094052)
[jti]=(ID.rrMdP9xiVUEVjJlKotZe_NkFEXRtx52C1iKD8fS4zcw)
[amr]=(array)
[idp]=(idp)
[auth_time]=(1554090442)
[at_hash]=(_r6wxdS-PlTL7B9r_EHeTA)

Submit request to https://dev-api.va.gov/services/veteran_verification/v0/status with HTTP header 'Authorization: Bearer access_token

Receive
{"errors":[{"title":"Not authorized","detail":"Not authorized","code":"401","status":"401"}]}>

I am unable to request an API key.
I keep getting "We encountered a server error while saving your form. Please try again later."

APIs affected (if applicable)

How can we help?

What have you tried?

Registering with a different e-mail address and different name (in case the error was due to a name/address collision).

Additional context

I had previously registered via a site/page that no longer exist back when you were just getting started (Don DeCoteau).

Starting last night the authorization step of the Open ID connect is no longer working properly (test sandbox) - the response after sending the authorization code is now always code 400 -
{'error': 'invalid_grant', 'error_description': 'We were unable to find a valid patient identifier for the provided authorization code.'  }
We are using the same code we had been successfully using before. This is happening for several different sample patients

APIs affected (if applicable)

Authorization step of Open ID Connect

API version (if applicable)

What I expected to happen

1. After the user is redirected and authenticates via id.me (sample patients) and the application is redirected back with an authorization code then my application uses the POST method to request an access_token
2. The API returns with a 200 response and an access token

What actually happened

The return is a code 400 with the following message:

{'error': 'invalid_grant', 'error_description': 'We were unable to find a valid patient identifier for the provided authorization code.'  }

Severity of the issue

• [xxx] High severity: Blocking work

• Medium severity: Not blocking work, but needs attention

• Low severity: Needs attention in a timely manner

• [xxx] I am unable to use the API

• I was able to use the API, but am not getting the results I expected

• I was able to workaround the issue
  

Steps to reproduce

1. Our application is written in python Flask using the flask-oauthlib library

APIs affected (if applicable)

All

API version (if applicable)

All

Explanation

Currently there does not appear to be any documentation on rate limits (if they exist) for any of the APIs.

Link to existing documentation

n/a

Acceptance criteria

• Add documentation of rate limits for each API
• Add links for each API to support FAQ

⚠️ Please read before submitting: As this is a public forum, please do not include your VA API OAuth Client ID, VA API OAuth Client Secret, VA API key, or any Personally Identifiable Information (PII) or Protected Health Information (PHI) in your report. For test apps, please make sure you are using your registered redirect URL, not the URL provided in the example.

Email address

[email protected]

APIs affected (if applicable)

None

How can we help?

None

What have you tried?

None

Additional context

None

APIs affected (if applicable)

Facilities

What I expected to happen

A request to facilities with lat/long and ids should return the selected facilities in order of distance from the lat/long point.
https://api.va.gov/services/va_facilities/v0/facilities?lat=99.999999&long=-99.999999&page=1&ids=vha_595%2Cvba_460%2Cvha_693%2Cvha_542%2Cvha_460HE%2Cvba_310

What actually happened

The appeals team identified a new 500 response from the Facilities API that began on Friday in production.
Example:
https://api.va.gov/services/va_facilities/v0/facilities?lat=99.999999&long=-99.999999&page=1&ids=vha_595%2Cvba_460%2Cvha_693%2Cvha_542%2Cvha_460HE%2Cvba_310

Severity of the issue

• High severity: Blocking work
• Medium severity: Not blocking work, but needs attention
• Low severity: Needs attention in a timely manner

APIs affected (if applicable)

Veteran Verification - Disability Rating
https://dev-api.va.gov/services/veteran_verification/v0/disability_rating

API version (if applicable)

v0

What I expected to happen

I expect to receive the Veteran's disability rating.

What actually happened

I am getting a 500 Internal Server Error.

Severity of the issue

• High severity: Blocking work
• Medium severity: Not blocking work, but needs attention
• Low severity: Needs attention in a timely manner

• I am unable to use the API
• I was able to use the API, but am not getting the results I expected
• I was able to workaround the issue

Steps to reproduce

1. Authorize using the authorization code flow, and logging in with one of the test accounts to get an authorization token
2. Post a GET request on https://dev-api.va.gov/services/veteran_verification/v0/disability_rating with the token from step one

APIs Affected

V0 Facilities

Brief Summary

Could be a feature request
Currently, there are two types of times as demonstrated here:

Example from VBA_583

"hours": {
                    "Friday": "8:00AM-4:00PM",

and from VHA_640

 "hours": {
                    "Friday": "24/7",

See related issue #19

It would nice if rather than 24/7 you used the hour format 12:00AM-11:59PM (or better yet 24 hour - but I digress).

It is also incorrect. 24/7 is a presentation artifact that actually does not make sense, in the context of "Friday" there is no "7"

I noticed you also do this on your website. It's nitpicky, but technically incorrect. (here: https://www.accesstopwt.va.gov/Main/FindFacilities?LocationText=94087&Radius=50&SortOrder=0&UserLatitude=-1&UserLongitude=-1&SameDayServiceView=true)

Severity of the Issue

I can code around it, but it's a pain for the client to have to handle these cases (especially when part of the data ("/7") is wrong.

Steps to Reproduce

See API examples above.

⚠️ Please read before submitting: As this is a public forum, please do not include any sensitive information (such as your VA API OAuth Client ID, VA API OAuth Client Secret, VA API key, Name, Address, Phone Number, Social Security Number, Medical Record Number, etc). For test apps, please make sure you are using your registered redirect URL, not the URL provided in the example.

APIs affected (if applicable)

Veterans Health API

How can we help?

Veterans Health API mentions that service is compliant with the FHIR Argonaut Data Query Implementation Guide. We are specifically looking at CarePlan resource. From the description, it looks like we can record or query for a care plan for a patient. But I do not see any specific APIs defined under Veterans Health API how we can record or query for a care plan.

What have you tried?

I have looked at all Veteran Health APIs to see if care plan API is in it.

Additional context

We are considering to work with VA to provide care management for veterans. We need to be able to query and record any care plan for veterans.

Hello, There.
I am new to the developer portal, and was trying to run the sample apps provided. I seem to be stuck at the following points. I would appreciate any help you could provide. Thank you.

Using Sample Node.js app
With Client ID:
0oa3bfyx2nC71Nky62p7

Client Secret:
T9OGW1Xnu-TQ1uCoYCe5yz-XUPZeC--p1IxSZpRh

Result:
http://localhost:8080/auth/cb?error=invalid_client&error_description=The+specified+client+is+not+valid

Error: state missing from the response

Using Sample « Implicit Flow » App - React App
With
export default {
oidc: {
clientId: '0oa3bfyx2nC71Nky62p7',
issuer: 'https://dev-api.va.gov/oauth2/authorization',
redirectUri: 'http://localhost:8080/implicit/callback',
scope: ['openid', 'profile', 'email', 'disability_rating.read', 'service_history.read'],
},
resourceServer: {
serviceHistoryUrl: 'http://localhost:3000/services/veteran_verification/v0/service_history',
disabilityRatingUrl: 'http://localhost:3000/services/veteran_verification/v0/disability_rating',
},
};

https://dev-api.va.gov/oauth2/authorization/v1/authorize?client_id=0oa3bfyx2nC71Nky62p7&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fimplicit%2Fcallback&response_type=id_token%20token&response_mode=fragment&state=gJnAWnJMeBjPOlsiaWhSfT2yfSUAMQ2JvaJaXQuoqiWYoGjAbJFjkObPeiYNWOIY&nonce=8j9C3LdDVy41No6XsqZN9UW94QqrXYjgLq0GYia1w1ATjI1TU9gCVy21B1ZMdsaJ&scope=openid%20profile%20email%20disability_rating.read%20service_history.read

Result:
Cannot GET /oauth2/authorization/v1/authorize

⚠️ Please read before submitting: As this is a public forum, please do not include any sensitive information (such as your VA API OAuth Client ID, VA API OAuth Client Secret, VA API key, Name, Address, Phone Number, Social Security Number, Medical Record Number, etc). For test apps, please make sure you are using your registered redirect URL, not the URL provided in the example.

Health API (Patient resource)

API version (if applicable)

test environmetn

What I expected to happen

1. After OIDC authentication is successful, we can invoke Patient endpoint and get JSON with patient demographic info

What actually happened

We receive the following response (code 200) instead of the patient JSON resource:

'<title>Request Rejected</title>The requested URL was rejected.

\r\n\r\nThe enhanced features of ServiceNow and Your IT services online requests will replace email requests to the Enterprise Service Desk. You may access ServiceNow portal at https://yourit.va.gov using the Chrome browser. The tool is only available from VA workstations and will work with your Personal Identity Verification (PIV) card, eliminating the need for a username and password. If you have additional questions, please contact Managed Service Providers (MSP) at 1-855-673-4357.\r\n\r\n

Please make sure to include the entire Support ID number.\r\n\r\n

Your support ID is: 5891084290371907584
Appliance name: gwwlb01-waf-c'

This happens intermittently, but the error occurs more frequently than the correct response

Severity of the issue

• [x ] High severity: Blocking work

• Medium severity: Not blocking work, but needs attention

• Low severity: Needs attention in a timely manner

• [ xx] I am unable to use the API

• I was able to use the API, but am not getting the results I expected

• I was able to workaround the issue
  

Steps to reproduce

1. Python application running Flask web server
2. Tried from both local development machine as well as test environment in AWS

APIs affected (if applicable)

Facilities

Explanation

From Tony Diana at VA:

One piece of information that would be useful would be to add the Region to the listing. So VISN for VHA Facilities, Districts for VBA, etc.

Beyond that, adding the parent organizations for each would be a huge bonus, to start to show the hierarchy and truly create an organizational unit listing, rather than just a Facility Listing.

Value provided by feature

Acceptance criteria

⚠️ Please read before submitting: As this is a public forum, please do not include any sensitive information (such as your VA API OAuth Client ID, VA API OAuth Client Secret, VA API key, Name, Address, Phone Number, Social Security Number, Medical Record Number, etc).

APIs affected (if applicable)

N/A, not yet created.

Explanation

Use the facilities API, the same ones used on va.gov facility locator, to populate facilities information throughout VBA websites and pages. We would like to implement this on our regional offices sites, regional loan centers, intake sites, VR&E offices, and other VBA locations.

Value provided by feature

Right now, we have the location information manually entered on each of the RO pages and we would like to get away from that so we only have one source of data—the facilities database.

Acceptance criteria

Once RO websites are created, its location information (address, phone number, hours of operation, services offered, etc.) should be pulling from an API.

APIs affected (if applicable)

Veteran Verification and Health

From Gil Alterovitz at CIO:

• After logging in as a veteran via OpenID Connect, there seems to be no way to log out other than entering the browser settings and clearing the history (unlike CMS API). The impact of this is that you cannot test the app as multiple subsequent veterans from the same browser without clearing the cookies. Perhaps recommend that OpenID Connect requires re-authentication or allows one to logout via a link.

• OpenID Connect authentication expires after one hour, and a refresh token is never provided even when the “offline_access” code is requested. The online documentation states that a refresh token will be provided, but this never seems to happen.

• Occasionally, while in the process of authenticating via OpenID Connect, the VA presents an error page with a reload button. Clicking the reload button normally allows us to proceed without further problems, but something is seems wrong on the VA side.

Severity of the issue

• High severity: Blocking work

• Medium severity: Not blocking work, but needs attention

• Low severity: Needs attention in a timely manner

• I am unable to use the API

• I was able to use the API, but am not getting the results I expected

• I was able to workaround the issue
  

Steps to reproduce

VA Lighthouse API Support Request

⚠️ Please read before submitting: As this is a public forum, please do not include any sensitive information (such as your VA API OAuth Client ID, VA API OAuth Client Secret, VA API key, Name, Address, Phone Number, Social Security Number, Medical Record Number, etc). For test apps, please make sure you are using your registered redirect URL, not the URL provided in the example.

APIs affected (if applicable)

How can we help?

Data Access Services (DAS) team has submitted Community Care API onboarding document to VA's API team. Please refer to the email
that was sent on 10/22/2019 to Lighthouse Support team for this request. The Lighthouse API Support Case # is, 01523588. Content of the request is pasted below:

"As first part of the onboarding requirements, DAS team has completed the information requested per API onboarding document to onboard Community Care (CC) API with VA's Developer Portal. Kindly review the attached document and let us know when can we meet to discuss next steps".

What have you tried?

Additional context

⚠️ Please read before submitting: As this is a public forum, please do not include any sensitive information (such as your VA API OAuth Client ID, VA API OAuth Client Secret, VA API key, Name, Address, Phone Number, Social Security Number, Medical Record Number, etc). For test apps, please make sure you are using your registered redirect URL, not the URL provided in the example.

APIs affected (if applicable)

How can we help?

Where do you go to access My HeatheVet API?

This is in regards to the site listed below.

https://www.myhealth.va.gov/mhv-portal-web/home

What have you tried?

Additional context

⚠️ Please read before submitting: As this is a public forum, please do not include any sensitive information (such as your VA API OAuth Client ID, VA API OAuth Client Secret, VA API key, Name, Address, Phone Number, Social Security Number, Medical Record Number, etc). For test apps, please make sure you are using your registered redirect URL, not the URL provided in the example.

APIs affected (if applicable)

How can we help?

What have you tried?

Additional context

APIs affected (if applicable)

https://dev-api.va.gov/services/argonaut/v0/DiagnosticReport

What I expected to happen

Returned lab DiagnostiReport resources contain references to the individual panel Observation in the result element

What actually happened

Lab DiagnosticReport has no result element:

{
                "id": "8510241f-957a-5286-a8ea-77544f60f95f",
                "resourceType": "DiagnosticReport",
                "status": "final",
                "category": {
                    "coding": [
                        {
                            "system": "http://hl7.org/fhir/ValueSet/diagnostic-service-sections",
                            "code": "LAB",
                            "display": "Laboratory"
                        }
                    ]
                },
                "code": {
                    "text": "panel"
                },
                "subject": {
                    "reference": "https://dev-api.va.gov/services/fhir/v0/dstu2/Patient/1017283148V813263",
                    "display": "Mr. Toby274 Bins636"
                },
                "effectiveDateTime": "2017-10-05T14:49:14Z",
                "issued": "2017-10-05T14:49:14Z",
                "_performer": {
                    "extension": [
                        {
                            "url": "http://hl7.org/fhir/StructureDefinition/data-absent-reason",
                            "valueCode": "unsupported"
                        }
                    ]
                }
            }

Severity of the issue

• High severity: Blocking work

• Medium severity: Not blocking work, but needs attention

• Low severity: Needs attention in a timely manner

• I am unable to use the API

• I was able to use the API, but am not getting the results I expected

• I was able to workaround the issue
  

Steps to reproduce

Execute HTTP GET https://dev-api.va.gov/services/argonaut/v0/DiagnosticReport?_count=20&patient=1017283148V813263

APIs affected (if applicable)

VA Facilities API

API version (if applicable)

Version v0

What I expected to happen

1. The ability to receive data for all facilities in CSV format.

What actually happened

Received the following response.

{"errors":[{"title":"Internal server error","detail":"Internal server error","code":"500","status":"500"}]}

Severity of the issue

• High severity: Blocking work

• Medium severity: Not blocking work, but needs attention

• Low severity: Needs attention in a timely manner

• I am unable to use the API

• I was able to use the API, but am not getting the results I expected

• I was able to workaround the issue
  
  Work around, obtain data in JSON format, then convert into CSV format.

Steps to reproduce

1. Send a GET request to https://dev-api.va.gov/services/va_facilities/v0/facilities/all with Accept header of text/csv.

Users should be able to to retrieve several facilities at once by id.

GET /facilities?ids=id1,id2,id3 should return facilities id1, id2, and id3.

APIs Affected

Facility API

Explanation Feature

This is sort-of related to #20, but that's about the time format - in this case, I'm assuming there are special hours for holidays (either outright closed, like Christmas? Or special holidays like Veterans Day?) - it's unclear how that works. It does not look like the website has support for that either but maybe that will show as we get closer to actual holidays?

Value Provided by Feature

Right now I could be directing Vets to closed facilities on holidays

Acceptance Criteria

n/a