Frequently Asked Questions

1. What is the Partner Integration Portal (PIP)?

PIP is a centralized platform designed to streamline healthcare data integration for partners, developers, and organizations. It provides secure APIs for quoting, eligibility, enrollment, renewals and more, enabling seamless connectivity and innovation.

2. What types of APIs does PIP provide?

PIP offers APIs for small business quoting, eligibility verification, enrollment, renewals and member management.

3. Do I need to pay to use APIs?

APIs are provided as part of your integration agreement with UnitedHealthcare. There are no additional charges for API usage.

4. Is there a sandbox environment for testing?

Yes, PIP provides a sandbox environment where you can test API calls before moving to production.

5. How do I register for API access?

You must create an Optum Health ID (OHID) and request API credentials through the PIP portal. To get started, click on the 'Sign In' button located at the top right corner of the portal homepage. This will redirect you to the OHID page, where you can register for a new OHID if you don't already have one. Once your account is set up, proceed to request your API credentials within the portal.

6. What industries or partners typically use these APIs?

Brokers, benefit administrators, aggregators, and technology partners in healthcare and insurance sectors.

7. Can I integrate these APIs with my existing systems?

Yes, PIP APIs are designed to be RESTful and can integrate with most modern platforms and applications.

8. Does API support real-time data exchange?

Yes, most APIs provide real-time responses for eligibility, quotes, and enrollment.

9. Are there any usage limits or throttling policies?

All Data Externalization APIs must be invoked sequentially by external partners. If a partner needs to call the same API multiple times, each call must be made only after the previous request has fully completed. Parallel or overlapping calls to the same API are not supported.

10. What kind of support does PIP offer for developers?

Developer guides, sample payloads, FAQs, and a dedicated support team are available through the portal.

11. How often are APIs updated?

APIs are updated periodically to add new features or comply with regulatory changes. Notifications are indicated via the portal.

12. Do I need a proxy for API calls?

Some organizations require proxy settings for external API connections. Check with your IT team and configure your client accordingly.

13. How do I confirm the correct API URL?

Always use the exact endpoint provided in documentation. Double-check for typos and environment mismatches (sandbox vs. production).

14. Where can I find API details like request/response parameters?

Each API includes a companion guide with descriptions, prerequisites, security details, and sample payloads. Access these guides by logging into the Partner portal via the "Log In" button at the top right corner.

15. What does the UHG error message mean?

Error shown:

“The requested URL was rejected. You may call customer service and provide this number if you see this message again.”

Explanation: This error typically indicates that your request to the UHG system was blocked by security controls, such as a firewall or web application filter. Common reasons include:

The IP address used by the external partner is not on the approved list.
The request contains special characters or patterns that are flagged by security rules.

16. Why does the API return the following error message?

Error shown:

“No route matched with those values”

Explanation: This error means that the Stargate URL used to call the API does not match any defined route or endpoint in the API gateway. In other words, the path or parameters provided in the request do not correspond to any valid API resource.

Common causes include:
- Typo or incorrect endpoint in the URL
- Missing or extra path parameters
- Using an outdated or deprecated API route
- Incorrect HTTP method for the endpoint

17. What if a B2B partner has lost the Stargate credentials and needs them again?

Explanation:

If a B2B partner has lost their Stargate credentials, they should contact their B2B relationship manager to request new credentials.

The B2B team will coordinate with the DevOps team to regenerate the Stargate credentials and securely share them with the partner.
This process ensures that credential management follows enterprise security protocols and that only authorized contacts receive access.

18. Could my company’s firewall be blocking API connections, and what should I do?

Your company’s firewall may restrict API traffic, especially from non-browser applications. If you suspect this is the case, contact your network or firewall administrator to confirm that the UHC Partner Integration Portal’s API endpoints are whitelisted for outbound connections. You may need to provide the specific API URLs and ports used by the portal.

19. What SSL/TLS requirements must be met for UHC partner integration portal API connections?

All UHC Partner Integration Portal APIs require encrypted connections over TLS. The minimum supported TLS version is 1.2. Ensure your client supports TLS 1.2 or higher, and that your trust store includes certificates from recognized certificate authorities. Self-signed certificates are not recommended and may trigger security warnings.

20. What authentication steps are required for accessing UHC Partner Integration Portal APIs?

Authentication for the UHC Partner Integration Portal APIs requires OAuth 2.0 credentials. Your credentials are issued during the registration process and renewed on a yearly basis. Ensure you send valid, current credentials with each request, and follow best practices for secure storage.

21. What is an API? (Business-Friendly Explanation)

An API (Application Programming Interface) is a digital bridge that lets different software systems talk to each other and share information securely and efficiently. Imagine it as a set of rules or a menu that tells one system how to request or send data to another, without needing to know how the other system works inside.

22. Why do businesses use APIs?

Efficiency: APIs automate tasks that would otherwise require manual data entry or repetitive work.
Integration: They connect different platforms (like quoting, enrollment, or benefits systems) so information flows smoothly between them.
Innovation: APIs allow companies to quickly add new features, connect with partners, and respond to market changes.

23. Which authentication mechanism do the APIs use?

All Data Externalization APIs are secured using Stargate, our enterprise API gateway. To access any API, partners must include a valid Bearer token in the Authorization header.

This Bearer token is generated using the Client ID and Client Secret that are shared with partners during the onboarding process. Partners call the designated token endpoint with these credentials to obtain the access token, which is then passed with every API request.

24. What should I do if my Client ID or Client Secret is compromised?

If you suspect that your Client ID or Client Secret has been exposed or compromised, take action immediately to prevent unauthorized access.

You should:

Contact the UHG B2B team right away and report the incident.
UHG will immediately revoke access to all APIs associated with the compromised credentials.
Stargate access will also be revoked, ensuring no further requests can be authenticated using the exposed credentials.

25. What are the common error codes returned by these APIs?

Data Externalization APIs follow standard HTTP status codes for error handling. Common responses include:

400 – Bad Request: The request payload is invalid or missing required fields.
401 – Unauthorized: The request lacks a valid Bearer token or the token has expired.
403 – Forbidden: The client is authenticated but does not have permission to access the resource.
404 – Not Found: The requested resource or endpoint does not exist.
429 – Too Many Requests: The client has exceeded the allowed rate limits.
500 – Internal Server Error: An unexpected error occurred on the server side.

26. How do partners test UHG APIs?

Partners can test all UHG Data Externalization APIs in our dedicated Sandbox environment. The sandbox provides a safe, isolated environment with mock or synthetic data, allowing partners to validate integrations, verify request/response formats, and complete end‑to‑end workflow testing before moving to non‑production or production environments.

1. What is the Partner Integration Portal (PIP)?​

2. What types of APIs does PIP provide?​

3. Do I need to pay to use APIs?​

4. Is there a sandbox environment for testing?​

5. How do I register for API access?​

6. What industries or partners typically use these APIs?​

7. Can I integrate these APIs with my existing systems?​

8. Does API support real-time data exchange?​

9. Are there any usage limits or throttling policies?​

10. What kind of support does PIP offer for developers?​

11. How often are APIs updated?​

12. Do I need a proxy for API calls?​

13. How do I confirm the correct API URL?​

14. Where can I find API details like request/response parameters?​

15. What does the UHG error message mean?​

16. Why does the API return the following error message?​

17. What if a B2B partner has lost the Stargate credentials and needs them again?​

18. Could my company’s firewall be blocking API connections, and what should I do?​

19. What SSL/TLS requirements must be met for UHC partner integration portal API connections?​

20. What authentication steps are required for accessing UHC Partner Integration Portal APIs?​

21. What is an API? (Business-Friendly Explanation)​

22. Why do businesses use APIs?​

23. Which authentication mechanism do the APIs use?​

24. What should I do if my Client ID or Client Secret is compromised?​

25. What are the common error codes returned by these APIs?​

26. How do partners test UHG APIs?​