eClaims and Preauth APIs

Authorizations

Endpointhttps://ilm-dev.dha.go.ke/uat-middleware

Endpoint for creating authorizations using biometrics or OTP.

Retrieve an existing authorization

GET

https://ilm-dev.dha.go.ke/uat-middleware

/api/v1/claims/authorizations

Retrieves an existing authorization for a patient using the provided token, beneficiary code, and GUID.

Retrieve an existing authorization › query Parameters

token

string · required

Authorization token linked to the patient's consent.

guid

string · required

Unique identifier (GUID) of the authorization record.

beneficiary_code

string

The beneficiary's identifier code.

Retrieve an existing authorization › Responses

Authorization retrieved successfully

authCode

string

authorizationReason

string

authorizationType

string[]

authorizingDeviceOs

string

beneficiary

integer

beneficiaryCode

string

beneficiaryJoinDate

string

beneficiaryName

string

beneficiaryNumber

string

beneficiaryScheme

string

benefitType

string

biometricMatchLogId

string

createdByName

string

created_by

string

dateAuthorized

string

ekycToken

string

endDate

string

endedVia

string

expiry

string

guardian

integer

guid

string

id

integer

isBiometricsDischargeAuthorization

boolean

isComplete

boolean

isElective

boolean

isEmergency

boolean

isOpen

boolean

label

string

needsPreauth

boolean

notes

string

overallPreauthFinalised

boolean

parentAuthorization

integer

parentType

string

payerName

string

payerSladeCode

integer

provider

integer

providerFid

string

providerName

string

requestedBy

string

sessionType

string

shaGuid

string

object

shaVerificationRequestId

string

status

string

token

string

updated_by

string

workStationId

string

GET/api/v1/claims/authorizations

curl --request GET \
  --url 'https://ilm-dev.dha.go.ke/uat-middleware/api/v1/claims/authorizations?token=%3Cstring%3E&guid=%3Cstring%3E'

shell

Example Responses

{
  "authCode": "authCode",
  "authorizationReason": "authorizationReason",
  "authorizationType": [
    "string"
  ],
  "authorizingDeviceOs": "authorizingDeviceOs",
  "beneficiary": 0,
  "beneficiaryCode": "beneficiaryCode",
  "beneficiaryJoinDate": "beneficiaryJoinDate",
  "beneficiaryName": "beneficiaryName",
  "beneficiaryNumber": "beneficiaryNumber",
  "beneficiaryScheme": "beneficiaryScheme",
  "benefitType": "benefitType",
  "biometricMatchLogId": "biometricMatchLogId",
  "createdByName": "createdByName",
  "created_by": "created_by",
  "dateAuthorized": "dateAuthorized",
  "ekycToken": "ekycToken",
  "endDate": "endDate",
  "endedVia": "endedVia",
  "expiry": "expiry",
  "guardian": 0,
  "guid": "guid",
  "id": 0,
  "isBiometricsDischargeAuthorization": true,
  "isComplete": true,
  "isElective": true,
  "isEmergency": true,
  "isOpen": true,
  "label": "label",
  "needsPreauth": true,
  "notes": "notes",
  "overallPreauthFinalised": true,
  "parentAuthorization": 0,
  "parentType": "parentType",
  "payerName": "payerName",
  "payerSladeCode": 0,
  "provider": 0,
  "providerFid": "providerFid",
  "providerName": "providerName",
  "requestedBy": "requestedBy",
  "sessionType": "sessionType",
  "shaGuid": "shaGuid",
  "shaVerificationRequest": {
    "embedExpiry": 0,
    "embededToken": "embededToken",
    "requestId": "requestId",
    "requestUrl": "requestUrl"
  },
  "shaVerificationRequestId": "shaVerificationRequestId",
  "status": "status",
  "token": "token",
  "updated_by": "updated_by",
  "workStationId": "workStationId"
}

json

application/json

Create a new authorization (OTP or biometrics)

POST

https://ilm-dev.dha.go.ke/uat-middleware

/api/v1/claims/authorize

Creates a new authorization by capturing patient consent via OTP or biometrics. Use the OTP strategy for standard outpatient and inpatient consent; use the biometrics strategy (eKYC or fingerprint) when the facility has a registered hardware agent. The same endpoint is used across claims creation and consent workflows.

Create a new authorization (OTP or biometrics) › Request Body

oneOf

Exactly one variant must match.

Decision Table

Variant	Matching Criteria
	type = object · requires: patient_id, service_type, otp +1 more
	type = object · requires: agent_id, authorizing_device_os, ekyc_provider_id +9 more

Properties for OTP Authorization:

Authorization request using a one-time password (OTP) sent to the patient's registered phone number. Use this strategy for outpatient or inpatient consent where OTP verification is available.

patient_id

string · required

The patient's Client Registry identifier.

Example: 3-4538-5219

service_type

string · enum · required

Type of service being authorized.

Enum values:

OUTPATIENT

INPATIENT

Example: OUTPATIENT

otp

string · required

One-time password delivered to the patient's registered phone number.

Example: 123456

interventions

string[] · required

List of intervention codes for the services being requested in this visit.

Example: ["INPATIENT_ADMISSION"]

Create a new authorization (OTP or biometrics) › Responses

Authorization created successfully

authCode

string

authorizationReason

string

authorizationType

string[]

authorizingDeviceOs

string

beneficiary

integer

beneficiaryCode

string

beneficiaryJoinDate

string

beneficiaryName

string

beneficiaryNumber

string

beneficiaryScheme

string

benefitType

string

biometricMatchLogId

string

createdByName

string

created_by

string

dateAuthorized

string

ekycToken

string

endDate

string

endedVia

string

expiry

string

guardian

integer

guid

string

id

integer

isBiometricsDischargeAuthorization

boolean

isComplete

boolean

isElective

boolean

isEmergency

boolean

isOpen

boolean

label

string

needsPreauth

boolean

notes

string

overallPreauthFinalised

boolean

parentAuthorization

integer

parentType

string

payerName

string

payerSladeCode

integer

provider

integer

providerFid

string

providerName

string

requestedBy

string

sessionType

string

shaGuid

string

object

shaVerificationRequestId

string

status

string

token

string

updated_by

string

workStationId

string

POST/api/v1/claims/authorize

curl --request POST \
  --url https://ilm-dev.dha.go.ke/uat-middleware/api/v1/claims/authorize \
  --header 'Content-Type: application/json' \
  --data '
{
  "patient_id": "3-4538-5219",
  "service_type": "OUTPATIENT",
  "otp": "123456",
  "interventions": [
    "string"
  ]
}
'

shell

Example Request Body

{
  "patient_id": "3-4538-5219",
  "service_type": "OUTPATIENT",
  "otp": "123456",
  "interventions": [
    "string"
  ]
}

json

Example Responses

{
  "authCode": "authCode",
  "authorizationReason": "authorizationReason",
  "authorizationType": [
    "string"
  ],
  "authorizingDeviceOs": "authorizingDeviceOs",
  "beneficiary": 0,
  "beneficiaryCode": "beneficiaryCode",
  "beneficiaryJoinDate": "beneficiaryJoinDate",
  "beneficiaryName": "beneficiaryName",
  "beneficiaryNumber": "beneficiaryNumber",
  "beneficiaryScheme": "beneficiaryScheme",
  "benefitType": "benefitType",
  "biometricMatchLogId": "biometricMatchLogId",
  "createdByName": "createdByName",
  "created_by": "created_by",
  "dateAuthorized": "dateAuthorized",
  "ekycToken": "ekycToken",
  "endDate": "endDate",
  "endedVia": "endedVia",
  "expiry": "expiry",
  "guardian": 0,
  "guid": "guid",
  "id": 0,
  "isBiometricsDischargeAuthorization": true,
  "isComplete": true,
  "isElective": true,
  "isEmergency": true,
  "isOpen": true,
  "label": "label",
  "needsPreauth": true,
  "notes": "notes",
  "overallPreauthFinalised": true,
  "parentAuthorization": 0,
  "parentType": "parentType",
  "payerName": "payerName",
  "payerSladeCode": 0,
  "provider": 0,
  "providerFid": "providerFid",
  "providerName": "providerName",
  "requestedBy": "requestedBy",
  "sessionType": "sessionType",
  "shaGuid": "shaGuid",
  "shaVerificationRequest": {
    "embedExpiry": 0,
    "embededToken": "embededToken",
    "requestId": "requestId",
    "requestUrl": "requestUrl"
  },
  "shaVerificationRequestId": "shaVerificationRequestId",
  "status": "status",
  "token": "token",
  "updated_by": "updated_by",
  "workStationId": "workStationId"
}

json

application/json

Rejects existing pending biometrics authorization.

POST

https://ilm-dev.dha.go.ke/uat-middleware

/api/v1/claims/authorizations/{consent_token}/reject

Rejects existing pending biometrics authorization.

Rejects existing pending biometrics authorization. › path Parameters

consent_token

string · required

Consent Token

Rejects existing pending biometrics authorization. › Responses

Authorization rejected

message

string

POST/api/v1/claims/authorizations/{consent_token}/reject

curl --request POST \
  --url https://ilm-dev.dha.go.ke/uat-middleware/api/v1/claims/authorizations/:consent_token/reject

shell

Example Responses

{
  "message": "message"
}

json

application/json

Eligibility Start Visit Consent

Retrieve an existing authorization

GET

https://ilm-dev.dha.go.ke/uat-middleware

/api/v1/claims/authorizations

Retrieves an existing authorization for a patient using the provided token, beneficiary code, and GUID.

Retrieve an existing authorization › query Parameters

token

string · required

Authorization token linked to the patient's consent.

guid

string · required

Unique identifier (GUID) of the authorization record.

beneficiary_code

string

The beneficiary's identifier code.

Retrieve an existing authorization › Responses

Authorization retrieved successfully

authCode

string

authorizationReason

string

authorizationType

string[]

authorizingDeviceOs

string

beneficiary

integer

beneficiaryCode

string

beneficiaryJoinDate

string

beneficiaryName

string

beneficiaryNumber

string

beneficiaryScheme

string

benefitType

string

biometricMatchLogId

string

createdByName

string

created_by

string

dateAuthorized

string

ekycToken

string

endDate

string

endedVia

string

expiry

string

guardian

integer

guid

string

id

integer

isBiometricsDischargeAuthorization

boolean

isComplete

boolean

isElective

boolean

isEmergency

boolean

isOpen

boolean

label

string

needsPreauth

boolean

notes

string

overallPreauthFinalised

boolean

parentAuthorization

integer

parentType

string

payerName

string

payerSladeCode

integer

provider

integer

providerFid

string

providerName

string

requestedBy

string

sessionType

string

shaGuid

string

object

shaVerificationRequestId

string

status

string

token

string

updated_by

string

workStationId

string

{ "authCode": "authCode", "authorizationReason": "authorizationReason", "authorizationType": [ "string" ], "authorizingDeviceOs": "authorizingDeviceOs", "beneficiary": 0, "beneficiaryCode": "beneficiaryCode", "beneficiaryJoinDate": "beneficiaryJoinDate", "beneficiaryName": "beneficiaryName", "beneficiaryNumber": "beneficiaryNumber", "beneficiaryScheme": "beneficiaryScheme", "benefitType": "benefitType", "biometricMatchLogId": "biometricMatchLogId", "createdByName": "createdByName", "created_by": "created_by", "dateAuthorized": "dateAuthorized", "ekycToken": "ekycToken", "endDate": "endDate", "endedVia": "endedVia", "expiry": "expiry", "guardian": 0, "guid": "guid", "id": 0, "isBiometricsDischargeAuthorization": true, "isComplete": true, "isElective": true, "isEmergency": true, "isOpen": true, "label": "label", "needsPreauth": true, "notes": "notes", "overallPreauthFinalised": true, "parentAuthorization": 0, "parentType": "parentType", "payerName": "payerName", "payerSladeCode": 0, "provider": 0, "providerFid": "providerFid", "providerName": "providerName", "requestedBy": "requestedBy", "sessionType": "sessionType", "shaGuid": "shaGuid", "shaVerificationRequest": { "embedExpiry": 0, "embededToken": "embededToken", "requestId": "requestId", "requestUrl": "requestUrl" }, "shaVerificationRequestId": "shaVerificationRequestId", "status": "status", "token": "token", "updated_by": "updated_by", "workStationId": "workStationId" }

Create a new authorization (OTP or biometrics)

POST

https://ilm-dev.dha.go.ke/uat-middleware

/api/v1/claims/authorize

Create a new authorization (OTP or biometrics) › Request Body

oneOf

Exactly one variant must match.

Decision Table

Variant	Matching Criteria
	type = object · requires: patient_id, service_type, otp +1 more
	type = object · requires: agent_id, authorizing_device_os, ekyc_provider_id +9 more

Properties for OTP Authorization:

Authorization request using a one-time password (OTP) sent to the patient's registered phone number. Use this strategy for outpatient or inpatient consent where OTP verification is available.

patient_id

string · required

The patient's Client Registry identifier.

Example: 3-4538-5219

service_type

string · enum · required

Type of service being authorized.

Enum values:

OUTPATIENT

INPATIENT

Example: OUTPATIENT

otp

string · required

One-time password delivered to the patient's registered phone number.

Example: 123456

interventions

string[] · required

List of intervention codes for the services being requested in this visit.

Example: ["INPATIENT_ADMISSION"]

Create a new authorization (OTP or biometrics) › Responses

Authorization created successfully

authCode

string

authorizationReason

string

authorizationType

string[]

authorizingDeviceOs

string

beneficiary

integer

beneficiaryCode

string

beneficiaryJoinDate

string

beneficiaryName

string

beneficiaryNumber

string

beneficiaryScheme

string

benefitType

string

biometricMatchLogId

string

createdByName

string

created_by

string

dateAuthorized

string

ekycToken

string

endDate

string

endedVia

string

expiry

string

guardian

integer

guid

string

id

integer

isBiometricsDischargeAuthorization

boolean

isComplete

boolean

isElective

boolean

isEmergency

boolean

isOpen

boolean

label

string

needsPreauth

boolean

notes

string

overallPreauthFinalised

boolean

parentAuthorization

integer

parentType

string

payerName

string

payerSladeCode

integer

provider

integer

providerFid

string

providerName

string

requestedBy

string

sessionType

string

shaGuid

string

object

shaVerificationRequestId

string

status

string

token

string

updated_by

string

workStationId

string

curl --request POST \ --url https://ilm-dev.dha.go.ke/uat-middleware/api/v1/claims/authorize \ --header 'Content-Type: application/json' \ --data ' { "patient_id": "3-4538-5219", "service_type": "OUTPATIENT", "otp": "123456", "interventions": [ "string" ] } '

Rejects existing pending biometrics authorization.

POST

https://ilm-dev.dha.go.ke/uat-middleware

/api/v1/claims/authorizations/{consent_token}/reject

Rejects existing pending biometrics authorization.

Rejects existing pending biometrics authorization. › path Parameters

consent_token

string · required

Consent Token

Rejects existing pending biometrics authorization. › Responses

Authorization rejected

message

string