Scopes
Scopes control what data your credential can access. When creating an API key or OAuth2 credential, select only the scopes your application needs.
Available Scopes
Read Scopes (Lookup APIs)
Read scopes grant access to single-item lookup and batch lookup endpoints.
| Scope | Description |
|---|---|
ndc.read | Look up NDC drug data |
npi.read | Look up NPI provider data |
rxnorm.read | Look up RxNorm data |
loinc.read | Look up LOINC codes |
icd10.read | Look up ICD-10 codes |
cvx.read | Look up CVX vaccine codes |
mvx.read | Look up MVX manufacturer codes |
fda-label.read | Look up FDA drug labels |
snomed.read | Look up SNOMED CT concepts and mappings |
connectivity.read | Look up provider connectivity, FHIR endpoints, and SMA directory |
claims.read | Look up CMS claims data (NCCI, MUE, PFS/RVU, coverage) |
hcc.read | Look up CMS HCC risk adjustment crosswalk data |
opcs4.read | Look up OPCS-4 UK procedure classification codes |
dmd.read | Look up dm+d UK medicines and devices |
ucum.read | Look up UCUM units of measure |
rxclass.read | Look up RxClass drug classifications |
hcpcs.read | Look up HCPCS Level II codes |
msdrg.read | Look up MS-DRG codes |
pos.read | Look up Place of Service codes |
jcode.read | Look up J-Code/NDC crosswalk |
ddi.read | Look up drug-drug interaction reference data |
Search Scopes (Search APIs)
Search scopes grant access to full-text search endpoints. These are separate from read scopes because search operations are more resource-intensive.
| Scope | Description |
|---|---|
ndc.search | Search NDC drug products |
npi.search | Search NPI providers |
rxnorm.search | Search RxNorm drugs |
loinc.search | Search LOINC codes |
icd10.search | Search ICD-10 codes |
cvx.search | Search CVX vaccine codes |
mvx.search | Search MVX manufacturer codes |
fda-label.search | Search FDA drug labels |
snomed.search | Search SNOMED CT IPS concepts |
hcc.search | Search CMS HCC risk adjustment crosswalk data |
opcs4.search | Search OPCS-4 UK procedure classification codes |
dmd.search | Search dm+d UK medicines and devices |
ucum.search | Search UCUM units of measure |
rxclass.search | Search RxClass drug classifications |
hcpcs.search | Search HCPCS Level II codes |
msdrg.search | Search MS-DRG codes |
How Scopes Work
- Lookup endpoints (e.g.,
GET /v1/ndc/:code) require the corresponding.readscope - Search endpoints (e.g.,
GET /v1/ndc/search) require the corresponding.searchscope - If your credential lacks a required scope, the API returns a
403 Forbiddenerror with the required scope - New credentials include both read and search scopes by default
- You can create credentials with specific scopes in the Dashboard
Recommendations
- Use minimal scopes — Only request the scopes your application actually needs
- Separate credentials per service — If you have multiple services, give each its own credential with only the scopes it requires
- Audit regularly — Review your credentials and remove any that are no longer in use