> ## Documentation Index
> Fetch the complete documentation index at: https://api-docs.goanagram.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Start Embedded Session

> Retrieve URL for Anagram app embedding

This endpoint allows you to embed the Anagram app in your application and automatically authenticate the user into their account.

To use this endpoint, the user’s account must be configured for embedded sessions. Please contact Support to enable this feature.


## OpenAPI

````yaml POST /api/auth/v1/iframe-session/
openapi: 3.0.2
info:
  title: Anagram backend
  version: 1.0.0
servers:
  - url: https://api.anagram.care
security:
  - ApiToken: []
tags:
  - name: public-auth_Eligibility Request
    x-displayName: Eligibility Request
    description: >-
      Requesting patient's eligibility uses the following parameters:


      - First name (required)

      - Last name (required)

      - Date of birth (required)

      - Last four digits from SSN (optional)

      - Zip code (optional)

      - Insurer Member ID (optional)

      - Request UID (optional)


      This call is asynchronous, it initiates an eligibility search and returns
      a UID assigned to this request.

      The result will be returned in two ways:

      - Via active [webhooks](https://provider.anagram.care/webhooks) once
      available - preferred.

      Request UID will be included in payload.

      - By calling the "Eligibility Result" endpoint - only to be used as
      fallback. Request UID is required.


      If specifying a UID, ensure it is unique. If omitted one will be generated
      automatically

      and included in the response for this API call.


      Authentication is required for this endpoint. Access token can be obtained

      in [provider app](https://provider.anagram.care/). Access token must be
      sent in `Authorization` header,

      prefaced with `API `:


      `Authorization: Api <key generated in provider app>`


      The response will contain the request UID or a validation error.


      Error examples:

      ```

      {
          "errors": {"$": ["Wrong insurer code"]}
      }

      ```

      ```

      {
          "errors": {
              "patient": {
                  "first_name": {"$": ["This field cannot be blank."]}
              }
          }
      }

      ```


      For testing purposes, you can include cheat codes in the request. Cheat
      codes can be provided in the fields

      `first_name`, `last_name`, and `member_id`. Here are some examples of
      cheat codes:


      - `mark_used`: This cheat code marks all benefits as used.


      - `dt_exam_used`: This cheat code marks exam benefit as used.


      - `no_oon`: Removes all out-of-network benefits from the plan.


      - `no_inn`: Removes all in-network benefits from the plan. You can use
      both `no_oon` and `no_inn` codes together to

      generate a plan without any benefits.


      - `delay_10`, `delay_30`: These codes introduce a delay in the response,
      causing it to wait for either 10 or 30

      seconds before providing an answer.


      - `big_family`: This cheat code adds multiple persons to the result.


      - `not_found`: Using this cheat code will delete all results.


      - `in_err_int`: This cheat code simulates a problem and triggers the
      `unexpected_error`.
  - name: public-auth_Eligibility Result
    x-displayName: Eligibility Result
    description: >-
      Eligibility search result will be sent to all active webhooks once
      available.

      As a fallback, you may call this endpoint to check result status and
      obtain the result.


      ### Status


      The `status` field in the response can have one of the following values:


      `complete` - Indicates that the search has been completed.


      `processing` - Signifies that the search is currently in progress, and it
      is recommended to retry the request later.


      `error` - Suggests that the search dit not finished successfully, and you
      can find descriptions of error codes

      below.


      ### Error codes


      `insurer_problem` – Insurer not available, please try again later


      `unexpected_error` – Unknown error


      ### Webhooks


      Add webhooks to receive results in the [provider
      app](https://provider.anagram.care/webhooks).

      Webhook payload will be identical to the response of this endpoint.


      When configuring a webhook you can provide a secret to sign the webhook
      payload

      and check the signature on the server side.


      Signature will be sent in `X-Signature` header in request to webhook
      endpoint.


      Signature is a request raw data signed with secret by HMAC SHA256
      algorithm. Python example:


      ```

      import hashlib

      import hmac


      def get_signature(secret_key: str, payload: str) -> str:
          return hmac.new(secret_key.encode(), payload.encode(), hashlib.sha256).hexdigest()
      ```
  - name: public-auth_Eligibility Details Request
    x-displayName: Eligibility Details Request
    description: |-
      Requesting plan for patient's eligibility uses the following parameters:

      - Initial request uid (required)
      - Result id from initial request (required)
      - Person id from initial request (required)
      - Details request UID (optional)
  - name: public-auth_Patient
    x-displayName: Patient
  - name: public-auth_Patient eligibility link
    x-displayName: Patient eligibility link
paths:
  /api/auth/v1/iframe-session/:
    post:
      summary: Start new iframe session
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - entry_point
              properties:
                entry_point:
                  type: string
                  enum:
                    - add_patient
                    - insurers
                    - passwords
                  description: Initial view of the iframe
            examples:
              Example:
                value:
                  entry_point: add_patient
      responses:
        '200':
          description: JSON object response
          content:
            application/json:
              schema:
                type: object
                properties:
                  iframe_url:
                    type: string
                    description: >-
                      URL of the iframe for empbedding. Use it for `src`
                      attribute of the `iframe` HTML tag
              examples:
                Successful request:
                  value:
                    iframe_url: >-
                      https://embed.anagram.care/?token=aa555a4e43949e647bca87be9f77fa0c55ac9e480b9939f21b288da0de0f0f01&entry_point=add_patient
        '400':
          description: JSON object response
          content:
            application/json:
              schema:
                type: object
              examples:
                Unsupported entry point:
                  value:
                    errors:
                      entry_point:
                        $:
                          - Value 'foobar' is not a valid choice.
        '403':
          description: JSON object response
          content:
            application/json:
              schema:
                type: object
              examples:
                Account is not configured for embedded session:
                  value:
                    detail: iframe is not activated for current user
components:
  securitySchemes:
    ApiToken:
      type: apiKey
      in: header
      name: Authorization
      description: >
        Your API token prefaced with an "Api" prefix. Example value: "Api
        B3F4242424E3FDB4242424242A9C7642"

````