Skip to main content

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Production Access

Eligible organizations must get credentials from their model-specific systems to access enrollee claims data.

Before accessing the production environment, download test claims data in the sandbox environment and follow the steps under Getting Started.

  1. Authorize your model entity

    Production credentials authorize your organization's access to the API. Create and manage credentials by logging in to your model-specific system:

    • ACOs in the Medicare Shared Savings Program: Only users with the Credential Delegate role can manage credentials from the ACO Management System (ACO-MS).
    • REACH ACOs and KCEs or KCF practices in the Kidney Care Choices Model: Users with any of the following roles can manage credentials from 4innovation (4i):
      • Executive Contact
      • Entity Primary Contact
      • Entity Secondary Contact
      • DUA Requestor
      • DUA Custodian

      Your registered contact can contact the help desk to assign these roles.

  2. Obtain production credentials

    1. Visit the API Credentials page in your model-specific system.
    2. Choose the BCDA Credentials tab, then select Create New API Credentials.
    3. Add a public, static IP address for every system, including vendors, that will use the API (up to 8). It may take up to an hour for the Allow List to update.

    Rotate (renew) credentials every 90 days

    Visit BCDA Credentials and select the rotate icon in the Actions column.

    Revoke (deactivate) credentials if compromised

    Visit BCDA Credentials and select the delete icon in the Actions column. Email bcapi@cms.hhs.gov to review recent activity.

  3. Access production claims data

    The sandbox and production environments support the same workflow, endpoints, and resource types. Follow similar steps as you did in the sandbox to get a bearer token and retrieve claims data.

    Visit Support or join the Google Group if you have questions. Do not share Personally Identifiable Information (PII) like tokens, credentials, or claims data.

Looking for U.S. government information and services?
Visit USA.gov