athenahealth

athenahealth has a large proprietary API surface covering clinical, scheduling, and billing workflows. Multiple write-back patterns are described in vendor materials (e.g., athenaOne APIs, SMART launch, document upload), depending on endpoint and access tier. The push-based event system is still in alpha.

Medium complexitySelf-serveProprietary RESTFHIR R4C-CDA

FHIR Version

R4 (US Core STU3.1.1)

Rate Limit

Not published — enforced via 403

Sandbox

Yes — auto-provisioned on app creation

ONC Certified

Yes

Capability Matrix

Capability	Read	Write
Patients	Via FHIR or proprietary API.	Create + Update via proprietary API after contract + BAA.
Appointments	Full scheduling via proprietary API.	Book, update, cancel, check-in via proprietary API.
Encounters	Self-serve	Multiple write-back patterns are described in vendor materials (e.g., SMART launch and athenaOne APIs), depending on endpoint and access tier.
Clinical Notes	DocumentReference + DiagnosticReport read.	SMART launch is one write-back pattern described in vendor materials. Other non-SMART write paths exist depending on endpoint and access tier. Scope approval may be required.
Document Upload	Self-serve	POST /patients/{id}/documents/clinicaldocument — PDF upload to patient chart.
Lab Results	DiagnosticReport + Observation via FHIR.
Medications	Self-serve	Write access restricted to specific partner types.
Allergies	FHIR + proprietary API.
Conditions	FHIR + proprietary API.	Write-back patterns are described in vendor materials (e.g., SMART launch and athenaOne APIs), depending on endpoint and access tier.
Immunizations	FHIR Immunization read.
Vitals	FHIR + proprietary API.	Write-back patterns are described in vendor materials (e.g., SMART launch and athenaOne APIs), depending on endpoint and access tier.

Billing / Claims	Claims, charges via proprietary API.	Charge entry, claim creation, credit card payments via proprietary API.
Coverage / Insurance	FHIR Coverage + proprietary /insurances.	Capture patient insurance information via proprietary API.
Referrals	Self-serve
Bulk Data Export	FHIR Bulk Data Export ($export) supported on Group resource. Also: EHI Export feature + Data View SQL editor for analytics.	—
Events / Webhooks	Legacy polling-based Changed Data Subscriptions (production). FHIR push-based Event Subscriptions in limited alpha (v0.13).	—

DocumentedNot documentedSelf-serveGatedPartner only

Integration considerations

Note on access levels: 'Self-serve' indicates capabilities accessible in the preview/sandbox environment without a contract. Production access for many athenaOne APIs requires an athenahealth Platform Services contract and BAA; exact requirements depend on endpoint and program. See athenahealth onboarding overview for details.
Clinical note write-back has multiple patterns described in vendor materials (SMART launch for in-workflow embedding, athenaOne document upload endpoints (e.g., PDF/C-CDA attachment) for certain write-back scenarios). Structured encounter note creation may require specific scopes and commercial access.
FHIR event subscriptions are in limited alpha (v0.13) — not production-ready
Quarterly breaking changes with mandatory testing deadlines require ongoing maintenance
No published rate limits or uptime SLAs
Documentation is SPA-rendered, making automated discovery difficult
Single OAuth 2.0 infrastructure with multiple grant types: 2-legged client credentials (background/server access), 3-legged authorization code (user-facing), and SMART on FHIR launch (embedded apps). The same 2-legged credentials can access both athenaOne and FHIR endpoints.
Documentation links point to athenahealth's API reference directory. Endpoint-specific documentation requires navigating within the developer portal, which is SPA-rendered and not directly linkable at the resource level.

Need help with gated access?

Some capabilities require contracts, partner agreements, or special approval. Cobalt has existing integrations with these systems.

Learn more