Frequently Asked Questions

Here you will find the answers to our most frequently asked question about Cambio Open Services. If you can't find the answer here you are welcome to reach out to us by using our help pages. .

How much does it cost to connect to Cambio Open Services?
How do I get started?
Which information is available using Cambio Open Services?
Where do I find statistics and reports on how my API subscriptions are being used?
My API key might be in the wrong hands. What should I do?
Why do I have two API keys for each subscription?
How do I update information about a published application?
Where can I find the identity (client_id) of my application?
Why do I have to specify a URL of the application?
I don't have a BankID - how can I test the APIs?
Nothing is happening when I try to authorise to test an API?
I get a HTTP-401 response when I am testing an API?
I get a HTTP-429 response when I am testing an API?
I get a HTTP-403 response when I am testing an API?



How much does it cost to connect to Cambio Open Services?
Connecting to Cambio Open Services is free for you as a developer, user or a company. Cambio is not charging any fee for using this service. Included in the free offer is also a sandbox for testing your application and the a technical verification that is needed before your application can be connected to the customers that are using COSMIC today. For any direct costs when you connect to the COSMIC customers we advise you to contact the relevant customers directly.
Back to top of page.


How do I get started?
All information about how you can connect to the service is found under Getting started which you will find in the menu.
Back to top of page.


Which information is available using Cambio Open Services?
Cambio is working continuously to create opportunities for different parts of the market to develop products and services that can add value for patients and caregivers. In the API section you will find all the information you need regarding which data from COSMIC the different APIs of Cambio Open Services can provide you. For every featured API there is also documentation about which data you need to provide when requesting data from COSMIC and what the response will look like. Based on this the responsibility is yours and your application's to follow current laws and regulations in how this data is used.
Back to top of page.


Where do I find statistics and reports on how my API subscriptions are being used?
You will find this in your profile
Back to top of page.


My API key might be in the wrong hands. What should I do?
Go to your profile and re-generate one or both API keys.
Back to top of page.


Why do I have two API keys for each subscription?
The Secondary Key can be used to give temporary access to an application which easily can be shut down by re-generating the key. Another use case can be that it makes it possible to change keys during a rolling upgrade without downtime, in which case the application must handle both keys and tolerate that one of the keys doesn't work.
Back to top of page.


How do I update information about a published application?
The easiest way is to contact openservices@cambio.se to get your application unpublished to make it possible for you to correct the application information. This will require a new approval, but it does not affect operations or access.
Back to top of page.


Where can I find the identity (client_id) of my application?
The unique identity (client_id) is found on the details page of the application.
Back to top of page.


Why do I have to specify a URL of the application?
The application needs a valid URL to make the OAuth2 flow work for authorisation and verification of the logged in user. If desired this URL can be configured to work only in your development environment, and it can also he a base URL. It doesn't have to be as detailed as the redirect_uri which is used by the application when communicating with the authorisation server.
Back to top of page.


I don't have a BankID - how can I test the APIs?
You have to download BankID and test ids. Read more about Develop and Test.
Back to top of page.


Nothing is happening when I try to authorise to test an API?
Check that your browser allows popup windows since that is used by the login procedure.
Back to top of page.


I get a HTTP-401 response when I am testing an API?
The access token is only valid for 60 seconds and needs to be refreshed after that period of time. If a new Access token is needed inside the developer portal you can get one by toggle the Authorisation for Patients, turning it off ("No auth") and on again ("Authorisation code")
Back to top of page.


I get a HTTP-429 response when I am testing an API?
This response means that you have made too many requests during a certain time interval.
Back to top of page.


I get a HTTP-403 response when I am testing an API?
This happens when the scope parameter isn't correct. See the API description for information about the right scope.
Back to top of page.