Sandbox Environments
Sandbox environments are provided to facilitate development and testing. They should not be used for production workloads or real patient data. All sandbox environments use synthetic, non-PHI data.
Netsmart provides sandbox environments to help developers test their integrations with CareConnect APIs before deploying to production. These environments contain synthetic data and are designed to mirror production functionality while providing a safe space for development and testing.
Overview
Sandbox environments allow you to:
- Test API Integration - Validate your application's FHIR API calls and OAuth 2.0 flows
- Explore Data Models - Understand FHIR resource structures and relationships
- Validate Workflows - Test end-to-end integration scenarios
- Debug Issues - Troubleshoot problems without affecting production data
- Demonstrate Functionality - Show proof-of-concept implementations to stakeholders
Available Sandbox Environments
Base URL for all sandbox APIs: https://fhirtest.netsmartcloud.com
API Endpoint Pattern: /{api-type}/{version}/{tenant-id}
Provider API Sandboxes
| CareRecord | Status | Tenant Name | Tenant ID | CareFabric Scope |
|---|---|---|---|---|
| Netsmart myAvatar | ✅ Available | Internal CGI Avatar | d6c40265-c5c6-494f-b1aa-a27bf9a8c3f1 | CGIAV_KS!UAT:PROD |
| Netsmart GEHRIMED | 🚧 TBD | - | - | - |
| Netsmart myEvolv | 🚧 TBD | - | - | - |
| Netsmart myUnity | 🚧 TBD | - | - | - |
| Netsmart TheraOffice | 🚧 TBD | - | - | - |
Supported Provider APIs:
Example URLs for myAvatar sandbox:
- Provider Patient Access:
https://fhirtest.netsmartcloud.com/provider/patient-access/v2/d6c40265-c5c6-494f-b1aa-a27bf9a8c3f1 - Provider System Access:
https://fhirtest.netsmartcloud.com/provider/system-access/v2/d6c40265-c5c6-494f-b1aa-a27bf9a8c3f1
Payer API Sandboxes
| CareRecord | Status | Tenant Name | Tenant ID | CareFabric Scope |
|---|---|---|---|---|
| Netsmart myAvatar | ✅ Available | Internal CGI Avatar | d6c40265-c5c6-494f-b1aa-a27bf9a8c3f1 | CGIAV_KS!UAT:PROD |
Supported Payer APIs:
Example URLs for myAvatar sandbox:
- Payer Patient Access:
https://fhirtest.netsmartcloud.com/payer/patient-access/v2/d6c40265-c5c6-494f-b1aa-a27bf9a8c3f1 - Payer System Access:
https://fhirtest.netsmartcloud.com/payer/system-access/v2/d6c40265-c5c6-494f-b1aa-a27bf9a8c3f1 - Payer Provider Directory:
https://fhirtest.netsmartcloud.com/payer/provider-directory/v2/d6c40265-c5c6-494f-b1aa-a27bf9a8c3f1
All sandbox environments use synthetic, non-PHI data. Check this page regularly for updates on additional sandbox availability.
Getting Started with Sandbox
Prerequisites
For Patient Access and System Access APIs:
- Developer Account - Create an account in the Developer Portal
- Application Registration - Register your application through the guided setup
- Tenant Authorization - Request access to sandbox tenant(s)
- Development Environment - Set up your development tools and FHIR client
For Provider Directory APIs:
- Development Environment - Set up your development tools and FHIR client
- No Registration Required - Provider Directory APIs are publicly accessible
Registration Process
For Patient Access and System Access APIs:
The registration and authorization processes for sandbox environments are identical to production:
- Create Developer Account - Sign up at the Non-Production Developer Portal
- Register Application - Follow the guided setup for your application type
- Request Tenant Authorization - Search for and select the desired sandbox tenant using any of the identifiers from the tables above:
- Tenant Name (e.g., "Internal CGI Avatar" for myAvatar)
- Tenant ID (e.g., "d6c40265-c5c6-494f-b1aa-a27bf9a8c3f1" for myAvatar)
- CareFabric Scope (e.g., "CGIAV_KS!UAT:PROD" for myAvatar)
- Configure OAuth 2.0 - Set up authentication flows with provided credentials
- Begin Testing - Start integration testing with sandbox data
For Provider Directory APIs:
- Start Testing - Provider Directory APIs are publicly accessible and can be tested immediately using the sandbox URLs above
- No Authentication Required - These APIs do not require OAuth 2.0 tokens or app registration
Developer Portal Access
Non-Production Environment:
- Portal URL: https://fhirtest.netsmartcloud.com/developers
- Purpose: Application registration and sandbox tenant authorization
- Account Required: Yes - create account through portal signup process
To request authorization, search for the desired tenant using any of the identifiers from the sandbox tables above (tenant name, tenant ID, or CareFabric scope).
Sandbox Data
Data Characteristics
Synthetic Data: All sandbox environments use synthetic, non-PHI data that represents realistic healthcare scenarios without containing any real patient information.
Data Volume: Sandbox environments contain sufficient data to test various scenarios:
- Multiple patient records with diverse demographics
- Comprehensive clinical data (conditions, medications, procedures)
- Provider and organization information
- Insurance coverage and claims data (payer APIs)
- Provider directory entries with network relationships
Data Relationships: Data is designed to demonstrate realistic relationships:
- Patients with multiple encounters and providers
- Care teams and referral patterns
- Insurance coverage periods and claims
- Provider network affiliations
Sample Data Scenarios
Patient Access Testing:
- Patients with various consent scenarios
- Different authorization scopes and permissions
- Multiple coverage periods and payers
System Access Testing:
- Population-level data for bulk export testing
- Group-based data exports
- Various date ranges and filtering scenarios
Provider Directory Testing:
- Multiple provider types and specialties
- Network and plan associations
- Geographic distribution of providers
Testing Guidelines
Best Practices
-
Start with CapabilityStatement - Always begin by retrieving the CapabilityStatement to understand available resources and operations
-
Test Authentication First - Verify OAuth 2.0 flows work correctly before testing FHIR operations
-
Use Realistic Scenarios - Test with data patterns that match your production use cases
-
Test Error Conditions - Verify your application handles errors gracefully
-
Validate Data Models - Ensure your application correctly processes FHIR resource structures
Common Testing Scenarios
Patient Access API:
# Test patient authorization and data access
GET https://fhirtest.netsmartcloud.com/provider/patient-access/v2/d6c40265-c5c6-494f-b1aa-a27bf9a8c3f1/Patient/{patient-id}
Authorization: Bearer {access_token}
System Access API:
# Test bulk data export
GET https://fhirtest.netsmartcloud.com/provider/system-access/v2/d6c40265-c5c6-494f-b1aa-a27bf9a8c3f1/Group/{group-id}/$export
Authorization: Bearer {access_token}
Prefer: respond-async
Provider Directory API:
# Test provider search (no authentication required)
GET https://fhirtest.netsmartcloud.com/payer/provider-directory/v2/d6c40265-c5c6-494f-b1aa-a27bf9a8c3f1/Practitioner?specialty=cardiology
Limitations and Considerations
Sandbox Limitations
-
Synthetic Data Only - No real patient or provider information
-
Limited Data Volume - Smaller datasets compared to production
-
Performance Differences - May not reflect production performance characteristics
-
Feature Parity - Some advanced features may not be available in sandbox
Rate Limiting
Sandbox environments have rate limits to ensure fair usage:
- Standard Rate Limits - Similar to production but may be more restrictive
- Bulk Export Limits - Limited concurrent export jobs
- Request Throttling - Automatic throttling for high-volume testing
Data Management
- No Custom Data - Cannot upload or modify sandbox data
Transitioning to Production
Production Readiness Checklist
- Authentication Tested - OAuth 2.0 flows working correctly
- Error Handling - Application handles all error scenarios gracefully
- Data Validation - FHIR resource processing validated
- Performance Testing - Application performs adequately with realistic data volumes
- Security Review - Security best practices implemented
- Compliance Verification - HIPAA and regulatory requirements met
Production Configuration
- Update Base URLs - Change from
fhirtest.netsmartcloud.comtofhir.netsmartcloud.com - Production Tenant IDs - Use production tenant IDs for the organizations you're authorized to access
- Production Credentials - Update to production client credentials
- Security Hardening - Implement production security measures
- Monitoring Setup - Configure logging and monitoring for production
Getting Help
Sandbox Support
Technical Issues:
- Review API documentation for detailed guidance
- Check error documentation for troubleshooting
- Contact Netsmart support for sandbox-specific issues
Access Requests:
- Create account in Non-Production Developer Portal
- Register your application through the guided setup process
- Request tenant authorization for sandbox environments
- Allow 3-5 business days for tenant authorization approval
Resources
- Registration Guide - Application registration process
- Authentication Guide - OAuth 2.0 implementation
- API Tutorials - Step-by-step integration guides
Contact Information
Sandbox Access: Use the Non-Production Developer Portal to register applications and request tenant authorization
Technical Support: For sandbox-related technical issues and integration assistance
Documentation Feedback: Report issues or suggestions for improving sandbox documentation