Auth57 Core API

Prior auth rules, ready for production workflows.

A structured API layer for state-by-state prior authorization requirements, payer program context, source evidence, and CMS-0057-F transparency signals. Built for compliance teams, product teams, and workflow vendors that cannot afford stale rule logic.

Request production access Read quickstart
curl · Auth57 Core
curl "https://api.auth57.io/v1/pa-lookup?state=TX&program=medicaid_mco&service=home_health" \
  -H "x-api-key: auth57_live_..."

{
  "state": "TX",
  "program": "medicaid_mco",
  "requires_prior_auth": true,
  "evidence": ["state policy", "payer manual", "last verified"],
  "freshness": "monitored"
}
51states in the source map
10,404published service and drug PA rules
9states with seeded PA metrics
2027CMS-0057-F deadline pressure
Authenticated API

The API layer for Auth57 Core.

Auth57 Core is the prior authorization rules layer: state, program, category, payer context, source evidence, freshness, and confidence. Meridian adds the intelligence layer on top: denial-rate tracking, gap assessment, and validator workflows.

Rules lookup

Answer whether a state/program/service or drug class requires prior authorization, and return the source trail behind that answer.

Compare logic

Show cross-state divergence so a product or compliance team can see where rule logic changes by market.

Evidence-first data

Every production answer should carry provenance, last-verified date, and confidence instead of a naked boolean.

Quickstart

Use an API key in the x-api-key header. Keep keys server-side. Browser calls should go through your backend so keys are never exposed to users.

curl "https://api.auth57.io/v1/pa-lookup?state=CA&program=medicaid_mco&category=behavioral_health" \
  -H "x-api-key: auth57_live_your_key"
Production guidance: cache stable responses for 24 hours, store the source metadata with any downstream decision, and re-check when Auth57 publishes a state or payer update.

Endpoints

Endpoint maturity is explicit. Auth57 Core endpoints are live behind API-key authentication and entitlement checks; Meridian endpoints expose the surrounding transparency and readiness intelligence.

GET/v1/pa-lookupLive authenticated
Lookup PA requirements by state, program, service category, CPT/HCPCS, drug class, or payer context. Requires an active API key with entitlement for the requested state, program, and drug add-on when applicable.
GET/v1/compareLive authenticated
Compare PA requirements across states, programs, or plan families. Designed for market expansion, compliance review, and product rule-engine configuration.
GET/api/pulse-readinessLive
Returns Meridian’s 51-state source-readiness map: direct metrics, quality signal, template-only, not-reporting-yet, and human-fetch-required statuses.
GET/api/pulse-metricsLive
Returns seeded prior authorization metric summaries where direct public PA metrics have been captured and normalized.
ParameterTypeNotes
statestringTwo-letter state code. Example: TX, CA, NJ.
programstringProgram family such as medicaid_mco, medicaid_ffs, dual, or ma.
categorystringService or policy category. Example: home_health, behavioral_health, dme.
drug_classstringDrug-class lookup when pharmacy coverage is included in the customer plan.

Response model

The response should feel credible to engineers and compliance buyers: deterministic fields, explicit confidence, and source evidence that can be logged.

{
  "ok": true,
  "query": {
    "state": "TX",
    "program": "medicaid_mco",
    "category": "home_health"
  },
  "result": {
    "requires_prior_auth": true,
    "rule_status": "active",
    "confidence": "high",
    "last_verified": "2026-04-09",
    "freshness_sla_days": 7
  },
  "evidence": [
    {
      "source_type": "state_policy",
      "title": "Texas Medicaid prior authorization guidance",
      "url": "https://www.tmhp.com/topics/prior-authorization",
      "confidence": "high"
    }
  ]
}
Customer integration kit

React components for product teams

Auth57 should not make every customer rebuild the same PA result card, confidence treatment, and compare workflow. The React kit gives developers drop-in components that keep Auth57-powered experiences clear and consistent inside their own products.

Lookup widget

Auth57PALookup renders state, program, service/drug selection, calls a customer proxy endpoint, and displays the rule result.

Compare panel

Auth57ComparePanel compares one service across multiple states and summarizes divergence.

Result card

Auth57RuleCard turns any Core API rule object into a polished evidence card with source, confidence, and verification date.

import { Auth57PALookup } from '@auth57/react';
import '@auth57/react/styles.css';

export function PriorAuthLookup() {
  return (
    <Auth57PALookup
      endpoint="/api/auth57/pa-lookup"
      defaultState="TX"
      defaultProgram="medicaid_mco"
    />
  );
}
Security note: production API keys should stay server-side. The React components are designed to call the customer’s backend proxy, and that proxy attaches x-api-key before forwarding to Auth57.
Download React kit Read kit README
AssetPathPurpose
Package@auth57/reactPackage metadata and exports for customer installation.
React kit/developer-kit/react/Auth57Core.jsxLookup, compare, card, badge, and confidence components.
Styles/developer-kit/react/auth57-core.cssReusable Auth57 visual language for embedded product surfaces.
Next.js proxy/developer-kit/react/examples/nextjsServer-side proxy routes that keep Auth57 API keys out of browser code.
Download/developer-kit/auth57-react-kit.zipCopy-ready zip for teams before npm publication.

Errors and rate limits

Authentication

401 means the key is missing or invalid. 403 means the key is valid but the plan does not include that state, program, or add-on.

Data availability

404 means no matching rule was found. 409 should be used when a rule exists but requires human review before production use.

Rate limits

Return 429 with reset headers. API-plan customers should see usage in the dashboard before they hit a hard stop.

Versioning

Use stable URLs and version response schemas with schema_version. Do not break downstream compliance logs silently.

What developers build with it

Provider workflow

Tell a care team whether PA is likely required before a request is submitted.

Payer compliance ops

Compare internal rule logic against verified state requirements and monitored source changes.

Vendor integrations

Embed state-aware PA intelligence into clearinghouse, EHR, care-management, or analytics products.

Access checklist

A developer page should convert serious technical buyers into a clean next step. The next version should connect this directly to key provisioning and usage telemetry.

StepOwnerOutput
Confirm covered states and programsAuth57 + customerEntitlement scope
Issue API keyAuth57auth57_live_...
Run sample lookupsDeveloper teamLogged evidence and response snapshots
Agree update workflowAuth57 + customerChange-review and data freshness expectations

Ship PA intelligence without rebuilding the rule library.

Auth57 Core gives teams the structured answer. Meridian gives them the surrounding regulatory intelligence. Together they become a serious API story.

Request access