The elluminate Platform offers straightforward REST APIs that enable external application integrations:
- Data Retrieval API - endpoints for access to study data and metadata for analysis and reporting.
- User Provisioning API - SCIM-based endpoints for easy integration with enterprise identity providers.
Access & Credentials
Permissions: Administer privilege is required to generate API keys necessary for using the endpoints.
Per-user credentials handle authentication to the API and enforce the same study and datastore permissions as the user account. Each account accessing the API requires an Api Key and an Api Secret.
Generate Credentials
- Click the 9-dot icon in the Master Header to open the Platform Menu.
- Within the Platform Administration section, select User Management.
- Click the Edit icon for the target user.
-
Open the Credentials tab and click Generate to create the Api Key / Api Secret. The credentials can be regenerated when needed.
-
Record the generated Api Key / Api Secret for the user account and deliver it securely to the user, team, or service that will call the API.
Note: Users can view their assigned API credentials from the Platform Menu within the My Profile section.
Pass Credentials in HTTP Header
Use the generated credentials for every request by including them in the HTTP headers as app-key and app-secret. In elluminate, they are generated and labeled as an Api Key and Api Secret, but the request must use the header names app-key and app-secret. Add these headers to whatever client makes the call to the elluminate API, whether it's a custom application, integration service, ETL pipeline, or script.
Include the following HTTP key-value pairs in the header:
- app-key: <user account API key>
- app-secret: <user account API secret>
Note: If the credentials are incorrect, the call will return: 401 - Invalid API Credentials
Data Retrieval Endpoints
Data Retrieval endpoints support access to study data and metadata from elluminate datastores for analysis and reporting. Retrieval can target a single dataset, multiple datasets, or all datasets within a chosen datastore, and only returns records based on the credentialed user’s study and datastore permissions. All responses are JSON "Result" objects.
Click on any endpoint below to expand and view the details. (* required parameters)
-
{url}/rest/v1/studies
Returns the list of studies in the environment.
Parameters:
(none)
Responses:
200 OK (Success)
{ "StatusCode": 200, "ErrorMessage": null, "Result": [ { "Id": 141, "Name": "eCS-DS-001", "SchemaPrefix": "eCS_DS_001" }, { "Id": 68, "Name": "eCS-DS-002", "SchemaPrefix": "eCS_DS_002" } ] }401 Invalid API Credentials 404 Not Found 500 Internal Server Error Example:
https://myurl.com/rest/v1/studies
-
{url}/rest/v1/datastores/{study}
Returns the list of datastores for a given study.
Path Parameter:
study * Include the SchemaPrefix of the study. Responses:
200 OK (Success)
[ { "Id": 238, "SchemaName": "eCS_DS_001_src" }, { "Id": 240, "SchemaName": "eCS_DS_001_SDTM" }, { "Id": 241, "SchemaName": "eCS_DS_001" } ]401 Invalid API Credentials 404 Not Found 500 Internal Server Error Example:
https://myurl.com/rest/v1/datastores/eCS_DS_001
-
{url}/rest/v1/datastores/{study}/domains?schemaName={datastore}
Returns the list of domains for a given study and datastore.
Path Parameter:
study * Include the SchemaPrefix of the study. Query Parameter:
schemaName * Include the SchemaName of the Datastore from which to return domains. Responses:
200 OK (Success)
{ "StatusCode": 200, "ErrorMessage": null, "Result": [ { "<DomainName>k__BackingField": "ADRS", "<Description>k__BackingField": "Device Recording - Alternate Device" }, { "<DomainName>k__BackingField": "AE", "<Description>k__BackingField": "Adverse Event" }, { "<DomainName>k__BackingField": "AEYN", "<Description>k__BackingField": "Adverse Events YN?" } ] }401 Invalid API Credentials 404 Not Found / Invalid Schema: The schema does not exist for the study. 500 Internal Server Error Example:
https://myurl.com/rest/v1/datastores/eCS_DS_001/domains?schemaName=eCS_DS_001_src
-
{url}/rest/v1/datastores/{study}/metadata?schemaName={datastore}&domainNames={domains}
Returns the list of fields for a given study and datastore (optional filtering by domain supported).
Path Parameter:
study * Include the SchemaPrefix of the study. Query Parameters:
schemaName * Include the SchemaName of the Datastore from which to return metadata. domainNames Filter by Domain names using a comma separated string. If not specified, default returns metadata for all Domains in the Datastore. Responses:
200 OK (Success)
{ "StatusCode": 200, "ErrorMessage": null, "Result": [ { "SchemaName": "eCS_DS_001", "DomainName": "AE", "FieldName": "userid", "DataType": "int", "FieldSize": "0.10", "Description": "Internal id for the user", "Sequence": 1 }, { "SchemaName": "eCS_DS_001", "DomainName": "AE", "FieldName": "projectid", "DataType": "int", "FieldSize": "0.10", "Description": "projectid", "Sequence": 2 } ] }401 Invalid API Credentials 404 Not Found / Invalid Schema: This schema does not exist for the study 500 Internal Server Error Example:
https://myurl.com/rest/v1/datastores/eCS_DS_001/metadata?schemaName=eCS_DS_001_src&domainNames=AE,CE
-
{url}/rest/v1/datastores/{study}/data?schemaName={datastore}&domainName={domain}
Returns the list of records for the given study, datastore, and domain.
Path Parameter:
study * Include the SchemaPrefix of the study. Query Parameters:
SchemaName * Include the SchemaName of the Datastore from which to return domains. domainName * Include the name of the Domain from which to return data records. Responses:
200 OK (Success)
{ "StatusCode": 200, "ErrorMessage": null, "Result": [ { "STUDYID": "eCS-DS-001", "DOMAIN": "AE", "USUBJID": "eCS-DS-001-0001-001", "AESEQ": 1, "AESPICID": "AE-584338-4", "AETERM": "COUGH AND ALLERGY", "AEDECOD": "Allergic cough", "AEHLT": "Coughing and associated symptoms", "AEHLGT": "Respiratory disorders NEC", "AECAT": "ADVERSE EVENT", "AEBODSYS": "Respiratory, thoracic and mediastinal disorders", "AESEV": "SEVERE", "AESER": "Y", "AEACN": "DRUG INTERRUPTED", "AECONTRT": "CONCOMITANT MEDICATION", "AEREL": "RELATED", "AEOUT": "RECOVERED/RESOLVED", "AETOXGR": "3", "AESTDTC": "2021-07-10", "AEENDTC": "2021-07-13", "AESTDY": 177, "AEENDY": 180, "AEENRTPT": null, "AEID": "04-COUGH AND ALLERGY-10 JUL 2021", "AEREL2": "Not Related", "AEACN1": "Dose Not Changed" } ] }401 Invalid API Credentials 404 Not Found / Invalid Schema: This schema does not exist for the study 500 Internal Server Error Example:
https://myurl.com/rest/v1/datastores/eCS_DS_001/data?schemaName=eCS_DS_001&domainName=AE
Exploring and Testing Data Retrieval API
There are several tools that can be used to work with APIs, such as Postman, used for exploring, testing, and troubleshooting APIs.
-
This example shows how the app-key and the app-secret headers are applied in the HTTP headers section, using the values generated. See the Pass Credentials in HTTP Header section for more details.
-
This example sends the query parameters schemaName and domainNames to the endpoint that returns the field list for a given domain and study. Notice how when parameters are added, they are automatically appended to the URL endpoint.
User Provisioning / SCIM Endpoints
User Provisioning endpoints provide a standardized REST interface for automated user provisioning and identity management. Based on the System for Cross-domain Identity Management (SCIM) specification, these endpoints enable integration with enterprise Identity Providers (IdPs) and Identity and Access Management (IAM) systems to create, update, deactivate, and manage users and groups within the platform. This supports centralized access control, reduces manual user administration, and ensures that user access remains aligned with organizational policies and lifecycle events.
Click on any endpoint below to expand and view the details. (* required parameters)
-
{url}/scim/v2/ServiceProviderConfig
Returns the SCIM 2.0 Service Provider Configuration capabilities and supported features.
Important: SCIM 2.0 Compliance - This endpoint is unauthenticated (no bearer token required).
Parameters:
(none)
Responses:
200 OK (Success)
Configuration returned successfully
404 Not Found 500 Internal Server Error Example:
https://myurl.com/scim/v2/ServiceProviderConfig
-
{url}/scim/v2/Schemas
Return all SCIM 2.0 schemas supported by this service provider.
Important: SCIM 2.0 Compliance - This endpoint is unauthenticated (no bearer token required).
Parameters:
(none)
Responses:
200 OK (Success)
Schemas returned successfully
404 Not Found 500 Internal Server Error Example:
https://myurl.com/scim/v2/Schemas
-
{url}/scim/v2/Schemas/{id}
Return a specific SCIM 2.0 schema by its URI identifier.
Important: SCIM 2.0 Compliance - This endpoint is unauthenticated (no bearer token required).
Path Parameters:
id * Include the Schema URI string.
Supported Schema IDs:
urn:ietf:params:scim:schemas:core:2.0:Userurn:ietf:params:scim:schemas:core:2.0:Group
Responses:
200 OK (Success)
Schema returned successfully
404 Not Found 500 Internal Server Error Example:
https://myurl.com/scim/v2/Schemas/urn:ietf:params:scim:schemas:core:2.0:User
-
{url}/scim/v2/Groups
Returns the list of all groups (optional filtering and pagination supported).
Tip: Use
excludeAttributes=membersto improve response times for large groups.Path Parameter:
(none)
Query Parameters:
startIndex Index (1-based) of the first result. If not specified, default is 1. count Number of results to return. filter SCIM filter expression.
Example Filters:
displayName eq "Admins"displayName co "Dev"
excludeAttributes Comma-separated list of attributes to exclude, (currently only supports "members"). Responses:
200 OK (Success)
{ "schemas": [ "string" ], "totalResults": 1, "startIndex": 1, "itemsPerPage": 1, "Resources": [ { "displayName": null, "members": [ { "value": null, "$ref": null, "display": null, "type": null } ], "schemas": [ "string" ], "id": null, "externalId": null, "meta": { "resourceType": null, "created": null, "lastModified": null, "location": null, "version": null } } ] }401 Invalid API Credentials 404 Not Found 500 Internal Server Error Example:
https://myurl.com/scim/v2/Groups?startIndex=3&excludedAttributes=members&filter=displayName%20eq%20%22Admins%22
-
{url}/scim/v2/Groups/{id}
Returns a specific group by its ID.
Path Parameter:
id * Include the ID of the Group. Responses:
200 OK (Success)
{ "displayName": null, "members": [ { "value": null, "$ref": null, "display": null, "type": null } ], "schemas": [ "string" ], "id": null, "externalId": null, "meta": { "resourceType": null, "created": null, "lastModified": null, "location": null, "version": null } }401 Invalid API Credentials 404 Not Found 500 Internal Server Error Example:
https://myurl.com/scim/v2/Groups/17
-
{url}/scim/v2/Groups/{id}
Replaces all members of a specified group by its ID, with a provided list of members.
Note: This supports IDPs that send PUT instead of PATCH for group membership updates. Okta is one of these IDPs depending on how the SCIM integration is configured. See https://developer.okta.com/docs/concepts/scim/faqs/?utm_source=chatgpt.com#patch-versus-put
Path Parameter:
id * Include the ID of the Group being replaced. Request Body:
Group (object) * Accepts the full Group resource object per the SCIM spec, but only processes the
membersarray — existing members are removed and replaced with the provided list.displayName Group display name (null or string). externalId Group external id (null or string). id Group id (null or string). members Include array of Group Member objects:
[{$ref,display,type,value}]meta Group metadata object (nullable):
{created,lastModified,location,resourceType,version}schemas Array of schema strings ([""]). Responses:
200 OK (Success)
{ "schemas": [ "string" ], "totalResults": 1, "startIndex": 1, "itemsPerPage": 1, "Resources": [ { "displayName": null, "members": [ { "value": null, "$ref": null, "display": null, "type": null } ], "schemas": [ "string" ], "id": null, "externalId": null, "meta": { "resourceType": null, "created": null, "lastModified": null, "location": null, "version": null } } ] }401 Invalid API Credentials 404 Not Found 500 Internal Server Error Example:
using var client = new HttpClient(); var request = new HttpRequestMessage(HttpMethod.Put, "https://myurl.com/scim/v2/Groups/{id}"); request.Content = new StringContent( """ { "displayName": null, "members": [ { "value": null, "$ref": null, "display": null, "type": null } ], "schemas": [ "" ], "id": null, "externalId": null, "meta": { "resourceType": null, "created": null, "lastModified": null, "location": null, "version": null } } """, System.Text.Encoding.UTF8, "application/json"); using var response = await client.SendAsync(request); -
{url}/scim/v2/Groups/{id}
Partially updates members of a specified group by its ID using the SCIM PatchOp format to add or remove members and update the displayName.
Path Parameter:
id * Include the ID of the Group being updated. Request Body:
Operations (array) * Accepts the SCIM Operations array of objects.
op Operation (string). path Operation path (null or string). value Operation value (nullable). Responses:
200 OK (Success)
{ "displayName": null, "members": [ { "value": null, "$ref": null, "display": null, "type": null } ], "schemas": [ "string" ], "id": null, "externalId": null, "meta": { "resourceType": null, "created": null, "lastModified": null, "location": null, "version": null } }401 Invalid API Credentials 404 Not Found 500 Internal Server Error Example:
using var client = new HttpClient(); var request = new HttpRequestMessage(HttpMethod.Patch, "https://myurl.com/scim/v2/Groups/{id}"); request.Content = new StringContent( """ { "schemas": [ "" ], "Operations": [ { "op": "", "path": null, "value": null } ] } """, System.Text.Encoding.UTF8, "application/json"); using var response = await client.SendAsync(request); -
{url}/scim/v2/Users
Returns the list of all users (optional filtering and pagination supported).
Path Parameter:
(none)
Query Parameters:
startIndex Index (1-based) of the first result. If not specified, default is 1. count Number of results to return. filter SCIM filter expression.
Example Filters:
userName eq "jdoe"emails.value co "@company.com"
Responses:
200 OK (Success)
{ "schemas": [ "string" ], "totalResults": 1, "startIndex": 1, "itemsPerPage": 1, "Resources": [ { "userName": null, "externalId": null, "name": { "formatted": null, "familyName": null, "givenName": null, "middleName": null, "honorificPrefix": null, "honorificSuffix": null }, "displayName": null, "emails": [ { "value": null, "type": null, "primary": true } ], "phoneNumbers": [ { "value": null, "type": null, "primary": true } ], "active": true, "groups": [ { "value": null, "$ref": null, "display": null, "type": null } ], "schemas": [ "string" ], "id": null, "meta": { "resourceType": null, "created": null, "lastModified": null, "location": null, "version": null } } ] }401 Invalid API Credentials 404 Not Found 500 Internal Server Error Example:
https://myurl.com/scim/v2/Users?filter=userName%20eq%20%jdoe%22
-
{url}/scim/v2/Users/{id}
Returns a specific user by ID.
Path Parameter:
id * Include the ID of the user. Responses:
200 OK (Success)
{ { "userName": null, "externalId": null, "name": { "formatted": null, "familyName": null, "givenName": null, "middleName": null, "honorificPrefix": null, "honorificSuffix": null }, "displayName": null, "emails": [ { "value": null, "type": null, "primary": true } ], "phoneNumbers": [ { "value": null, "type": null, "primary": true } ], "active": true, "groups": [ { "value": null, "$ref": null, "display": null, "type": null } ], "schemas": [ "string" ], "id": null, "meta": { "resourceType": null, "created": null, "lastModified": null, "location": null, "version": null } }401 Invalid API Credentials 404 Not Found 500 Internal Server Error Example:
https://myurl.com/scim/v2/Users/123
-
{url}/scim/v2/Users
Creates a new user.
Path Parameter:
(none)
Request Body:
User (object) * Accepts a user object.
active User status (boolean). displayName User display name (null or string). emails Array of User Email objects (nullable):
[{primary,type,value}]externalId External user id (null or string). groups Array of Group Membership objects (nullable):
[{$ref,display,type,value}]id User id (null or string). meta User metadata object (nullable):
{created,lastModified,location,resourceType,version}name User Name object (nullable):
{familyName,formatted,givenName,honorificPrefix,honorificSuffix,middleName}phoneNumbers Array of PhoneNumber objects (nullable):
[{primary,type,value}]schemas Array of schema strings ([""]). userName User account name (null or string). Responses:
200 OK (Success)
{ "userName": null, "externalId": null, "name": { "formatted": null, "familyName": null, "givenName": null, "middleName": null, "honorificPrefix": null, "honorificSuffix": null }, "displayName": null, "emails": [ { "value": null, "type": null, "primary": true } ], "phoneNumbers": [ { "value": null, "type": null, "primary": true } ], "active": true, "groups": [ { "value": null, "$ref": null, "display": null, "type": null } ], "schemas": [ "string" ], "id": null, "meta": { "resourceType": null, "created": null, "lastModified": null, "location": null, "version": null } }401 Invalid API Credentials 404 Not Found 500 Internal Server Error Example:
using var client = new HttpClient(); var request = new HttpRequestMessage(HttpMethod.Post, "https://muyrl.com/scim/v2/Users"); request.Content = new StringContent( """ { "userName": null, "externalId": null, "name": { "formatted": null, "familyName": null, "givenName": null, "middleName": null, "honorificPrefix": null, "honorificSuffix": null }, "displayName": null, "emails": [ { "value": null, "type": null, "primary": true } ], "phoneNumbers": [ { "value": null, "type": null, "primary": true } ], "active": true, "groups": [ { "value": null, "$ref": null, "display": null, "type": null } ], "schemas": [ "" ], "id": null, "meta": { "resourceType": null, "created": null, "lastModified": null, "location": null, "version": null } } """, System.Text.Encoding.UTF8, "application/json"); using var response = await client.SendAsync(request); -
{url}/scim/v2/Users/{id}
Replace an existing user.
Path Parameter:
id * Include the ID of the User. Request Body:
User (object) * Accepts a user object.
active User status (boolean). displayName User display name (null or string). emails Array of User Email objects (nullable):
[{primary,type,value}]externalId External user id (null or string). groups Array of Group Membership objects (nullable):
[{$ref,display,type,value}]id User id (null or string). meta User metadata object (nullable):
{created,lastModified,location,resourceType,version}name User Name object (nullable):
{familyName,formatted,givenName,honorificPrefix,honorificSuffix,middleName}phoneNumbers Array of PhoneNumber objects (nullable):
[{primary,type,value}]schemas Array of schema strings ([""]). userName User account name (null or string). Responses:
200 OK (Success)
{ "userName": null, "externalId": null, "name": { "formatted": null, "familyName": null, "givenName": null, "middleName": null, "honorificPrefix": null, "honorificSuffix": null }, "displayName": null, "emails": [ { "value": null, "type": null, "primary": true } ], "phoneNumbers": [ { "value": null, "type": null, "primary": true } ], "active": true, "groups": [ { "value": null, "$ref": null, "display": null, "type": null } ], "schemas": [ "string" ], "id": null, "meta": { "resourceType": null, "created": null, "lastModified": null, "location": null, "version": null } }401 Invalid API Credentials 404 Not Found 500 Internal Server Error Example:
using var client = new HttpClient(); var request = new HttpRequestMessage(HttpMethod.Put, "https://myurl.com/scim/v2/Users/{id}"); request.Content = new StringContent( """ { "userName": null, "externalId": null, "name": { "formatted": null, "familyName": null, "givenName": null, "middleName": null, "honorificPrefix": null, "honorificSuffix": null }, "displayName": null, "emails": [ { "value": null, "type": null, "primary": true } ], "phoneNumbers": [ { "value": null, "type": null, "primary": true } ], "active": true, "groups": [ { "value": null, "$ref": null, "display": null, "type": null } ], "schemas": [ "" ], "id": null, "meta": { "resourceType": null, "created": null, "lastModified": null, "location": null, "version": null } } """, System.Text.Encoding.UTF8, "application/json"); using var response = await client.SendAsync(request); -
{url}/scim/v2/Users/{id}
Partially update an existing user using SCIM PatchOp format.
Path Parameter:
id * Include the ID of the User. Request Body:
Operations (array) * Accepts the SCIM Operations array of objects.
op Operation (string). path Operation path (null or string). value Operation value (nullable). Responses:
200 OK (Success)
{ "userName": null, "externalId": null, "name": { "formatted": null, "familyName": null, "givenName": null, "middleName": null, "honorificPrefix": null, "honorificSuffix": null }, "displayName": null, "emails": [ { "value": null, "type": null, "primary": true } ], "phoneNumbers": [ { "value": null, "type": null, "primary": true } ], "active": true, "groups": [ { "value": null, "$ref": null, "display": null, "type": null } ], "schemas": [ "string" ], "id": null, "meta": { "resourceType": null, "created": null, "lastModified": null, "location": null, "version": null } }401 Invalid API Credentials 404 Not Found 500 Internal Server Error Example:
using var client = new HttpClient(); var request = new HttpRequestMessage(HttpMethod.Patch, "https://myurl.com/scim/v2/Users/{id}"); request.Content = new StringContent( """ { "schemas": [ "" ], "Operations": [ { "op": "", "path": null, "value": null } ] } """, System.Text.Encoding.UTF8, "application/json"); using var response = await client.SendAsync(request); -
{url}/scim/v2/Users/{id}
Delete a user. This is a soft delete that marks the user as disabled.
Path Parameter:
id * Include the ID of the User. Responses:
204 No Content 401 Invalid API Credentials 404 Not Found 500 Internal Server Error Example:
using var client = new HttpClient(); var request = new HttpRequestMessage(HttpMethod.Delete, "https://myurl.com/scim/v2/Users/{id}"); using var response = await client.SendAsync(request);
Best Practices for Using the API
- Create one service account per environment. Limit the account to read-only access for required studies and data stores. Generate an App-key and App-secret for the account, and store and rotate credentials in an approved secrets system.
- Share keys through an approved process. Grant access using an enterprise password manager or secrets vault instead of sending raw values. If transmission is unavoidable, use a one-time, end-to-end encrypted method, set a short expiry, and log the access. Prohibit sharing via email, chat, tickets, code, or plain-text configurations.
- Store the App-key and App-secret in an industry-standard secrets manager such as AWS Secrets Manager, Azure Key Vault, Google Secret Manager, or a CI/CD secrets store like GitLab CI/CD Variables or Azure DevOps Pipeline Variable Groups. Do not hard-code the generated values.
- Rotate keys periodically and immediately on staff changes. Create new credentials, update pipelines and apps, verify successful calls, revoke old credentials, update the stored values, and redeploy pipelines/apps.
- Validate the structure before pulling data. Call metadata endpoints to verify study access. Then, list the study’s available data stores using its SchemaPrefix. Select the correct store before requesting domains and data. Verify domain and field definitions, and compare the returned metadata with the expected schemas to identify any drift.
- Minimize payloads and frequency. Request only required domains and columns, schedule extracts to match downstream needs, and avoid full-store pulls when a subset suffices. Prefer incremental transfers when business keys or timestamps allow downstream duplication.