Salesforce integration

Salesforce + Auth57 — prior-authorization data callable from any Flow.

Auth57 ships with an OpenAPI 3.1 spec. Import it into Salesforce External Services — PA Lookup becomes a drag-and-drop action in Flow Builder. No Apex. No AppExchange wait. No managed package. Works in Service Cloud, Health Cloud, and Sales Cloud.

  • 10-minute setup, admin-only — no developer required
  • Real-time PA rule lookup by state, program, drug, or service
  • Works with Health Cloud Utilization Management
  • Source URL + confidence score returned on every call
Start setup ↓Book 15 min with founder

What this unlocks

UM reviewers and PA ops inside Salesforce stop flipping between tabs. Verified state PA rules, program-level nuances, CMS mandate context, and the primary source URL — all populated on the Case, Contact, or Patient record without leaving the org.

Example workflow: A Case is created for a California Medicaid member requesting an advanced MRI. A Record-Triggered Flow calls Auth57's paLookup action with state=CA, program=medicaid_ffs, service=advanced_imaging. The Flow writes the verdict, source URL, and confidence onto the Case in under 300ms. A second Flow routes the Case based on whether PA is required, whether step therapy applies, and what the expected turnaround is — all from one API response.

Prerequisites

Salesforce
System Administrator access
Any edition with Flow Builder and External Services. Enterprise, Unlimited, Developer, or Health Cloud.
Auth57
API key
Grab one from /subscribe-api. $299/mo. Or book a call for a 30-day demo key.
Optional
Health Cloud
Maps cleanly onto Health Cloud's Utilization Management data model, but works in plain Service Cloud too.

Setup

Three steps. You'll be making live PA lookups from Flow Builder before your coffee gets cold.

1
2 minutes

Create a Named Credential

Named Credentials hold the base URL and the API-key header. This keeps your key out of code and lets you rotate it in one place.

  1. Go to Setup → Security → Named Credentials → New Legacy (or use the new External Credentials UI if your org is on Spring '23+).
  2. Fill in the fields below.
  3. Click Save.
Setup → Named Credentials → New
LabelAuth57
NameAuth57
URLhttps://auth57.io/api
Identity TypeNamed Principal
Authentication ProtocolNo Authentication
Generate Authorization HeaderUnchecked
Allow HTTP HeaderChecked
Custom Header Namex-api-key
Custom Header Valueyour Auth57 API key
// The `x-api-key` custom header is how Auth57 authenticates every call.
2
3 minutes

Import the OpenAPI spec as an External Service

Salesforce parses the spec and generates a typed action for every Auth57 endpoint. You'll see paLookup, compare, and statesSummary available in Flow Builder after this step.

  1. Go to Setup → Integrations → External Services → New External Service.
  2. Choose From API Specification.
  3. Select the Named Credential you created in Step 1 (Auth57).
  4. Paste the schema URL below or upload the spec file.
  5. Salesforce will list the available operations — select them all.
  6. Click Save & Next, then Finish.
Setup → External Services → New from OpenAPI
Service NameAuth57
Service RegistryOpenAPI 3.1
Schema URLhttps://auth57labs.com/openapi.json
Named CredentialAuth57
// Auth57's OpenAPI spec is live at the URL above — import directly.
3
5 minutes

Use in Flow Builder

Every Auth57 endpoint is now a typed action. Drag it into any Flow — Record-Triggered, Screen, Scheduled, or Autolaunched.

  1. Open or create a Flow (Setup → Process Automation → Flows).
  2. Add an Action element.
  3. In the search, type Auth57 — pick paLookup.
  4. Map the inputs from record fields or Flow variables:
    state{!$Record.State__c}
    programmedicaid_ffs
    service{!$Record.Service_Category__c}
    // State must be a 2-letter code. Program and service must be Auth57 enum values.
  5. The action returns a typed response. Map result.pa_required, result.source_url, and next_steps to record fields or use them in Decision elements.

Example response your Flow will receive:

// GET /api/pa-lookup?state=CA&program=medicaid_ffs&service=advanced_imaging
{
  "state": "CA",
  "program": "medicaid_ffs",
  "query": { "service_category": "advanced_imaging" },
  "result": {
    "pa_required": true,
    "pa_type": "full",
    "confidence": 0.88,
    "source_url": "https://www.dhcs.ca.gov/provgovpart/Pages/TAR.aspx",
    "last_verified": "2026-04-23"
  },
  "next_steps": [
    { "step": 1, "title": "Gather clinical documentation", "items": [...] },
    { "step": 2, "title": "Submit PA request", "items": ["Submit to: State Medicaid agency"] },
    { "step": 3, "title": "Expected turnaround", "items": ["Standard: 14 days", "Expedited: 72 hours"] }
  ],
  "served_from": "static",
  "timestamp": "2026-04-23T20:14:58.442Z"
}

Use Decision elements to branch on result.pa_required, or write the full response JSON to a long-text field for audit trails.

Roadmap

External Services works today with zero custom code. As the Salesforce integration matures, two more surfaces are planned:

Live now

OpenAPI → External Services

Admin-only, Flow-callable, works in every Salesforce edition with External Services enabled.

Fast-follow

Lightning Web Component

Drop-in PA-lookup widget for the Case or Patient record page. Shows verdict, source, and next steps inline. Installable via package URL — no AppExchange wait.

Enterprise

AppExchange-listed app

Formal Salesforce security review + public listing. Right option for large payer orgs that require AppExchange provenance before deploy.

FAQ

Which Salesforce editions support this?+
Any edition with External Services and Flow Builder — Enterprise, Unlimited, Developer, Performance, and Health Cloud. External Services has been GA since Spring '19. No AppExchange listing is required.
Does this work in Health Cloud's Utilization Management data model?+
Yes. Auth57's state / program / service inputs map onto Health Cloud's Service Request, Care Plan, and Utilization Management Request objects. The most common pattern: a Record-Triggered Flow on UtilizationManagementRequest calls paLookup and writes the verdict + source onto the request record.
How does this handle HIPAA / PHI?+
Auth57 doesn't accept PHI. The API takes a state code, program, and drug/service category — all non-identifying data. No member name, DOB, MRN, or clinical notes are transmitted. Your Salesforce org keeps all PHI; Auth57 only returns rule data.
What's the rate limit?+
10,000 calls/hour on pa-lookup. Far above what a typical UM team generates. Admin plans bypass. Exceeding the limit returns HTTP 429 with a Retry-After header — Flow Builder can retry automatically.
What happens when Auth57 is down?+
Flow Builder surfaces the HTTP error. Standard pattern: add a Fault Path in your Flow that writes “PA lookup unavailable, defer to manual review” to the record, so your reviewers never get stuck. Auth57 runs on Vercel's edge network with 24/7 heartbeat monitoring.
Can I use this for drug PA lookups too?+
Yes. The same paLookup action accepts either service OR drug as the input (not both). Drug classes are Auth57 enum codes — glp_1_agonists, biologics, oncology_injectables, etc. The Cafe demo at /demo shows the full drug picker mapping brands → classes.
Is there an Apex version for more complex orchestration?+
You don't need one — External Services handles all the typing, auth, and error handling for you. If you want to wrap paLookup in an Apex class anyway, it's a standard HttpCalloutMock pattern against the same Named Credential. Email hello@auth57labs.com for sample code.
Does Auth57 have a Slack or Teams integration?+
Not yet, but the pattern is the same: both products support OpenAPI-based custom workflows. If you want one, book a call and we'll scope it.

Ready to put verified PA data inside Salesforce?

Grab an API key and you're 10 minutes from a live Flow. Or book 15 minutes and I'll walk you through it — free, no pitch deck.

Get an API key →Book 15 min