Skip to main content

Authorization

Follow this guide to create a new Kareo credential that will allow Nexla to authenticate to and exchange data with your Kareo account.
kareo_api_auth.png

Kareo

Prerequisites

Kareo uses a combination of a Customer Key, Username, and Password to authenticate API requests. Before creating a Kareo credential in Nexla, you will need to gather all three values from your Kareo (Tebra) account.

Obtain Your Customer Key

The Customer Key is an account-level identifier required by the Kareo SOAP API. It is unique to your organization, is the same for all users on the account, and never changes or expires. Only Kareo System Administrators can generate or view the Customer Key.

  1. Log in to your Kareo (Tebra) account at app.kareo.com using your System Administrator credentials.

  2. Navigate to Help in the top navigation bar, then select Get Customer Key from the dropdown menu.

  3. In the dialog that appears, click the Create my customer key button. Your Customer Key will be generated and displayed next to Your Key.

  4. Copy and securely store the Customer Key — you will need it when configuring the credential in Nexla.

The Customer Key is an account-wide identifier and is the same for all users in your organization. It does not expire and does not need to be regenerated unless your organization requests a new one.

Create a Dedicated API User

Kareo recommends creating a dedicated user account for API integrations rather than using a personal administrator login. This makes it easier to manage access and to audit API activity.

  1. In your Kareo account, navigate to Settings > User Accounts (or Manage Users, depending on your version).

  2. Click Add User or New User to create a new user account.

  3. Assign the new user the System Administrator role. This role is required for full API access, including read access to patients, providers, appointments, transactions, and charges, as well as write access to patients and encounters.

  4. In the user's permissions configuration, select EHR's and API, then click Full Control to grant the necessary API permissions.

  5. Set a strong, secure password for the new user account.

  6. Save the new user and note the Username (typically the user's email address or login name) and the Password you configured — you will need these when creating the Nexla credential.

Using a dedicated API user account rather than a personal login is a security best practice. It ensures that API access can be revoked or audited independently of individual user accounts, and it prevents disruption to API integrations if a personal account's password changes.

For complete information about user management and API access in Kareo, refer to the Tebra Help Center.

Create a Kareo Credential

  • To create a new Kareo credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

Authentication Settings

  1. Enter your Kareo Customer Key in the Customer Key field. This is the account-level identifier generated in your Kareo account under Help > Get Customer Key. The Customer Key is required by the Kareo SOAP API to identify your organization.

  2. Enter the Username of the dedicated API user account in the User Name field. This is typically the email address or login name of the user created for API integrations in your Kareo account.

  3. Enter the Password for the API user account in the Password field. This should be the password set when the dedicated API user was created.

Important

Keep your Customer Key, Username, and Password confidential. These credentials grant access to your Kareo account data, including sensitive patient and billing information. Do not share credentials in unsecured communications, and rotate the API user password periodically as part of your organization's security practices.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.