Ctrlk
For the complete documentation index, see llms.txt. This page is also available as Markdown.

eRx Tokens

eRx API tokens are credentials that allow Welkin to authenticate with the DrFirst Rcopia platform on your organization's behalf. This page explains what tokens are used for and how to obtain or rotate them.

What are eRx tokens?

DrFirst uses token-based authentication to secure API calls between Welkin and Rcopia. There are two types:

  • Organization token – Authenticates your Welkin environment to DrFirst. This is entered once in the Admin portal during setup.

  • Prescriber session tokens – Short-lived tokens generated per session for each prescriber login. These are handled automatically by Welkin and do not require manual management.

Obtaining your organization token

Your organization token is provided by DrFirst during the onboarding process. If you did not receive it or need a replacement:

  1. Contact your DrFirst account representative or DrFirst support

  2. Request an API token for your Rcopia organization

  3. Specify whether you need a sandbox token (for testing) or production token (for live use)

DrFirst will send the token securely. Treat it like a password – do not share it in email or chat.

Entering the token in Welkin

  1. Log in to the Welkin Admin portal

  2. Navigate to Integrations → DrFirst eRx

  3. Paste the token into the API Token field

  4. Click Save and Test Connection

  5. Confirm the status shows Connected

Rotating tokens

Tokens should be rotated if:

  • A token is suspected to be compromised

  • A key team member with token access leaves the organization

  • DrFirst notifies you of a scheduled token rotation

To rotate: request a new token from DrFirst, enter it in the Admin portal, confirm the connection is working, then discard the old token.

Token security best practices

  • Store tokens in a password manager or secrets vault, not in spreadsheets or email

  • Limit Admin portal access to staff who need to manage integrations

  • Enable the Welkin Security Audit log to track when integration settings are changed

  • Rotate tokens at least annually or whenever personnel with access changes

Sandbox vs. production tokens

Keep sandbox and production tokens separate. Using a production token in a test environment (or vice versa) will result in authentication errors or test prescriptions being sent to live pharmacies. Label tokens clearly in your password manager.

PreviouseRx IDP Quick TipsNextCompleting the EPCS Invitation

Last updated

Was this helpful?