Could you confirm if my thinking is right, regarding the redirect mechanism in production?

Our app sends a http redirection (a GET call) to HealthVault with target=AUTH and the redirect parameter pointing to our ActionURL

When the user logs in to HealthVault, HealthVault sends a POST method to our ActionURL with target=AppAuthSuccess and the userAuthToken as values to the POST message variables, right?

POST method is used only in Production and that too only in the return direction (HealthVault to our App), correct?

2. Good to know. Thanks.

3. The general information provided in that post is useful, thought it is about C# and the .NET API.

Releasing specs would be most appreciate it. Then we won’t have to wonder about all these things.

1. Where did you get the auth.aspx reference? The redirect.aspx is a the page handling shell targets.

2. The production environment will not honor the redirect parameter (for security reasons) , it will send a command to the action url.

3. The post- http://healthblog.vitraag.com/2008/05/extending-healthserviceactionpage/ talks a little more about action targets. I apologize for no documentation wrt but in general for each action targerl (like sharerecord) their is a corresponding target.

We have an upcoming open spec which should address this, we want to be open and interoperable.

1. What is the difference between https://account.healthvault-ppe.com/redirect.aspx and https://account.healthvault-ppecom/auth.aspx?

2. Will the production environment honor the “redirect” parameter or will it send a command to the “ActionUrl” handling page?

3. What other “targets” are there?

It would be really nice if someone, anyone could release some decent, reliable information on this stuff, on, let’s say, MSDN. It’s just not nice leaving the developers in the dark like this.