PBS API - Accessing the embargo API

Page last updated: 07 Nov 2024

Software vendors can apply to access the PBS embargo data API by using the following guidance. The API uses open standards (REST, JSON, CSV) and will work with any REST API tool.

The PBS embargo data API provides data approximately two weeks prior to a new Schedule’s date of effect (the first day of the month). There is often more than one release of API embargo data per month.

  • Access to the embargo API is at the discretion of the Department of Health and Aged Care and is only provided to Software vendors for the purposes of updating prescribing, dispensing and claiming software.
  • Access may be revoked if the embargo conditions are not strictly observed.
  • Applicants must have their software in production – if software is still in development then the PBS public API should be utilised instead.
  • If you are granted API embargo access you will also receive access to the embargo section and Developers Discussion Board.

The guidance below shows one of the methods to access the PBS embargo API data via an online tool called Postman.

Disclaimer : The Department of Health and Aged Care is suggesting Postman as one of many options to access the PBS API. The Department has no affiliation with Postman and cannot guarantee the results produced using this product. The use of Postman is solely at your own risk.

1 Step 1 - Lodging an application via the HPP

Important: you must setup your access to the Health Products Portal (HPP) first before you can apply for access to the embargo API. For information on how to access the HPP, please view the following guidance on Accessing the HPP.

Once you have HPP access, log into the HPP and navigate to the Applications tab from the Services page.

Create an application by selecting 'New application' > 'Medicinal Products and vaccines' > 'Request access to PBS embargo data API'. Follow the prompts within the application to lodge the request.

Once your application has been approved, you will receive correspondence with the category Embargo API access details which can be accessed via the Correspondences tab on the Services page of the HPP. Your correspondence will include the following information: 

  1. Client ID
  2. Client secret
  3. Tenant ID
  4. Scope
  5. Access token endpoint URL

An example of the correspondence is shown in Figure 1.

Figure 1: Screenshot of the Embargo API access details correspondence  

2 Step 2 - Accessing the API

Navigate to the API catalogue and log into your API account. When logging in, please ensure that you select the following options in the order indicated below. You must use the same digital identity that you used to access the HPP.

Important: Those who log into the API before their access is approved will need to contact HPP.Support@health.gov.au to resolve issues with logging in caused by accessing the API before having their access approved. 
  1. Login with myID (Figure 2)
  2. Select myID (Figure 3)

Figure 2. Screenshot of API sign in options with 'Login with myID' highlighted

Figure 3: Screenshot of Digital Identity page showing 'Select myID' option

3 Step 3 - Viewing API endpoints

To view all available embargo APIs, including deprecated versions, navigate to the API catalogue and select 'View APIs' while logged in. This page will display the current and previous versions of the API. Select the latest version of the API to view the endpoints. From this page you can: 

  1. Set the version
  2. Select the relevant table
  3. Retrieve the API endpoint 

Figure 4: The API page, with guidance on actions that can be performed on this page.  

4 Step 4 - Obtaining an Access token through postman

Note: This process presumes you have access to Postman which is a separate application.

  1. Within the desktop or browser version of Postman, open a new tab by clicking '+' at the top of the window shown in Figure 5. 

Figure 5: Screenshot of the ‘+’ button 

This will bring up a blank request as shown in Figure 6. 

Figure 6: Screenshot of a blank request in Postman with ‘Enter request URL’ highlighted 

  1. Within this page, paste your Access token endpoint URL (item 5 in Figure 1) into the 'Enter request URL' field as shown in Figure 6.  

  1. Navigate to the 'Body' tab and select the radio button for ‘form-data’ as shown in Figure 7. This will display the KEY and VALUE columns. 

Figure 7: Screenshot of Body tab with ‘form-data’ radio button highlighted 

  1. In the KEY column, type in 'client_id', 'client_secret', 'scope' and 'grant_type' as shown in Figure 8. 

Figure 8: Screenshot of Body tab with KEY column highlighted

  1. In the corresponding rows within the VALUE column, enter your Client ID, Client secret and Scope from your correspondence (shown as items 1, 2 and 4 in Figure 1) into the VALUE column as shown in Figure 9.
  2. Manually enter 'client_credentials' into the VALUE column for 'grant_type' as shown in Figure 9.

Figure 9: Screenshot of Postman with credentials entered

  1. Once input, hit 'Send'. This will generate the Access token as shown in Figure 9.
  2. Select and copy this as indicated in Figure 9. Please note that your access token will only last an hour once it has been generated.

5 Step 5 - Using an access token to access the API

Open a new tab in Postman once more (Figure 5) and enter the request URL for the API. This can be obtained from the Developer Portal in the API tab. Refer to item 3 as shown in Figure 4 to locate the URL. Please note that you should exclude everything from ‘[‘ to ‘]’ at the end of the URL.

Within the Authorization tab, ensure the Type is set to Bearer Token and paste the access token copied from the Postman ‘Post’ page, as described in the section Obtaining an Access token through Postman. The location of fields that need to be populated is shown in Figure 10.

Figure 10: Screenshot of Postman 'Get' page and where to input the API URL, Bearer Token and Access Token

Navigate to the Header tab and manually type ‘subscription-key’ into the KEY column and in the VALUE column insert the subscription key (primary or secondary) retrieved from the Developer Portal (see Figure 1). Figure 11 provides guidance on the field that needs to be populated with the subscription key.

Figure 11: Screenshot of Postman 'Get' page and where to input the subscription key

Once completed, select send. This will return the PBS Embargo data from the requested endpoint.