My HealtheVet (MHV)
Last Updated: April 22, 2025
This page describes the My HealtheVet (MHV) application program interface (API) including integration points, trust chains, and incident response.
Overview of My HealtheVet
MHV APIs provide Secure Messaging (SM), Prescriptions (RX), View Test and Lab Results, and Health Records (aka Blue Button [BB]) support.
The integration with MHV is provided via NSOC configured tunnels to the MHV HA systems in Terremark within the VA network. MHV provides a single API gateway for all services; it acts as a facade in front of two independent services for (RX + BB) and (SM), so it’s possible for one or the other of the backing services to be down while the other is up.
Network connectivity and L7 status checks reported by the External Service Status dashboard (SOCKS proxy access is required).
Integration points
Prescriptions (RX)
Type: REST
Endpoint:
#{ENV['MHV_HOST']}/mhv-api/patient/v1/
Error Indicator:
StatsD:
api.external_http_request.Rx
Datadog:
CODEvets_api.statsd.api_external_http_request_Rx_success vets_api.statsd.api_external_http_request_Rx_failed vets_api.statsd.api_external_http_request_Rx_skipped
Secure messaging (SM)
Type: REST
Endpoint:
#{ENV['MHV_SM_HOST']}/mhv-sm-api/patient/v1/
Error Indicator:
StatsD: api.external_http_request.SM
Datadog:
CODEvets_api.statsd.api_external_http_request_SM_success vets_api.statsd.api_external_http_request_SM_failed vets_api.statsd.api_external_http_request_SM_skipped
Trust chains
The essapi-sysb.myhealth.va.gov is a SAN for our internal-sysb.myhealth.va.gov certificate. Its certificate chain uses the VA-Internal-S2-ICA11 as the intermediate and the VA-Interal-S2-RCA2 as the root. The ICA and RCA are the same for the production essapi.myhealth.va.gov SAN. (login required)
essapi-sysb.myhealth.va.gov (login required)
0 s:/DC=gov/DC=va/OU=devices/CN=essapi-sysb.myhealth.va.gov
i:/DC=gov/DC=va/OU=Services/OU=PKI/CN=Veterans Affairs Device CA B2
1 s:/DC=gov/DC=va/OU=Services/OU=PKI/CN=Veterans Affairs Device CA B2
i:/C=US/O=Betrusted US Inc/OU=SSP/OU=Betrusted Production SSP CA A1/CN=Betrusted Production SSP CA A1
2 s:/C=US/O=Betrusted US Inc/OU=SSP/OU=Betrusted Production SSP CA A1/CN=Betrusted Production SSP CA A1
i:/C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA
essapi.myhealth.va.gov (login required)
0 s:/DC=gov/DC=va/OU=devices/CN=essapi.myhealth.va.gov
i:/DC=gov/DC=va/OU=Services/OU=PKI/CN=Veterans Affairs Device CA B2
1 s:/DC=gov/DC=va/OU=Services/OU=PKI/CN=Veterans Affairs Device CA B2
i:/C=US/O=Betrusted US Inc/OU=SSP/OU=Betrusted Production SSP CA A1/CN=Betrusted Production SSP CA A1
2 s:/C=US/O=Betrusted US Inc/OU=SSP/OU=Betrusted Production SSP CA A1/CN=Betrusted Production SSP CA A1
i:/C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA
3 s:/C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA
i:/C=US/O=U.S. Government/OU=FPKI/CN=Federal Common Policy CA
Required configuration
The following environment variables must be set in vsp-infra-application-manifests to establish connectivity:
MHV_HOST
MHV_APP_TOKEN
MHV_SM_HOST
MHV_SM_APP_TOKEN
As mentioned above, there is now a single API gateway so MHV_HOST
and MHV_SM_HOST
should match (eventually these may be collapsed into one variable). However, the backing services use their own authentication tokens so MHV_APP_TOKEN
and MHV_SM_APP_TOKEN
are not expected to match. These values live in the Parameter Store.
Additionally, custom certificates must be added to the cert chain to allow SSL connectivity, these certificates are placed in /etc/pki/ca-trust/source/anchors/
intb.pem
prod.pem
Outage status and maintenance windows
Alerts for all planned and unplanned outages of VA online services and systems are sent to ANR (login required).
A release schedule is emailed out with release dates.
Notifications are sent out about outages to the MHV ListServ (login required).
Key contacts
Reach out in the #mhv-medications-rx Slack channel.
Incident response
Any time PagerDuty has a status other than "active" for MHV a downtime banner is in place on the sign in modal. Vets-api gets the status from PagerDuty once a minute.
Contact the NSD (1-855-673-4357) to file a ticket for MHV outages. Phone tree
5
(Other issues) ->1
(VHA). You will be forwarded to a technician.Send an email describing the issue in detail, including the NSD ticket #, to
"Graham, Kenneth J. (BYLIGHT)" <Kenneth.Graham2@va.gov>, "Hormby, Thomas W.
(SMS)" <Thomas.Hormby@va.gov>, "Copeman, Richard L.. (SMS)"
<Richard.Copeman@va.gov>, "Zallar, Kerry (KGS)" <Kerry.Zallar@va.gov>, "Kirk,
Gregory" <Gregory.Kirk@va.gov>, "Phelps, Carl J." <Carl.Phelps@va.gov>, "Good,
Sean M." <Sean.Good@va.gov>, "Robertson, Raquel D.(BYLIGHT)"
<Raquel.Robertson@va.gov>, "Bain, Matthew" <Matthew.Bain@va.gov>, "Moy, Jacob T.
(By Light)" <Jacob.Moy@va.gov>, "Born, Michael A. (Vidoon, Inc)"
<Michael.Born@va.gov>, "Brekke, John L." <John.Brekke@va.gov>.
Help and feedback
Get help from the Platform Support Team in Slack.
Submit a feature idea to the Platform.