Skip to main content

Sponsors

A sponsor in ARC is the entity that finances the coverage — an insurer, a health-benefits administrator, a self-funded employer, or a public agency (EPS in Colombia, ARS in the Dominican Republic, Mutua in Spain). Every ARC operation happens within a sponsor's context. There is no "sponsor-less" pre-authorization or dispensation.

Why sponsors matter to your integration

Sponsors are why the API isn't a single monolithic contract. Each sponsor has its own:

  • Beneficiary search form — some sponsors identify beneficiaries by national ID, others by member number, others by phone or family + member index.
  • Required indication types — one sponsor accepts a plain PDF of the prescription; another wants a structured MEDICAL_INDICATION file plus a lab order.
  • Coverage product-type map — the sponsor decides which product_type (medication, lab, imaging, procedure) it processes and which it rejects outright.
  • Verification requirements — OTP for medication, biometric for high-cost procedures, nothing for basic labs — up to the sponsor.
  • Approval workflow — some sponsors approve synchronously (response returns APPROVED), others queue for review and emit a webhook later.
  • Settlement contract — some sponsors accept per-transaction billing; others require batching (Dominican Republic's radicación flow).

Reading a sponsor's rules

The single source of truth is getSponsorConfiguration. Call it for each (sponsor_slug, product_type) pair your integration handles, and cache the response with a short TTL — sponsors update these rules whenever their contracts change.

The configuration tells you:

  • Which fields on the authorization request are mandatory for this sponsor.
  • Which authorization_type values are accepted.
  • Whether OTP / biometric is required.
  • Whether the sponsor evaluates synchronously or asynchronously.

Affiliations

A provider isn't automatically permitted to operate on every sponsor. Osigu's operations team wires affiliations — the list of sponsors a provider can transact with. Read the current list via listSponsors.

An unaffiliated sponsor returns 403 Forbidden on any operation, even beneficiary search. If you get a 403 and the token is valid, check listSponsors first.

The API accepts sponsors by slug (sponsor_slug) in URLs and by ID (sponsor_id) inside JSON payloads. Both refer to the same entity. Osigu picks the slug at onboarding — it's a stable, URL-safe identifier that doesn't leak the internal ID.