Please select which module you are requesting API access for.
* must provide value
REDCap Mobile App
MyCap
Other
MyCap is a mobile device application that can be used by participants to complete surveys and tasks associated with REDCap projects. Available as an external module that can be enabled on a REDCap project, MyCap allows researchers to capture participant / patient-reported outcomes via the MyCap app on a participant's mobile device. The data is then sent from the app to the REDCap project. It is particularly helpful for researchers who wish to communicate and collect data from participants on a frequent basis.
The REDCap Mobile App adds a new dimension to REDCap's versatility by providing users with a tool for offline data collection, particularly in environments with poor Internet connectivity. The app cannot be used on its own but is a companion app that must be used alongside REDCap itself (you must first be a REDCap user at a REDCap partner institution before you can utilize the mobile app).
Participant data is stored locally on the device in an AES-256+SHA2 encrypted database. Data remains on the device if an internet connection is not available. Applies to both iOS and Android devices.
When an internet connection is available, data is transmitted directly to REDCap using a SSL (TLS v1.2) connection. A hash-based message authentication code (HMAC) is used to verify the integrity of the data and to authenticate the sender.
Participant entered data (i.e. task responses) are not stored or sent anywhere else. Data exists on the participant's device or on your server.
Data is wiped from the device after the MyCap app verifies that data has been successfully transmitted. Note that there is an optional MyCap feature that lets a participant see some of the data s/he has entered for an individual task/instrument/survey. By default, data is wiped.
Participants create a 6-digit PIN that is used to open the app. A participant can disable the PIN feature.
The REDCap Mobile App employs encryption-at-rest on the mobile device's hard drive so
that all important data and information stored on the device is properly protected from unauthorized or
malicious users. Encrypting the REDCap data on the device prevents any unauthorized users from
accessing data in the app, even if they were to gain access to the device's file system in some way (whether
using a direct hardware connection or via other software on the device). All user PINs are ciphered using
SHA cryptography, and all stored REDCap data values (potential PHI or PII), API tokens, and REDCap
app logs are encrypted using AES encryption standard on the mobile device's hard drive. The encryption
keys are stored in iOS's Keychain and Android's KeyStore, which is standard practice for achieving the
highest level of security for encrypted data stored in iOS and Android.
Note about external/detachable drives:
The REDCap Mobile App does not allow any data to be stored on external hard drives (e.g., USB
Flash drives) connected to the mobile device. To maintain the greatest level of security, the app only allows
the device's internal hard drive to be used for data storage.
By submitting this pre-approval request you are taking responsibility for the security of any issued MyCap API tokens and all data accessible by those API tokens.
Typically, submitting this form is followed by a meeting to review how you plan to use the MyCap API and secure API tokens.
By submitting this pre-approval request you are taking responsibility for the security of any issued REDCap Mobile App API tokens and all data accessible by those API tokens.
Typically, submitting this form is followed by a meeting to review how you plan to use the REDCap Mobile App API and secure API tokens.
Client software owner - Typically, this is the person submitting the pre-approval request
First Name
* must provide value
Last Name
* must provide value
Phone number
* must provide value
E-mail
* must provide value
Department
* must provide value
Will this project contain HIPAA or FERPA protected data.
* must provide value
Yes
No
All users will have met their specific research affiliate/institution mandated HIPAA training and research training before using the API software client. (Selecting NO will automatically end this survey and a ticket will be created with the Service Desk to schedule training)
* must provide value
Yes
No
Are you the principal investigator of the project?
* must provide value
Yes
No
Phone
* must provide value
Email
* must provide value
Please tell us about the client software that will use the MyCap API and how that client software will be used.
Please tell us about the client software that will use the REDCap Mobile App API and how that client software will be used.
Please provide a short description of the work that will be supported, including the role the client software will play.
(e.g. We are developing a Java program to read data from OU REDCap once a night and add that data to a data warehouse, or data managers will be using SAS and SPSS to read data from OU REDCap as needed for data analysis).
* must provide value
What OU REDCap project (or projects) will be accessed by the API?
Please provide the project id(s) of the project(s). You can find the project id for a project by navigating to that project and looking in the URL for 'pid=NNNN', where NNNN would be the project id.
API review and approval process are determined by each project. If the REDCap project does not currently exist, API access cannot be granted
* must provide value
Will the API be used to access data from human subjects research?
* must provide value
Yes
No
By submitting this request, you attest to the following security and privacy criteria:
Yes
No
The API token used by the software client will not be shared with others for any reason.
* must provide value
Yes
No
API tokens will be stored on secure machines. The software client and the API token might be stored on separate computers. In that case, the following requirements refer to the host that stores the API token. All hosts must adhere to the Information Security 91.005 policy.
For laptops and other mobile devices, please review the Mobile Device Standards and any departmental mobile device policies relevant to the department sponsoring the use of the mobile devices. All security incidents will be communicated to the OU REDCap administrators (redcap@ohio.edu) and to the IT Service Desk (servicedesk@ohio.edu). This includes compromised, unsecured, lost and/or stolen devices, computers, and API tokens.
* must provide value
Yes
No
The client will only provide data to those who are allowed to see that data.
* must provide value
Yes
No
The user will notify security@ohio.edu when API tokens will no longer be needed.
* must provide value
Yes
No
Which IT person or department have you conferred with to make sure that the computers that will host the API token(s) will follow all relevant policies?
* must provide value