Overview
Registered App developers are issued OAuth client credentials used to request access tokens (a type of JSON web token, or “JWT”) from our authorization server. An access token represents an app’s authorized access to one or more API endpoints and is required to make a successful request to those endpoints.
Authorization methods supported:
- Backend Services: This profile is intended to be used by developers of backend services (clients) that autonomously (or semi-autonomously) need to access resources from FHIR servers that have pre-authorized defined scopes of access. This implementation uses client credentials grant type.
- App Launch: connects third-party applications to Electronic Health Record data, allowing apps to launch from inside or outside the user interface of an EHR system. This profile is intended to be used by developers of apps that need to access FHIR resources by requesting access tokens from OAuth 2.0 compliant authorization servers. This method is used for patient and provider-facing apps accessing data. This implementation uses authorization code grant type.
Supported scopes
All FHIR APIs require the use of OAuth scopes using the SMART App Launch Framework clinical scope syntax.
List of scopes supported for Backend Services apps.
- system/AllergyIntolerance.read
- system/CarePlan.read
- system/CareTeam.read
- system/Condition.read
- system/Device.read
- system/DiagnosticReport.read
- system/DocumentReference.read
- system/Encounter.read
- system/Goal.read
- system/Immunization.read
- system/Location.read
- system/Medication.read
- system/MedicationRequest.read
- system/Observation.read
- system/Organization.read
- system/Patient.read
- system/Practitioner.read
- system/Procedure.read
- system/Provenance.read
List of scopes supported for App Launch - Patient Facing apps.
- openid
- fhirUser
- offline_access
- launch/patient
- patient/Appointment.read
- patient/AllergyIntolerance.read
- patient/CarePlan.read
- patient/CareTeam.read
- patient/Condition.read
- patient/Device.read
- patient/DiagnosticReport.read
- patient/DocumentReference.read
- patient/Encounter.read
- patient/Goal.read
- patient/Immunization.read
- patient/Location.read
- patient/MedicalAdministration.read
- patient/Medication.read
- patient/MedicationRequest.read
- patient/Observation.read
- patient/Organization.read
- patient/Patient.read
- patient/Practitioner.read
- patient/Procedure.read
- patient/Provenance.read
List of scopes supported for App Launch - Provider Facing apps.
- openid
- fhirUser
- offline_access
- launch
- user/Appointment.read
- user/AllergyIntolerance.read
- user/CarePlan.read
- user/CareTeam.read
- user/Condition.read
- user/Device.read
- user/DiagnosticReport.read
- user/DocumentReference.read
- user/Encounter.read
- user/Goal.read
- user/Immunization.read
- user/Location.read
- user/MedicalAdministration.read
- user/Medication.read
- user/MedicationRequest.read
- user/Observation.read
- user/Organization.read
- user/Patient.read
- user/Practitioner.read
- user/Procedure.read
- user/Provenance.read
