FHIR API HIEBus™ FHIR API
Interface Guide

Authentication

HIEBus will only issue access tokens to registered applications. If you want a FHIR app to be able to authenticate, you’ll need to add an OAuth client for that app.

  1. Go to Administration -> Client Configuration.
  2. Select “OAuth2Clients” from the dropdown.
  3. Select a client on the left or “Add” to create a new client.

The options you need to set for a FHIR app are described below.

Option Description
Id Each client must have a unique identifier
Redirect URIs List the redirect URIs used by the client application. Only URIs listed here will be accepted as OAuth redirects.
Enable password credentials Set whether to allow password credentials. This is not recommended for production applications.
Token Expiration (minutes) How long until an access token expires. 30 is a good choice. If not specified, this will default to the global configuration setting for OAuth clients.
Refresh Token Expiration (days) How long until a refresh token expires. 8 is a good choice, which lets the user go up to 7 days between sessions without needing to log in again. Set to 0 to disable refresh tokens. If not specified, this will default to the global configuration setting for OAuth clients.
SMART App Check if this client is a SMART on FHIR app that requires launch extensions.
Secret Choose a ‘secret’ field for your client, and run it through a SHA256 hash generator such as this one. Store the hashed value here. You will not be able to recover the original secret, so keep it in a safe place. The secret can be null or empty, which means no secret is required.
OpenID Connect Flow Select the desired authorization flow. AuthorizationCode or AuthorizationCodeWithProofKey is the recommended flow.