403 error when calling Observation or DiagnosticReport api call in test patientIds
288 views
Skip to first unread message
Johar
Nov 9, 2023, 10:18:03 AM11/9/23
to SMART on FHIR
Hi ,
I have created an app and successfully generated access token.
I can get patient specific resouces using certain api call.
For example , for the Patient.read:
https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient/erXuFYUfucBZaryVksYEcMg3 Works fine.
However, when i try to use other api calls, for example:
I have created an app and successfully generated access token.
I can get patient specific resouces using certain api call.
For example , for the Patient.read:
https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient/erXuFYUfucBZaryVksYEcMg3 Works fine.
However, when i try to use other api calls, for example:
- https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Observation?patient=erXuFYUfucBZaryVksYEcMg3&category=laboratory
documentation: https://fhir.epic.com/Sandbox?api=999
OR
-
https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/DiagnosticReport?patient=
erXuFYUfucBZaryVksYEcMg3
documentation: https://fhir.epic.com/Sandbox?api=989
documentation: https://fhir.epic.com/Sandbox?api=989
I get forbidden error. 403 stating that
"The request was a legal request, but the server is refusing to respond to it. Unlike a 401 Unauthorized response, authenticating will make no difference."
List of patientIds I am using:
https://fhir.epic.com/Documentation?docId=testpatients
Can you tell me, why I am getting this error ? Or how to properly use the above mentioned apis ? Thanks in advance.
Can you tell me, why I am getting this error ? Or how to properly use the above mentioned apis ? Thanks in advance.
Michele Mottini
Nov 9, 2023, 10:28:16 AM11/9/23
to Johar, SMART on FHIR
. . . no DiagnosticReport.read scope possibly?
Or you did not enable DiagosticReport when you registered the app.
- Michele
CareEvolution
Johar
Nov 10, 2023, 3:19:13 AM11/10/23
to SMART on FHIR
Hallo Michele,
Thanks for the reply.
I have the scope
and also enabled the api in the app.
Michele Mottini
Nov 10, 2023, 3:25:50 AM11/10/23
to Johar, SMART on FHIR
I think there might be multiple DocumentReference that can be enabled for the app? Beside that I have no idea
- Michele
CareEvolution
--
You received this message because you are subscribed to the Google Groups "SMART on FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smart-on-fhi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/smart-on-fhir/f78c27da-4477-456b-8064-c20a5cf7f24fn%40googlegroups.com.
Johar
Nov 10, 2023, 3:40:37 AM11/10/23
to SMART on FHIR
How do I enable multiple documentReference ? You mean I add more api calls to the app ?
Michele Mottini
Nov 10, 2023, 4:04:24 AM11/10/23
to Johar, SMART on FHIR
I mean that the list of APIs you can enable (the list on the left) for your app might include multiple DocumentReference ones, and you picked only one
- Michele
CareEvolution
To view this discussion on the web visit https://groups.google.com/d/msgid/smart-on-fhir/83e3dc2c-2bd8-4f2b-b350-14e08c113f7an%40googlegroups.com.
Johar
Nov 10, 2023, 5:36:25 AM11/10/23
to SMART on FHIR
One question.
When I am asking for a fresh token, the scope is getting generated automatically. e.g., system/NameOfApi
"scope": "system/DiagnosticReport.read system/DocumentReference.read system/Patient.read system/Procedure.read system/ProcedureRequest.read"
Should not it be like Patient/NameOfApi ?
"scope": "Patient/DiagnosticReport.read Patient/DocumentReference.read Patient/ProcedureRequest.read" ??? Any thoughts?
When I am asking for a fresh token, the scope is getting generated automatically. e.g., system/NameOfApi
"scope": "system/DiagnosticReport.read system/DocumentReference.read system/Patient.read system/Procedure.read system/ProcedureRequest.read"
Should not it be like Patient/NameOfApi ?
"scope": "Patient/DiagnosticReport.read Patient/DocumentReference.read Patient/ProcedureRequest.read" ??? Any thoughts?
Vishwasrao Salunkhe
Nov 10, 2023, 11:21:43 AM11/10/23
to SMART on FHIR
One of difference I see is in terms of scope.
I see you have Patient.read scope hence you are able to call https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient/erXuFYUfucBZaryVksYEcMg3 successfully.
But for DocumentReference you have DocumentReference.read scope for app but you are trying https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/DiagnosticReport?patient= erXuFYUfucBZaryVksYEcMg3
Please add DocumentReference.search scope for app and it should work. is case with Observation.
In short, scope works with below.
Patient.read ==> you can do https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient/<PatientResourceFHIRId>
DocumentReference.read (You are getting resource by using its id)==> https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/DocumentReference/<DocumentReferenceFHIRId>
DocumentReference.search (You are searching DocRef using patient Id)==> you can do https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/DiagnosticReport?patient= erXuFYUfucBZaryVksYEcMg3
Hope this helps.
Thank You,
Vishwas
Johar
Nov 13, 2023, 3:59:57 AM11/13/23
to SMART on FHIR
Hallo Vishwas,
Thanks for the detailed explanation.
If you see my first commet/post, I have done the exact way you mentioned. Followed the documentation.
And while posting sometimes I do not share all the scopes. Because I experiment and change the scopes here and there by adding or removing apis.
Unfortunately, I am still getting forbidden error for the above mentioned apis except for Patient.Read.
Thanks,
Johar
Thanks for the detailed explanation.
If you see my first commet/post, I have done the exact way you mentioned. Followed the documentation.
And while posting sometimes I do not share all the scopes. Because I experiment and change the scopes here and there by adding or removing apis.
Unfortunately, I am still getting forbidden error for the above mentioned apis except for Patient.Read.
Thanks,
Johar
Reply all
Reply to author
Forward
Message has been deleted
0 new messages