Accessing Cerner through postman, and using basic auth to connect out of sandbox

[John D]

Hello, 

I have two main questions or tasks that I want to know if can be completed, or if I can get some assistance with doing so. 

The first is in wondering if there is a way to access patient data from outside of the sandbox, like for example Epic calls their one hyperspace, to access the data from outside of that.

As a service that would be able to take patient tobacco history data, allow us to see it and then push back our flowsheet or observation document back into the EMR. 

But the initial part of that, we just want to be able to connect through calls in postman to get data and push it back to a patient, and I want to know how I can accomplish this. 

for constructing the auth URL I was using this, 

https://authorization.sandboxcerner.com/tenants/75c85abb-b9bd-4cf1-a8f8-2b854cd2b97b/protocols/oauth2/profiles/smart-v1/personas/patient/authorize

?response_type=code&client_id=<clientid>&scope=launch/system,system/observation.read,system/patient.read&aud=https://fhir-myrecord.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/&redirect_uri=https://www.getpostman.com/oauth2/callback

I don't know if I am using the correct grant type as well, but this one didn't require a secret to use, but after trying to get the token, it returns with access denied.

The second question, is that for doing this in Epic, we end up having to use Basic Authentication instead of the launch and OAuth combination, is there a similar way or need to do this to work with Cerner?

Thank you for your help.

John

[John D]

Additionally, sorry if this is the wrong place to ask... but I was asked to forward this question or to seek a place where I can ask if we may be able to get in touch with someone for 1-on-1 support. 

If we needed to pay or something like that otherwise through Cerner. If it may be needed or possible for the project(s) future. 

Thank you. 

[Jenni Syed (Cerner)]

Hi John,

Sorry for the delay. Are you just asking how to accomplish access on behalf of a user with Cerner Millennium's FHIR implementation? If so, the documentation is here (you can't use basic auth, you would need to get the prompt for login and sign in with one of our sandbox users): http://fhir.cerner.com/authorization/#requesting-authorization-on-behalf-of-a-user - but you can't use 'system' scopes with this workflow. (Note: you may need to make sure Postman adds the "aud" parameter to the authorize url)

If you're trying to do access on behalf of a system, there can't be a launch scope and you wouldn't use the authorize endpoint. The examples and workflow for this are here: http://fhir.cerner.com/authorization/#requesting-authorization-on-behalf-of-a-system

As to more in depth support - you can read about our code program, though we typically start that process after initial sandbox development for your application. If you are a client of ours, we offer more targeted training options. For 3rd party developers, we typically offer our Code Learning lab in the Summer. If you sign up for the newsletter this often announces the dates for those as well as other events.

https://code.cerner.com/

https://code.cerner.com/submit

https://code.cerner.com/faqs

Regards,

Jenni

[Revathy Pennathur]

Hi:

        I requested a system account for standalone access  (following the guidelines described in  http://fhir.cerner.com/authorization/#requesting-authorization-on-behalf-of-a-system ) and was granted an account id and secret. The auth server( https://api.sandboxcernercare.com/oauth/access)issues me a token  (it uses ouath1.0 looks like) However using the token I receive from this auth server, I am unable to access secure fhir sandbox (https://fhir-ehr.sandboxcerner.com/dstu2/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/). I get a Unauthorized. I do not think I am getting the oauth token from the correct auth server in order to acces the secure fhir sandbox. I tried requesting a second system account by describing the problem, however that request was not honored and I was asked to post the issue in this group. Any help is highly appreciated.

Thanks

Rev

[Benjamin Eichhorn (Cerner)]

Hi Rev,

Per our group guidelines, could you please open up a new thread for your question or issue?

Thank you,

Ben (Cerner)