403 Forbidden on Practitioner/Read

66 views
Skip to first unread message

david....@commontime.com

unread,
Jul 28, 2017, 12:12:51 PM7/28/17
to Cerner FHIR Developers
Hi,

I'm trying to find out about the logged in user (portal / portal in this case) so I can read a medical ID but I keep getting a 403 forbidden. 

I see the get request go out to:


My scopes are:

Standard Scopes:

launch

profile

openid

online_access


Patient Scopes:

patient/Condition.read

patient/DiagnosticReport.read

patient/DocumentReference.read

patient/Encounter.read

patient/MedicationOrder.read

patient/MedicationStatement.read

patient/Observation.read

patient/Patient.read

patient/Practitioner.read

patient/Procedure.read


X-Request-Id or CorrelationId: 

X-Request-Id:
83eba1c40f4ae475b3400e32ada570d4

Appreciate the help!

Thanks,

David

Max Philips (Cerner)

unread,
Jul 28, 2017, 1:55:55 PM7/28/17
to Cerner FHIR Developers
Hi David,

fhir-ehr is the non-patient-access version of Cerner's sandbox.  In order to make requests against it, you'll need to request user-level scopes, e.g. "user/Practitioner.read".

Conversely, fhir-myrecord is the patient-access version of Cerner's sandbox, patient-level scopes will work there.


Thanks,
Max (Cerner)

Max Philips (Cerner)

unread,
Jul 28, 2017, 3:49:26 PM7/28/17
to Cerner FHIR Developers
As a follow up: for the Practitioner resource, patient access is not available.  This is noted in our documentation under Authorization Types: http://fhir.cerner.com/millennium/dstu2/individuals/practitioner/#retrieve-by-id

However, other resources in the sandbox are available for patient-access testing, using the fhir-myrecord URL and a patient-level scope.  Resource pages on fhir.cerner.com note which authorization types are supported per resource.

Thanks,
Max (Cerner)
Reply all
Reply to author
Forward
0 new messages