Skip to first unread message
david....@commontime.com
Jul 28, 2017, 12:12:51 PM7/28/17
to Cerner FHIR Developers
Hi,
I'm trying to find out about the logged in user (portal / portal in this case) so I can read a medical ID but I keep getting a 403 forbidden.
I see the get request go out to:
My scopes are:
Standard Scopes:
launch
profile
openid
online_access
Patient Scopes:
patient/Condition.read
patient/DiagnosticReport.read
patient/DocumentReference.read
patient/Encounter.read
patient/MedicationOrder.read
patient/MedicationStatement.read
patient/Observation.read
patient/Patient.read
patient/Practitioner.read
patient/Procedure.read
X-Request-Id or CorrelationId:
X-Request-Id:
83eba1c40f4ae475b3400e32ada570d4
Appreciate the help!
Thanks,
David
Max Philips (Cerner)
Jul 28, 2017, 1:55:55 PM7/28/17
to Cerner FHIR Developers
Hi David,
fhir-ehr is the non-patient-access version of Cerner's sandbox. In order to make requests against it, you'll need to request user-level scopes, e.g. "user/Practitioner.read".
Conversely, fhir-myrecord is the patient-access version of Cerner's sandbox, patient-level scopes will work there.
Here's some further reading: http://fhir.cerner.com/millennium/dstu2/#secure-sandbox
Thanks,
Max (Cerner)
Max Philips (Cerner)
Jul 28, 2017, 3:49:26 PM7/28/17
to Cerner FHIR Developers
As a follow up: for the Practitioner resource, patient access is not available. This is noted in our documentation under Authorization Types: http://fhir.cerner.com/millennium/dstu2/individuals/practitioner/#retrieve-by-id
However, other resources in the sandbox are available for patient-access testing, using the fhir-myrecord URL and a patient-level scope. Resource pages on fhir.cerner.com note which authorization types are supported per resource.
Thanks,
Max (Cerner)
Reply all
Reply to author
Forward
0 new messages