Authorization Problems (Forbidden Error during API call but not physicians API call)

31 views
Skip to first unread message
Assigned to Fenil....@cerner.com by me

Bradly Ellkay

unread,
Sep 15, 2021, 5:47:18 PMSep 15
to Cerner FHIR Developers
Hi Cerner,
I have some have problems with Authorization.

I got the public sandbox to work and was able to get physicians and patients using API calls.

But when I try a bearer token call thru Authorization, I get a 403 Forbidden Error  

Here how I setup authorization to first:
I encoded64 client:sercet for Basic Authorization

Send API call 
with 
Authorization: Basic {encoded client:sercet}
Body: grant_type=client_credentials&scope=system%2FPatient.read
Accept: application/json
Content-Type: application/x-www-form-urlencoded

Then I used the access token part of the response as a Bearer token for my next call.

When I use my Bearer Token on my next call I get 403 Forbidden error.
{
    "resourceType": "OperationOutcome",
    "issue": [
        {
            "severity": "error",
            "code": "forbidden",
            "diagnostics": "Tenant [mQjCqHb5rkr1u1foU4dqhQPBpi7Qk9R4] not valid or accessible"
        }
    ]
}

The weird part is:
I am able to access physicians list (/Practitioner?active=true) with bearer token authorization. It gives me a long list of practitioners.
But I cannot access anything else like patient (/Patient/{value}).

Can you help me? 
How can it get facilities list with Authorization but can't get Patient call with the same call? 
Does Patient have to be unlocked? (I sent  grant_type=client_credentials&scope=system%2FPatient.read as GrantType during basic  Authorization)

Thank you,
Brad

Bradly Ellkay

unread,
Sep 15, 2021, 5:52:23 PMSep 15
to Cerner FHIR Developers
Also the 403 forbidden is not the same as a public sandbox Patient not found
{
    "resourceType": "OperationOutcome",
    "issue": [
        {
            "severity": "error",
            "code": "not-found",
            "details": {
                "text": "Resource not found"
            }
        }
    ]
}
I fully believe its not "a patient not found" problem.
I believe its a tenetid mQjCqHb5rkr1u1foU4dqhQPBpi7Qk9R4 is not fully unlock error or Authorization problem. 

Bradly Ellkay

unread,
Sep 15, 2021, 6:15:25 PMSep 15
to Cerner FHIR Developers
Can you help me? (Sorry for the multiple posts. I'm not trying to bump, just trying to give a summarized at the end because last 2 posts didn't give a good conclusion. I wish I could edit)

Summarized:
I can get Practitioner list with Bearer token but can't get Patient or Appointment call responses with the same Bearer token. (Same tenetid, clientid, secret for both) Can you help? 
I get 403 Forbidden Error for Patient or Appointment call responses.
Does Patient have to be unlocked or something similar? (I sent  grant_type=client_credentials&scope=system%2FPatient.read as GrantType during basic Authorization)

Is there an configuration I forget to set to give access to tenetid mQjCqHb5rkr1u1foU4dqhQPBpi7Qk9R4 so I can access patients and other non Practitioner stuff?

Fenil Desani (Cerner)

unread,
Sep 22, 2021, 10:31:43 AMSep 22
to Cerner FHIR Developers
Hello,

Please provide x-request-id/CorrelationID for the failed call.

Thanks,
Fenil

Reply all
Reply to author
Forward
0 new messages