authorization for system account
161 views
Skip to first unread message
Assigned to mphil...@gmail.com by me
Salik Ahmed
Mar 17, 2020, 6:08:55 AM3/17/20
to Cerner FHIR Developers
Dear,
Hi, Need to know how can i call authorization for system account from fhir on smart app. what are the steps? when can i get the url prefix?Thanks
Benjamin Eichhorn (Cerner)
Mar 17, 2020, 9:06:51 AM3/17/20
to Cerner FHIR Developers
Hi,
Our documentation on fhir.cerner.com documents authorizing for system access as well as the root service URL for our sandbox environment. You will need to first register a system account[1]. Authorization is the standard oAuth2 model and you will need to leverage client credentials workflow of oAuth2 to authorize. We have this documented here[2]. The server root URLs will vary depending upon which version of the spec you wish to use. For DSTU2 this is documented here[3] and for R4 it is documented here[4]
Thanks,
Ben (Cerner)
Message has been deleted
Salik Ahmed
Mar 18, 2020, 8:48:05 AM3/18/20
to Cerner FHIR Developers
Kindly tell me what are the parameters, in which way i have to send parameters e.g(query parameter or body) and where can i get these parameters. Thanks
On Wednesday, 18 March 2020 17:45:53 UTC+5, Salik Ahmed wrote:
On Wednesday, 18 March 2020 17:45:53 UTC+5, Salik Ahmed wrote:
Hi,{"resourceType": "Conformance","text": {"status": "generated","div": "<div>Generated Conformance Statement</div>"},"name": "Cerner Conformance Statement","status": "draft","publisher": "Cerner","date": "2018-07-18","description": "Describes capabilities of this server","kind": "instance","fhirVersion": "1.0.2","acceptUnknown": "no","format": ["json"],"rest": [{"mode": "server","documentation": "All the functionality defined in FHIR","security": {"extension": [{"extension": [{"url": "token","valueUri": "https://authorization.sandboxcerner.com/tenants/0b8a0111-e8e6-4c26-a91c-5069cbc6b1ca/protocols/oauth2/profiles/smart-v1/token"},{"url": "authorize",}]}],"cors": true,"service": [{"coding": [{"system": "http://hl7.org/fhir/restful-security-service","code": "SMART-on-FHIR"}],"text": "OAuth2 using SMART-on-FHIR profile (see http://docs.smarthealthit.org/)."}],"description": "OAuth2 plus SMART extensions"},"resource": [{"type": "Conformance","interaction": [{"code": "read"}]},{"type": "AllergyIntolerance","interaction": [{"code": "create"},{"code": "read"},{"code": "update"},{"code": "search-type"}],"updateCreate": false,"searchParam": [{"name": "_id","type": "token","documentation": "A single or comma separated list of AllergyIntolerance ids. It is a required field if the patient field is not given"},{"name": "patient","type": "reference","documentation": "Who the sensitivity is for. It is a required field if the _id field is not given"},{"name": "status","type": "token","documentation": "Certainty of the allergy or intolerance"}]},{"type": "Appointment","interaction": [{"code": "create"},{"code": "update"},{"code": "read"},{"code": "search-type"}],"updateCreate": false,"searchParam": [{"name": "_id","type": "token","documentation": "A single or comma separated list of Appointment ids. Either the '_id' parameter or one of the 'patient', 'practitioner' or 'location' parameters must be set."},{"name": "_count","type": "number","documentation": "The maximum number of items to include in a page."},{"name": "date","type": "date","documentation": "A date or date range from which to find appointments. The 'date' parameter may be provided once without a prefix or time component to imply a date range or once without a prefix and with a time component to search for appointments at a specific time. Alternately it may be provided twice with 'le', 'lt', 'ge', or 'gt' prefixes to search for appointments within a specific range. The date and prefix pairs must create a closed range."},{"name": "patient","type": "reference","documentation": "A single or comma separated list of Patient references. Either the '_id' parameter or one of the 'patient', 'practitioner' or 'location' parameters must be set."},{"name": "practitioner","type": "reference","documentation": "A single or comma separated list of Practitioner references. Either the '_id' parameter or one of the 'patient', 'practitioner' or 'location' parameters must be set."},{"name": "location","type": "reference","documentation": "A single or comma separated list of Location references. Either the '_id' parameter or one of the 'patient', 'practitioner' or 'location' parameters must be set."},{"name": "status","type": "token","documentation": "A single or comma separated list of appointment statuses."}]},{"type": "Binary","interaction": [{"code": "read"}]},{"type": "CarePlan","interaction": [{"code": "read"},{"code": "search-type"}],"searchParam": [{"name": "patient","type": "reference","documentation": "Who care plan or care team is for. Either the '_id' parameter or one of the 'patient' or 'subject' parameters must be set."},{"name": "subject","type": "reference","documentation": "Who care plan or care team is for. Must be a patient. Either the '_id' parameter or one of the 'patient' or 'subject' parameters must be set."},{"name": "_id","type": "token","documentation": "A single or comma separated list of CarePlan ids. Either the '_id' parameter or one of the 'patient' or 'subject' parameters must be set."},{"name": "date","type": "date","documentation": "Time period plan covers. The prefixes 'ge' and 'le' are supported for this parameter. Date may be provided once to imply a date range or twice to specify a range. When two dates are provided they must create a closed range."},{"name": "_count","type": "number","documentation": "The maximum number of results to return in a page."},{"name": "category","type": "token","documentation": "Determines if searching for care plan or care team, and if a care team then which type. Must be set if 'patient' or 'subject' is present"},{"name": "context","type": "reference","documentation": "The encounter for which this care team was responsible. Cannot be set unless 'category' is set to 'encounter'"}]},{"type": "Condition","interaction": [{"code": "create"},{"code": "read"},{"code": "search-type"},{"code": "update"}],"updateCreate": false,"searchParam": [{"name"
Max Philips (Cerner)
Mar 18, 2020, 10:52:50 AM3/18/20
to Cerner FHIR Developers
Hello,
I deleted the post where you copied the entire conformance statement from Cerner's sandbox server. It didn't contain any sensitive information, it was just a massive blob of text in the thread.
The links that Ben provided earlier in this thread explain the process for using authorization workflows. If you have specific questions about the implementation after reviewing the provided documentation, please reach back out and we can assist.
Thanks,
Max (Cerner)
Reply all
Reply to author
Forward
0 new messages