System account for multiple clients

[Dmitry Blimm]

Hi,

If I work with more than one cerner client and want to access to their data via oAuth2 by schedule:
1. Create a system application (App Type = system) in my own account with my system account ID

2. Ask each client for system account credentials (ID and secret)

3. In each iteration get token from https://authorization.sandboxcerner.com/tenants/.../protocols/oauth2/profiles/smart-v1/token with client's system account ID and secret

4. Access to data with the token

Or I need to ask for a system application credentials from each client?

Thanks

[Benjamin Eichhorn (Cerner)]

Hi,

System access is documented here[1]. You will, at most, have only two system accounts for an app. One for sandbox, and one for production. You will not receive any credentials from the client and, when your app is provisioned for a domain, you will be using the system account that you received for either sandbox or production. For example if you are in 5 different clients systems in production, you would only use the one system account you requested for production. The client will not provide you with any credentials.

[1] https://fhir.cerner.com/authorization/#requesting-authorization-on-behalf-of-a-system

Thanks,

Ben (Cerner)

[Dmitry Blimm]

Hi,

So, from the client I need to know the domain only?

About "app is provisioned for a domain", do you mean in the domain created a system application with my system account ID?

Thanks

[Benjamin Eichhorn (Cerner)]

Yes, for a system application you would only need to know the domain you are connecting too. By "app is provisioned for a domain" I mean when your system application is granted access to connect to a given client domain.

Thanks,

Ben (Cerner)

[Dmitry Blimm]

I see, thanks for your help!