Forbidden issue(403) with DocumentReference

[anubha...@gmail.com]

I am trying to store a pdf in Cerner using “document-Reference” fhir api.

I have followed the steps as suggested in below url.

http://fhir.cerner.com/millennium/r4/documents/document-reference/#create 

Below are the header & Body details which I have passed  

Header:

Authorization: <OAuth2 Bearer Token>(Given the token after successful authentication)

Accept: application/json+fhir

Content-Type: application/fhir+json

Body :  

{

  "resourceType": "DocumentReference",

  "status": "current",

  "docStatus": "final",

  "type": {

    "coding": [

      {

        "system": "https://fhir.cerner.com/ec2458f2-1e24-41c8-b71b-0e701af7583d/codeSet/72",

        "code": "20732501",

        "display": "Height Weight Allergy Rule - Text",

        "userSelected": true

      }

    ],

    "text": "Height Weight Allergy Rule - Text"

  },

  "subject": {

    "reference": "Patient/53663272"

  },

  "author": [

    {

      "reference": "Practitioner/21500981"

    }

  ],

  "authenticator": {

    "reference": "Practitioner/21500981"

  },

  "content": [

    {

      "attachment": {

        "contentType": "application/xml;charset=utf-8",

        "data": "PGh0bWw+Cjx0aXRsZT4gVGVzdCBEb2N1bWVudCA8L3RpdGxlPgoKRG9jdW1lbnQgY29udGVudCEKCjwvaHRtbD4=",

        "title": "Height Weight Allergy Rule",

        "creation": "2020-07-29T21:02:04.000Z"

      }

    }

  ],

  "context": {

    "encounter": [

      {

        "reference": "Encounter/4208059"

      }

    ],

    "period": {

      "start": "2020-01-01T00:00:00.000Z",

      "end": "2020-01-01T01:00:00.000Z"

    }

  }

}

But I am getting response as 403 forbidden, 

Response: 

{

    "resourceType": "OperationOutcome",

    "issue": [

        {

            "severity": "error",

            "code": "forbidden",

            "diagnostics": "Bearer realm=\"fhir-ehr-code.cerner.com\", error=\"insufficient_scope\"",

            "expression": [

                "http.Authorization"

            ]

        }

    ]

}

Is there any more info also required/passed to using document-reference api.

Please suggest if I am missing something.

Thanks,

Anubhav

[Aaron McGinn (Cerner)]

Per our group guidelines, could you please post the X-Request-Id associated with your request? This is located in the headers of the response.

-Aaron (Cerner)

[Anubhav Jain]

Hi Aaron,

Thanks for the quick response.

The X-Request-Id is:  7062251c-86f0-4d37-926e-dc224bec0452

Thanks

Anubhav

--
You received this message because you are subscribed to the Google Groups "Cerner FHIR Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cerner-fhir-devel...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cerner-fhir-developers/794fdbd1-36c1-4700-8249-284461c3359cn%40googlegroups.com.

[Aaron McGinn (Cerner)]

Your auth token does not have the DocumentReference.write scope. You will need to include this in your authorization request to use the resource.

The provided token does not have sufficient scope for the request. Requested resource: DocumentReference. Authorized scopes: patient/Patient.read,launch,online_access,openid,profile

-Aaron (Cerner)