Epic's Smart on FHIR sandbox

8,404 views
Skip to first unread message

Isaac Vetter

unread,
Apr 4, 2016, 1:18:24 PM4/4/16
to SMART on FHIR, op...@epic.com

Getting started with SMART on FHIR? Check out the Epic FHIR and OAuth tutorials.

 

It’s easy to test your SMART on FHIR app with Epic. From the Epic sandbox, at open.epic.com/launchpad, you can test the entire SMART on FHIR EHR launch flow:

  • select a patient and launch your app, (using a generic client_id) from https://open.epic.com/launchpad/OAuth2Sso
  • authorize your launch token and retrieve an access token from Epic’s OAuth2 server (urls in the FHIR Conformance resource)
  • And finally, interact with Epic’s secured FHIR resources using your newly issued access token 

In addition to these secured FHIR resources, the sandbox also includes unsecured FHIR resources to help you get started. The sandbox currently includes read and search of these resources: Patient+Practitioner, AllergyIntolerance, Medication+MedicationOrder, Condition, Observation, FamilyMemberHistory, DiagnosticReport, Immunization, CarePlan+Goal, Procedure, Device, DocumentReference+Binary, Schedule, Slot and Appointment. We’re looking forward to seeing the cool stuff you can do with these resources.

 

If you’d like to get a dedicated OAuth2 client_id for testing in the sandbox, reach out to op...@epic.com.

 

We’d love to hear your feedback about our FHIR resources, our OAuth2 support, our sandbox. Epic is participating in the Argonaut Project and we’re actively looking for real-world testing. What’s missing from the sandbox? How can we make it easier to use? What resources do you need to finish your killer app?

 

Isaac Vetter

Epic

Michele Mottini

unread,
Apr 4, 2016, 3:57:02 PM4/4/16
to SMART on FHIR, op...@epic.com
Thanks!

I tried to launch one of our app using the Oauth2Sso page but it asks me user name and password:
Inline image 1

...what should I use for those? (I already logged in to start the sequence using my Google credential)

  Thanks

  - Michele Mottini
  CareEvolution Inc



Isaac Vetter

unread,
Apr 4, 2016, 8:05:13 PM4/4/16
to Michele Mottini, SMART on FHIR, op...@epic.com
Hi Michele,

Thanks for trying it out! 

I think that you're being asked for a username / password because your app didn't successfully exchange the launch token for an authorization code (and instead your browser was directed to log in). Using the EHR Launch flow (single-sign-on should be included) because the user is already authenticated with the EHR and therefore shouldn't need to re-authenticate.

Could you check this step in your application and let me know if you continue to experience problems?

Isaac  

--
You received this message because you are subscribed to a topic in the Google Groups "SMART on FHIR" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/smart-on-fhir/sBcd2lkHnbc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to smart-on-fhi...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Michele Mottini

unread,
Apr 5, 2016, 6:22:35 AM4/5/16
to SMART on FHIR, op...@epic.com
The app is this one, that does not use the launch context, so it is not passing it along in the login sequence - and I guess that is what causes the problem....

  - Michele


Message has been deleted

Pascal Pfiffner

unread,
Apr 6, 2016, 8:10:16 AM4/6/16
to SMART on FHIR, op...@epic.com
I'm getting a 404 when redirecting to the authorize endpoint at https://open-ic.epic.com/oauth2/authorize (which seems to be correct when looking at the Conformance statement). Is this the right endpoint?

Thanks
Pascal

Isaac Vetter

unread,
Apr 6, 2016, 12:37:41 PM4/6/16
to Pascal Pfiffner, SMART on FHIR, op...@epic.com
Hi Pascal,

Right now, the Epic sandbox contains two FHIR servers at different base urls. One is completely unprotected, the other requires OAuth tokens. 

Here's the OAuth/protected FHIR server: https://open-ic.epic.com/Argonaut/api/FHIR/Argonaut



Is this what you needed?

Isaac

--

Isaac Vetter

unread,
Apr 6, 2016, 1:14:31 PM4/6/16
to SMART on FHIR, op...@epic.com
[edited to correct password to uppercase]

Hi Michele,

No worries. We have a generic username/password of ARGONAUT/ARGONAUT to use for testing in just this scenario. A username of argonaut and a password of ARGONAUT should allow you to test workflows that originate in the app instead of the EHR.

Isaac

Pascal Pfiffner

unread,
Apr 7, 2016, 3:36:12 AM4/7/16
to SMART on FHIR, phase.o...@gmail.com, op...@epic.com
Thanks Isaac. Yes, this was the endpoint I was trying to use. But I got a different authorize endpoint and I think I found out why: it's the _summary flag. Retrieving the Conformance statement plainly, I get this security portion:

"security": {
  "cors": true,
  "extension": [{
    "extension": [{
      "url": "authorize",
    },
    {
      "url": "token",
    }],
  }]
}

However, when I fetch the Conformance statement with ?_summary=true, I get this security portion with different authorize and token endpoints:

"security": {
  "cors": true,
  "extension": [{
    "extension": [{
      "url": "authorize",
    },
    {
      "url": "token",
    }],
  }]
}

This means my mobile client, which wants the summary, will use the wrong authorize URL and get a 404. Hope this can be fixed! :)

Best
Pascal

Isaac Vetter

unread,
Apr 8, 2016, 5:39:04 PM4/8/16
to SMART on FHIR, phase.o...@gmail.com, op...@epic.com
To update the list -- Pascal and I got this resolved. 

The Epic OAuth2 sandbox Conformance statement at:

is now consistently returning the correct authorize and token endpoints.

Thank you, Pascal!

Isaac Vetter
Epic

Yunwei Wang

unread,
Apr 18, 2016, 11:21:29 AM4/18/16
to SMART on FHIR, phase.o...@gmail.com, op...@epic.com
Hello Isaac:

I tried using .NET FHIR Client to connect to open epic server to pull metadata. But I got two errors:

First, if I choose the XML as content format, the parser failed because the extension is not in correct format.

The xml pulled from open epic has extension like this:

<extension><url value="authorize"/><valueUri value="https://open-ic.epic.com/Argonaut/oauth2/authorize"/></extension>

But .NET FHIR client expected extension like this:

<extension url="authorize"><valueUri value="https://open-ic.epic.com/Argonaut/oauth2/authorize"/></extension>

Second, if I choose JSON, the extension is parsed (strange) but failed on search parameters:

<searchParam><name value="practitioner"/><type value="1"/></searchParam>

type value="1" is not valid for searchParam.

Yunwei

Yunwei Wang

unread,
Apr 18, 2016, 11:23:35 AM4/18/16
to SMART on FHIR, op...@epic.com
Hello Issac:

Another issue. When I used js client, I can get patient data but when I tried to get condition for the selected patient, I got error 400.

Yunwei

Isaac Vetter

unread,
Apr 18, 2016, 4:06:02 PM4/18/16
to SMART on FHIR, op...@epic.com
Hi Yunwei,

I'm addressing each of the two issues that you're encountering.

1) "patient data but when I tried to get condition for the selected patient, I got error 400"

It can often be helpful to check out our specific FHIR resource documentation when trying out a new resource. In this case, the Condition resource has a bit of documentation here: https://open.epic.com/Clinical/FHIR?whereTo=condition#

Our Condition resource has a few required search parameters. I'm hypothesizing that you're doing a search like this:
and getting back a 400. Whereas, if you add an additional search parameter of "category=diagnosis", it should work:

Similarly, currently, none our the Epic resources will return all instances of that resource; said another way; and id or some search parameters are always required.

2) using .NET FHIR Client to connect to open epic server to pull metadata 

Thank you for reporting this. We're in the process of upgrading our sandbox to support some additional FHIR resources, which should have been transparent to you. If you try again using json, this should work. We should have the xml issue fixed soon.

Isaac Vetter

Yunwei Wang

unread,
Apr 19, 2016, 12:47:32 PM4/19/16
to SMART on FHIR, op...@epic.com
Hello Isaac:

Thank you for the help. Now I can move forward to the next parsing error. :)

        {
            "type": "Compartment",
            "interaction": [{
                "code": "patient"
            }],
            "searchParam": []
        },

Resource type Compartment is not a standard FHIR resource. Is it an extension?

Yunwei

Yunwei Wang

unread,
Apr 19, 2016, 1:29:19 PM4/19/16
to SMART on FHIR, op...@epic.com
Hello Isaac:

Another issue I got is that the metadata points authorize URL to https://open-ic.epic.com/Argonaut/oauth2/authorize


<extension><url value="authorize"/><valueUri value="https://open-ic.epic.com/Argonaut/oauth2/authorize"/></extension>

But when I sent authorize request to that URL, I got error 302. Can you fix the authorize URL in metadata?

Yunwei

Isaac Vetter

unread,
Apr 19, 2016, 3:29:23 PM4/19/16
to SMART on FHIR, op...@epic.com
Hi Yunwei,

In terms of the 302 returned by the authorize endpoint - I'm surmising that the issue you're encountering that that we're not yet supporting sending the launch token as it's own, named parameter outside of a scope parameter when requesting the authorization code. 

This should work:

and this doesn't yet work in our sandbox - 


I believe that the development to our OAuth2 server to support the launch token as it's own parameter, is just finalizing testing and should be pushed into the sandbox soon. I'll look into this.

Does that help?



For the compartment resource, FHIR does include an early, immature concept of Compartment. We also use this sandbox as a testing ground for prototyping and early testing - a key reason why feedback from app developers like you is so valuable. On what FHIR resource are you seeing this?

Isaac

Yunwei Wang

unread,
Apr 21, 2016, 12:05:59 PM4/21/16
to SMART on FHIR, op...@epic.com
Hello Isaac:

Yeah. My JS public client works now after I add launch token to scope.

It seems you don't support standalone app yet. Am I right? When I send the scope "patient/*.read launch/patient", I get the same 302 error.

I am still struggling through .NET confidential client. The main problem is the .NET client parser (from furore) need to validate the whole resource. Any schema failure causes exceptions. That's the problem for the Compartment element in metadata. I am working on retrieving raw json stream from client before let it parse to Conformance resource.

Yunwei

Isaac Vetter

unread,
May 23, 2016, 1:53:54 PM5/23/16
to SMART on FHIR, op...@epic.com
Hi,

If you're interested in testing your SMART on FHIR app with Epic, you can now get a dedicated, non-prod, sandbox client id. If you've been using the generic client id documented on the sandbox, note that it's recently changed (so you'll likely need to put the new id into your app).

Isaac Vetter
Epic

Ameer Zaffar Sulaiman

unread,
Jun 15, 2016, 7:37:21 PM6/15/16
to SMART on FHIR, op...@epic.com
Does the Epic sandbox environment provide or support a client_secret as part of its OAuth flow? 

Isaac Vetter

unread,
Jun 16, 2016, 12:07:36 AM6/16/16
to Ameer Zaffar Sulaiman, SMART on FHIR, op...@epic.com, Isaac Vetter
Hi Ameer,

Yes, but we don't have a way for you to create a client record yourself with a client_id. 

Could you go ahead and create a client record at: https://open.epic.com/MyApps and then reply to the cc line privately with the name you registered?  I can create a client_secret for you.

Isaac Vetter
Epic
 

On Wed, Jun 15, 2016 at 6:37 PM Ameer Zaffar Sulaiman <ameerzaff...@gmail.com> wrote:
Does the Epic sandbox environment provide or support a client_secret as part of its OAuth flow? 

--

Alexandr Iozhitsa

unread,
Oct 27, 2016, 8:15:05 AM10/27/16
to SMART on FHIR, op...@epic.com
Hi, Isaac! I'm trying to get access to your OAuth2 server. I have registered new app for Epic, but each time I trying to get code from authorization endpoint the error is returned: "OAuth2 Error: INVALID_CLIENT".
I'm going step by stem as in this tutorial https://open.epic.com/launchpad/OAuth2Sso.
The other issue, how can I get constant launch for my client_id? 

Thanks!

понедельник, 4 апреля 2016 г., 20:18:24 UTC+3 пользователь Isaac Vetter написал:

Juan Lorenzo Hinojosa

unread,
Jan 11, 2017, 6:19:15 PM1/11/17
to SMART on FHIR, op...@epic.com
I'm getting this same error? were you able to fix it ?

Nilesh Patkar

unread,
Jan 29, 2017, 1:42:34 PM1/29/17
to SMART on FHIR, op...@epic.com
Hi Isaac,
Do you have any idea when open epic will support Encounter resource ? We are eagerly waiting for it to build our Patient engagement mobile app.

Thanks and regards,
Nilesh Patkar


On Monday, April 4, 2016 at 1:18:24 PM UTC-4, Isaac Vetter wrote:

Isaac Vetter

unread,
Jan 29, 2017, 1:48:38 PM1/29/17
to Nilesh Patkar, SMART on FHIR, op...@epic.com
Hi Nilesh,

I appreciate your urgency for Epic's support of this important FHIR resource.

Rather than commenting on our timeline on this google group, I'm going to defer to one of the two emails that you sent to the op...@epic.com email address yesterday.

Isaac Vetter
Epic

--

he...@swellbox.com

unread,
Jul 27, 2017, 5:50:31 PM7/27/17
to SMART on FHIR, nilesh...@thoughti.com, op...@epic.com
Hi Isaac,

I know this thread is several months old now but wanted to know if there was any update regarding the timeline on when developers can anticipate the FHIR Encounters resource.

Also, it's not clear to me how to obtain an extended duration refresh token for offline access- is this supported yet?  It looks like the access tokens currently expire 1 hour after being issued.

Thanks for the help!
-Jeff

Swellbox Support

unread,
Aug 11, 2017, 5:51:50 PM8/11/17
to open.epic - Inquiries, SMART on FHIR, nilesh...@thoughti.com
Hi Richard,

Thanks for following up.  I’ll look into App Orchard.

Also, I’m having an issue while testing with an open.epic live endpoint (Weill Cornell)-

I’m able to successfully get an OAuth token after approving my app (and it shows up in the “Linked Apps & Devices”) but when trying to access most production FHIR resources (MedicationStatement, DocumentReference,  DiagnosticReport + Procedure) it says "Provided token is invalid" although other resources (Immunizations) work fine (no "invalid token" error)- though my account has no immunizations.  

All the same requests work without errors on the open.epic sandbox with my test client_id and test endpoint.  Is this related to not being registered with App Orchard, or something else?

Appreciate your help

-Jeff


On Aug 8, 2017, at 10:27 AM, open.epic - Inquiries <op...@epic.com> wrote:

Hi Jeff,
 
The FHIR Encounter resource is included in development plans for Epic version 2018 (which is scheduled for Q1 2018).
 
We don’t have current plans to include Encounter in the FHIR resources that are available through open.epic. However, you can sign up for the App Orchard program which would give you access to all Epic APIs & FHIR Resources. That program will also allow you to obtain a refresh token.
 
 
Thanks
Richard Thomas
Epic|Integration Engineer
Open.Epic
From: he...@swellbox.com [mailto:he...@swellbox.com] 
Sent: Thursday, July 27, 2017 4:51 PM
To: SMART on FHIR <smart-...@googlegroups.com>
Cc: nilesh...@thoughti.com; open.epic - Inquiries <op...@epic.com>
Subject: Re: Epic's Smart on FHIR sandbox
 
Hi Isaac,
 
I know this thread is several months old now but wanted to know if there was any update regarding the timeline on when developers can anticipate the FHIR Encounters resource.
 
Also, it's not clear to me how to obtain an extended duration refresh token for offline access- is this supported yet?  It looks like the access tokens currently expire 1 hour after being issued.
 
Thanks for the help!
-Jeff

On Sunday, January 29, 2017 at 1:48:38 PM UTC-5, Isaac Vetter wrote:
Hi Nilesh,
 
I appreciate your urgency for Epic's support of this important FHIR resource.
 
Rather than commenting on our timeline on this google group, I'm going to defer to one of the two emails that you sent to the op...@epic.com email address yesterday.
 
Isaac Vetter
Epic
 
On Sun, Jan 29, 2017 at 12:42 PM Nilesh Patkar <nilesh...@thoughti.com> wrote:
Hi Isaac,
Do you have any idea when open epic will support Encounter resource ? We are eagerly waiting for it to build our Patient engagement mobile app.
 
Thanks and regards,
Nilesh Patkar


On Monday, April 4, 2016 at 1:18:24 PM UTC-4, Isaac Vetter wrote:
Getting started with SMART on FHIR? Check out the Epic FHIR and OAuth tutorials.
 
It’s easy to test your SMART on FHIR app with Epic. From the Epic sandbox, atopen.epic.com/launchpad, you can test the entire SMART on FHIR EHR launch flow:
  • select a patient and launch your app, (using a generic client_id) from https://open.epic.com/launchpad/OAuth2Sso
  • authorize your launch token and retrieve an access token from Epic’s OAuth2 server (urls in the FHIR Conformance resource)
  • And finally, interact with Epic’s secured FHIR resources using your newly issued access token 
In addition to these secured FHIR resources, the sandbox also includes unsecured FHIR resources to help you get started. The sandbox currently includes read and search of these resources: Patient+Practitioner, AllergyIntolerance, Medication+MedicationOrder, Condition,Observation, FamilyMemberHistory, DiagnosticReport, Immunization, CarePlan+Goal,Procedure, Device, DocumentReference+Binary, Schedule, Slot and Appointment. We’re looking forward to seeing the cool stuff you can do with these resources.
 

Mark Kaiser

unread,
Nov 28, 2017, 9:17:15 AM11/28/17
to SMART on FHIR

Hi Jeff,

Did you get a response on your last two questions about the Encounter service and whether the FHIR resources are only available for members of the App Orchard?

Thanks,
Mark

Vassil Filipov

unread,
Dec 5, 2017, 9:30:52 AM12/5/17
to SMART on FHIR

Hello,

I'm currently experiencing an issue with LaunchPad ( https://open.epic.com/Launchpad/OAuth2Sso ) Whenever I try to launch an application I receive an invalid_client error:
 (

OAuth2 Error: 

INVALID_CLIENT

The application trying to authorize is not recognized, provided invalid identifying information, or we were unable to verify its identity at this time.).

I am using applications that have been working without an issue until recently.
Any help would be highly appreciated!

- Vaso

Modest Syla

unread,
Dec 15, 2017, 10:41:53 AM12/15/17
to SMART on FHIR
Vassil,

Any update from your experience?  I'm seeing a similar issue when testing an app on apporchard.  oauth2 flow works fine when selecting to go against "preview", but doesn't work against "Epic 2017" with the same result as you stated.  Going through open epic works fine.

Thanks in advance!

Vassil Filipov

unread,
Dec 15, 2017, 4:28:16 PM12/15/17
to SMART on FHIR
Hi Modest Syla,

With a little help from the kind Epic folks at op...@epic.com I was able to launch my application, by using the LaunchPad interface. What I needed was to register an Application in the MyApps section of the sandbox
and use that NONPROD CLIENT ID, then it started to work. Mind you I am using the open epic environment.

I hope this is helpful.

- Vaso


sriniva...@gmail.com

unread,
Aug 14, 2018, 12:22:26 PM8/14/18
to SMART on FHIR
Hi Isaac,

I am trying to call Patient+Practitioner API call (https) using the interface engine and am unable to call.
is there any dummy certificate/authorization mechanism available to call the unsecured resources?

Regards,
Srini.


On Monday, April 4, 2016 at 1:18:24 PM UTC-4, Isaac Vetter wrote:

Getting started with SMART on FHIR? Check out the Epic FHIR and OAuth tutorials.

 

It’s easy to test your SMART on FHIR app with Epic. From the Epic sandbox, at open.epic.com/launchpad, you can test the entire SMART on FHIR EHR launch flow:

  • select a patient and launch your app, (using a generic client_id) from https://open.epic.com/launchpad/OAuth2Sso
  • authorize your launch token and retrieve an access token from Epic’s OAuth2 server (urls in the FHIR Conformance resource)
  • And finally, interact with Epic’s secured FHIR resources using your newly issued access token 

In addition to these secured FHIR resources, the sandbox also includes unsecured FHIR resources to help you get started. The sandbox currently includes read and search of these resources: Patient+Practitioner, AllergyIntolerance, Medication+MedicationOrder, Condition, Observation, FamilyMemberHistory, DiagnosticReport, Immunization, CarePlan+Goal, Procedure, Device, DocumentReference+Binary, Schedule, Slot and Appointment. We’re looking forward to seeing the cool stuff you can do with these resources.

Michael Krupnick

unread,
Aug 14, 2018, 3:22:46 PM8/14/18
to sriniva...@gmail.com, smart-...@googlegroups.com
I believe you can create your own "App" within open epic which comes with its own Client ID and redirect URL by going here: https://open.epic.com/MyApps# and clicking "Create a new App".

Thanks,

-Michael Krupnick


--
You received this message because you are subscribed to the Google Groups "SMART on FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smart-on-fhi...@googlegroups.com.

Sugandha Bansal

unread,
Nov 9, 2018, 4:01:26 PM11/9/18
to SMART on FHIR
Hi ,

is there any way to automate authorization code using java code. I want Mychart screen to be skip and it should automatically create code/token.

Sugandha

krishan singh

unread,
Feb 17, 2020, 7:15:59 AM2/17/20
to SMART on FHIR
Hi Epic Team,

We are already registered with the open Epic, I have looked the other things like oauth and smart on fhir.
My urgent question is on the high level design like we already using our UI frontend app which is showing 
the Patient related information along with Allergies, medication, Problems, vitals etc..
As we be enhancing our our app to work with open epic standard but the table structure there in open epic is different from our
like the Patient table, Vital table, Facility table, Provider table etc so the table column name would be different om open epic 
so i need the table structure and the high level design which include the open epic basic table cover the  Institution ( hospital), Facility(Clinics),
Providers,Patients,Patientdemigraphics,vitals,Problems,Medication etc.

Please Support to response as soon as possible..


Thanks
Krishan
(OMS) 
 

Christos Papidas

unread,
Oct 9, 2020, 6:00:53 AM10/9/20
to SMART on FHIR
Hi Epic Team,

we integrated with your sandbox recently, but we received 4101 error Resource request returns no results. 

We are using DSTU2 for our resources.

We are getting get token from your sandbox environment successfully, but when we are trying to retrieve the data for the following two users:

user: fhirjason password: epicepic1
user: fhirdaisy password: epicepic1

tried with iss=https://open-ic.epic.com/Argonaut/api/FHIR/Argonaut

Denis Mulder

unread,
Oct 27, 2020, 9:05:46 AM10/27/20
to SMART on FHIR
Same error here, there seem to be no data for Jason Argonaut anymore? Oauth for Jason Argonaut works fine, but no data.

Michele Mottini

unread,
Oct 27, 2020, 9:58:14 AM10/27/20
to SMART on FHIR
This appears to be Epic-specific - this group is for general SMART-related stuff. Try op...@epic.com

  - Michele
  CareEvolution 

--
You received this message because you are subscribed to the Google Groups "SMART on FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smart-on-fhi...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages