Enabling Epic Production Client Id

193 views
Skip to first unread message

Andrew Argraves

unread,
Apr 22, 2022, 3:39:49 PM4/22/22
to SMART on FHIR
Hello,

The Situation: 
My team has a working backend sandbox application on Epic that we are moving to a production ready. On the Epic App page, we have agreed to the terms, and clicked ready for production. 

To test our application, we attempted to get an Oauth token using the production clientId against the endpoint "https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/DSTU2/tokens". We received and "invalid_client" error. This system has been thoroughly tested on sandbox, so we are confident our implementation is correct, as we do not get this error with our sandbox clientId. 

The Question: 
When moving an application to production, should we be able to obtain a token using our clientId against the same endpoint we used in sandbox? Or rather, does the production client-id have to be associated with a production endpoint that has registered the app (for example "https://epicfhir.nyumc.org/FHIRPRD/api/FHIR/DSTU2/tokens" for NYU Langon) in order to authenticate? 
 

tomo yamano

unread,
Apr 23, 2022, 2:46:47 AM4/23/22
to Andrew Argraves, SMART on FHIR

Have you reached out to a support team from Epic?


--
You received this message because you are subscribed to the Google Groups "SMART on FHIR" group.
To unsubscribe from this group and stop receiving emails from it, send an email to smart-on-fhi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/smart-on-fhir/f24b960d-2eb8-4448-990b-918b1b726825n%40googlegroups.com.

Scott Rossignol

unread,
Apr 24, 2022, 11:40:58 AM4/24/22
to SMART on FHIR
Hello,
   the client ids needs to be downloaded into the health system (NYU's) environment. Did the "App Orchard Point Person" log into Fhir.epic.com and request the application through the website? There is also in-Epic setup that must be performed in order to receive a token via  baackend authorization. The client id must be registered against an Epic user that will allow for audit logging of the application in Epic, and finer-tuned security controls.

Andrew Argraves

unread,
Apr 25, 2022, 2:30:07 PM4/25/22
to SMART on FHIR
Thank you for your response, this confirms what we had thought. We hadn't gone through those steps you outlined but will be sure to now. 
Reply all
Reply to author
Forward
0 new messages