FHIR Store

Rad AI Reporting supports the HL7 FHIR R4 spec.

The FHIR API uses OAuth 2.0 as its authentication protocol. The Rad AI team will grant you a CLIENT_ID, CLIENT_SECRET, BASE_URL and an ORGANIZATION_ID which can be used for development.

Acquiring an access token

Using the granted CLIENT_ID and CLIENT_SECRET, you will be able to get an access token through the POST /oauth2/token endpoint.

curl --request POST \
  --url ${BASE_URL}/oauth2/token \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=${CLIENT_ID} \
  --data client_secret=${CLIENT_SECRET}

The response object will have an access_token property on a successful authentication. This access_token is only scoped to be able to read/write Observation resources for the specific organization that is attached to the client_id.

{
  "token_type": "Bearer",
  "expires_in": 3600,
  "scope": "openid",
  "id_token": "",
  "access_token": "JWT"
}

info

Refresh tokens are also supported - https://www.medplum.com/docs/api/oauth/token#refresh_token-optional

Utilizing the access token

For all subsequent requests, ensure the JWT from the access_token property is passed as a bearer token in the request header.

curl --request POST \
  --url ${BASE_URL}/fhir/R4/Observation \
  --header 'Authorization: Bearer ${access_token}'

FHIR Store

Acquiring an access token​

Utilizing the access token​

Acquiring an access token

Utilizing the access token