Authorization Registration

InteliChart's FHIR API uses OAuth 2.0 to manage authorization for patient information. To enable access, we require the follow information.

  • client_id - a public identifier for apps. This will be automatically generated during the on-boarding process.
  • redirect_uri - the URL the authorization server will redirect the user to after authorization.
  • credentials - We support Asymmetric (public key) and Symmetric (shared secret) Authorization. When registering a backend client app that requests system level scopes, you must register a JWKS URL during on-boarding. If your application does not require system level scopes, a client secret will be generated automatically.

Symmetric (shared secret)

Authorization Code Flow

  1. Obtain authorization and access token endpoints from https://fhirapiqa.intelichart.com/.well-known/smart-configuration or https://fhirauthqa.intelichart.com/.well-known/openid-configuration
  2. Request an authorization code. The request should contain the following parameters:
    • response_type: This must be set to "code"
    • client_id: Your application's client_id generated during the on-boarding process
    • scope: a space separated list of scopes for which your application is requesting access.
    • redirect_uri: your application's redirect uri, which will be called as a callback after the request completes.
    • If the user is not logged in, they will be redirected to a login page and then prompted to grant consent to requested scopes.
    • The authorization server will redirect to the provided redirect_uri, appending a code parameter, scopes, and session_state to the URL.
  3. After receiving the authorization code from the previous step, exchange the authorization code for an Access Token.
    • Send an HTTP POST request to the token endpoint identified in step 1.
      • Include a Content-Type header with value set to "application/x-www-form-urlencoded"
      • In the Authorization header, send your client id and client secret in the format client_id:client_secret (Base 64 encoded)
      • In the request body, include the following:
        • grant_type: "authorization_code"
        • code: The authorization code sent as a querystring parameter on the Redirect URI
        • redirect_uri: the same redirect_uri as used in the authorization code request
        • client_id: Your application's client_id generated during the on-boarding process
        • audience: the base URL of the InteliChart FHIR API.
  4. This request will return a JSON object in the Response Body that contains the Access Token

Asymmetric (public key) Authorization

Client Credentials Flow

  • Obtain access token endpoint from https://fhirapiqa.intelichart.com/.well-known/smart-configuration or https://fhirauthqa.intelichart.com/.well-known/openid-configuration
  • Send an HTTP POST request to the token endpoint
    • Include a Content-Type header with value set to "application/x-www-form-urlencoded"
    • In the request body, include the following fields and values
      • client_assertion_type: urn:ietf:params:oauth:client-assertion-type:jwt-bearer
      • grant_type: client_credentials
      • scope: a space separated list of scopes
      • client_assertion: a JWT containing the following information:
        • The JWT header must contain the the algorithm, a type of "JWT" and the key identifier
        • The payload must contain:
          • jwks_url: the URL of your JWK. This must match the URL registered during on-boarding.
          • accessTokensExpireIn: the number of minutes until the JWK expires.
          • iat: Time integer for when the JWT was created, expressed in seconds since the "Epoch" (1970-01-01T00:00:00Z UTC).
          • sub: your Client Id
          • iss: your Client Id