Authorization
The application will need to follow OAuth 2.0 protocols for authentication. You will need to follow the below instructions to receive an authorization code and a token.
Authorization
Using OAuth 2.0 for Authorization.
Getting an Authorization Code
A POST request to the following end point.
POST: 'https://api.practicestudio.net/patientportal/fhir/authorize'The authorization server will ensure that the user can log into the patient portal. A response will be returned containing the authorization code and state. See example response:
RESPONSE: 'https://example.net/example/redirect?code=cc5a8ff74b374bc989a9e5c6fe0582cc&state=23e9e993-d703-432e-8572-3c76080fca35'The authorization code can then be exchanged for an access token.
Getting an Access Token
A POST request to the following end point.
POST: 'https://api.practicestudio.net/patientportal/fhir/token'
header: 'Authorization: Basic base64({client_id}:{client_secret})'
header: 'Content-Type: application/x-www-form-urlencoded'
body: 'code={authorization code}'
body: 'grant_type=authorization_code'
body: 'redirect_uri={redirect_uri}'Example JSON Response from authorization server:
{
"access_token": "09d7f206933e46a1b141a02817be5e1c",
"token_type": "bearer",
"expires_in": "1799",
"refresh_token": "2de33753-680a-4b3c-98b6-48d99f0402e5",
"scope": "launch/patient openid fhirUser offline_access patient/Medication.read patient/AllergyIntolerance.read patient/CarePlan.read patient/CareTeam.read patient/Condition.read patient/Device.read patient/DiagnosticReport.read patient/DocumentReference.read patient/Encounter.read patient/Goal.read patient/Immunization.read patient/Location.read patient/MedicationRequest.read patient/Observation.read patient/Organization.read patient/Patient.read patient/Practitioner.read patient/Procedure.read patient/Provenance.read patient/PractitionerRole.read",
"patient": "000034",
"smart_style_url": "https://downloads.practicestudio.net/SmartStyle/smart_v1.json",
"need_patient_banner": "false",
"id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtYXR0am9yZGFuaWxlckBob3RtYWlsLmNvbSIsImZoaXJVc2VyIjoiYXBpLnByYWN0aWNlc3R1ZGlvLm5ldC9wYXRpZW50cG9ydGFsL2ZoaXIvUGF0aWVudC8wMDAwMzQiLCJleHAiOjE2NjA4MzMxMTYsImlhdCI6MTY2MDIyODMxNiwiaXNzIjoiaHR0cHM6Ly9hcGkucHJhY3RpY2VzdHVkaW8ubmV0L3BhdGllbnRwb3J0YWwvZmhpciIsImF1ZCI6InRlc3QifQ.jKWxxXvVwnR5R1fg8NbcTXmpBC_P31FvTMiAx5bFiB00nmVn9-lUyihHgO6PSl_-avEqqpCtBJERjmR9kz--wAoxOAx5y0Bxt4hpjLm2qGP_OV-k7mh8VrT4GL2WMsfnhCvWRy24KY2XI2ZCvpBeAqT6jRBN7BbwMTEI96XoAO6pc3ZFyysszHbt1Z1RlrimgNNOneQEemF-U4Ke955RBvnq2DxsFJrxCFA2X-kpx3nrvzXJJ_005FvL8t_BCSInD6AqEPSFHR7Ta9aCD_aAkbU0W8nlRF9dqV_oB5fEreD5hwVgT9zUgwnaaqI6k0yDtg8QTQRTuJE8L5AXc796lw"
}Getting a Refresh Token
A POST request to the following end point.
POST: 'https://api.practicestudio.net/patientportal/fhir/token'
header: 'Authorization: Basic base64({client_id}:{client_secret})'
header: 'Content-Type: application/x-www-form-urlencoded'
body: 'refresh_token={refresh token}'
body: 'grant_type=refresh_token'Example JSON Response from authorization server:
{
"access_token": "4d94e5eed44b4e8b830d0315d76f901",
"token_type": "bearer",
"expires_in": "1799",
"refresh_token": "fb4fd155-05ef-4be9-bd03-88f7ff1af0d8",
"scope": "launch/patient openid fhirUser offline_access patient/Medication.read patient/AllergyIntolerance.read patient/CarePlan.read patient/CareTeam.read patient/Condition.read patient/Device.read patient/DiagnosticReport.read patient/DocumentReference.read patient/Encounter.read patient/Goal.read patient/Immunization.read patient/Location.read patient/MedicationRequest.read patient/Observation.read patient/Organization.read patient/Patient.read patient/Practitioner.read patient/Procedure.read patient/Provenance.read patient/PractitionerRole.read",
"patient": "000034",
"smart_style_url": "https://downloads.practicestudio.net/SmartStyle/smart_v1.json",
"need_patient_banner": "false",
"id_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJtYXR0am9yZGFuaWxlckBob3RtYWlsLmNvbSIsImZoaXJVc2VyIjoiYXBpLnByYWN0aWNlc3R1ZGlvLm5ldC9wYXRpZW50cG9ydGFsL2ZoaXIvUGF0aWVudC8wMDAwMzQiLCJleHAiOjE2NjA4MzMxMTYsImlhdCI6MTY2MDIyODMxNiwiaXNzIjoiaHR0cHM6Ly9hcGkucHJhY3RpY2VzdHVkaW8ubmV0L3BhdGllbnRwb3J0YWwvZmhpciIsImF1ZCI6InRlc3QifQ.jKWxxXvVwnR5R1fg8NbcTXmpBC_P31FvTMiAx5bFiB00nmVn9-lUyihHgO6PSl_-avEqqpCtBJERjmR9kz--wAoxOAx5y0Bxt4hpjLm2qGP_OV-k7mh8VrT4GL2WMsfnhCvWRy24KY2XI2ZCvpBeAqT6jRBN7BbwMTEI96XoAO6pc3ZFyysszHbt1Z1RlrimgNNOneQEemF-U4Ke955RBvnq2DxsFJrxCFA2X-kpx3nrvzXJJ_005FvL8t_BCSInD6AqEPSFHR7Ta9aCD_aAkbU0W8nlRF9dqV_oB5fEreD5hwVgT9zUgwnaaqI6k0yDtg8QTQRTuJE8L5AXc796lw"
}