0

I am building a smart on FHIR application connecting different EHR systems like Cerner, and EPIC and I have built an external API to run an algorithm on this data. I call the APIs inside the SOF app after getting data from FHIR servers, however, I am confused about how to authenticate the APIs.

Since the SOF apps are going to be inside the EPIC and Cerner UI, I really cannot have a username and password login with the register option as they are already authenticated.

Would like to hear thoughts on how to authenticate the APIs?

Ponnapally
  • 88
  • 1
  • 13

1 Answers1

1

It sounds like your app is launched from the EHR. In this case the authentication is handled through single sign-on, with the EHR as the identity provider, since the user is already logged into the EHR. You would need to make the necessary calls to obtain and authorization code and exchange that for an access token. The specific details will vary per EHR you are integrating with; the SMART App Launch standard is here and a general overview from Cerner is here.

Ashavan
  • 623
  • 3
  • 8
  • I have implemented the SMART auth for the app for connecting to the EHR systems which is working fine. I want to connect to an API from the same app and post the data that I requested from the EHR to an external database. I am confused on how to authenticate the API abiding to OAuth – Ponnapally May 02 '23 at 12:19
  • At the end of the launch sequence, you will have an access token. You would use this as the bearer token in your API calls to ensure they are authenticated. For example, if you get an access token of xyz123, you would include a header of "Authorization: Bearer xyz123" in your API calls. – Ashavan May 03 '23 at 15:47