### Authorization Request Example Source: https://fhir.eclinicalworks.com/ecwopendev/documentation/getting-started/provider/standalone-asymmetric An example of an HTTP GET request used to initiate the SMART App Launch process. ```http https://{ehr_authorize_url}?response_type=code&client_id=sXuHfoq0ykKSA1HlwI&redirect_uri= app_redirect_url&scope=launch openid fhirUser offline_access user/Encounter.read&state=8hbweu &aud=https://{fhir_base_url}&launch=qGmDjbNi4RIL6wX74y3Lz9lwR9sQ%2FdWUfnsQny7aSHz6L6zURCkNUJEU9S%2Bmc&code_challenge=NBSSe6w_ABTFmOl0dBC_1dmuYtRJpARHcJAVithSOsA&code_challenge_method=S256 ``` -------------------------------- ### Basic Authentication Header Example Source: https://fhir.eclinicalworks.com/ecwopendev/documentation/getting-started/provider/standalone-symmetric Example of the Authorization header using base64 encoded client credentials. ```http GET header: Authorization: Basic bXktYXBwOm15LWFwcC1zZWNyZXQtMTIz ``` -------------------------------- ### Authorization Code Response Example Source: https://fhir.eclinicalworks.com/ecwopendev/documentation/getting-started/provider/ehr-launch-symmetric Example of the redirect URL containing the authorization code and state parameters. ```text https://{app_redirect_url}?code=xo8h3ioa8eOCdYx9P6ogRWQ9MTbd7ITVpdKb&state=270579bc-853c-4ed8-a7f4-c8957519b222 ``` -------------------------------- ### Authentication Error Response Example Source: https://fhir.eclinicalworks.com/ecwopendev/documentation/getting-started/backend/authentication Example of a standard HTTP 400 Bad Request response returned when an authentication request is malformed. ```http HTTP/1.1 400 Bad Request Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache {"error": "invalid_request"} ``` -------------------------------- ### GET /authorize Source: https://fhir.eclinicalworks.com/ecwopendev/documentation/getting-started/provider/standalone-symmetric Initiates the authorization request for a standalone application. ```APIDOC ## GET /authorize ### Description Initiates the SMART App Launch authorization flow by redirecting the user to the EHR or patient login page. ### Method GET ### Endpoint {ehr_authorize_url} ### Query Parameters - **response_type** (string) - Required - Must be 'code'. - **client_id** (string) - Required - The client ID assigned during app registration. - **redirect_uri** (string) - Required - The redirect URI registered on the Dev Portal. - **scope** (string) - Required - The requested scopes for EHR data access. - **state** (string) - Required - A unique value to maintain state between the request and callback. - **aud** (string) - Required - The base URL of the FHIR server. - **launch** (string) - Optional - The launch context identifier. - **code_challenge** (string) - Required - The PKCE code challenge. - **code_challenge_method** (string) - Required - The PKCE code challenge method, e.g., S256. ``` -------------------------------- ### Token Request Parameters Source: https://fhir.eclinicalworks.com/ecwopendev/documentation/getting-started/provider/ehr-launch-asymmetric Example of the POST body parameters required for an asymmetric token request. ```text grant_type=authorization_code code=xo8h3ioa8eOCdYx9P6ogRWQ9MTbd7ITVpdKb redirect_uri=https://{app_redirect_url} code_verifier=o28xyrYY7-lGYfnKwRjHEZWlFIPlzVnFPYMWbH-g_BsNnQNem-IAg9fDh client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer client_assertion=eyJ0eXAiOiJKV1QiLCJraWQiOiJhZmIyN2MyODRmMmQ5Mzk1OWMxOGZhMDMyMGUzMjA2MCIsImFsZyI6IkVTMzg0In0.eyJpc3MiOiJkZW1vX2FwcF93aGF0ZXZlciIsInN1YiI6ImRlbW9fYXBwX3doYXRldmVyIiwiYXVkIjoiaHR0cHM6Ly9zbWFydC5hcmdvLnJ1bi92L3I0L3NpbS9leUp0SWpvaU1TSXNJbXNpT2lJeElpd2lhU0k2SWpFaUxDSnFJam9pTVNJc0ltSWlPaUk0TjJFek16bGtNQzA0WTJGbExUUXhPR1V0T0Rsak55MDROalV4WlRaaFlXSXpZellpZlEvYXV0aC90b2tlbiIsImp0aSI6ImQ4MDJiZDcyY2ZlYTA2MzVhM2EyN2IwODE3YjgxZTQxZTBmNzQzMzE4MTg4OTM4YjAxMmMyMDM2NmJkZmU4YTEiLCJleHAiOjE2MzM1MzIxMzR9.eHUtXmppOLIMAfBM4mFpcgJ90bDNYWQpkm7--yRS2LY5HoXwr3FpqHMTrjhK60r5kgYGFg6v9IQaUFKFpn1N2Eyty62JWxvGXRlgEDbdX9wAAr8TeWnsAT_2orfpn6wz ``` -------------------------------- ### Token Response Source: https://fhir.eclinicalworks.com/ecwopendev/documentation/getting-started/provider/standalone-asymmetric Example of a successful token response from the authorization server. ```APIDOC ## Token Response ### Response Example { "access_token": "eyJ4NXQjUzI1NiI6IlU1SlF6LVlLcnR1MHc2QTRpRTdzd3Y0N1ZnUHFZRnR1N0R", "token_type": "Bearer", "refresh_token": "8xLOxBtZp8", "expires_in": 3600, "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzM4NCJ9.eyJzdWIiOiJhbGljZSIsImF1ZCI6Im", "scope": "user/Patient.read openid", "need_patient_banner": "false", "smart_style_url": "https://ehr/styles/smart_v1.json" } ``` -------------------------------- ### HTTP 400 Error Response Example Source: https://fhir.eclinicalworks.com/ecwopendev/documentation/getting-started/provider/ehr-launch-symmetric Example of a JSON error response returned when an authorization request is invalid. ```http HTTP/1.1 400 Bad Request Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache {"error":"invalid_request"} ``` -------------------------------- ### Patient Resource Example Source: https://fhir.eclinicalworks.com/ecwopendev/documentation/getting-started/backend/patient-access An example of a Patient resource object in FHIR format. ```APIDOC ## Patient Resource ### Description Represents a patient's demographic and clinical information. ### Request Body Example ```json { "id": "945e5c7f-504b-43bd-9562-a2ef82c244b2", "name": [ { "given": [ "Sandy" ], "family": [ "Hamlin" ] } ], "gender": "female", "birthDate": "1988-01-24T00:00:00.000Z", "resourceType": "Patient" } ``` ``` -------------------------------- ### GET /authorize Source: https://fhir.eclinicalworks.com/ecwopendev/documentation/getting-started/provider/standalone-asymmetric Initiates the SMART App Launch authorization process by redirecting the user to the authorization server. ```APIDOC ## GET /authorize ### Description Initiates the authorization request to the Authorization Server. Clients can use HTTP GET or POST to send the request. ### Method GET ### Parameters #### Query Parameters - **response_type** (string) - Required - Must be 'code'. - **client_id** (string) - Required - The client ID assigned during app registration. - **redirect_uri** (string) - Required - The redirect URI registered for the app. - **scope** (string) - Required - The requested scopes for EHR data access. - **state** (string) - Required - An opaque value used to maintain state between the request and callback. - **aud** (string) - Required - The base URL of the FHIR server. - **launch** (string) - Optional - The launch context identifier. - **code_challenge** (string) - Required - The PKCE code challenge. - **code_challenge_method** (string) - Required - The PKCE code challenge method (e.g., S256). ### Response #### Success Response (302) - **code** (string) - The authorization code generated by the server. - **state** (string) - The state parameter returned from the original request. ``` -------------------------------- ### Error Response Example Source: https://fhir.eclinicalworks.com/ecwopendev/documentation/getting-started/provider/ehr-launch-symmetric Example of an HTTP 500 error response returned by the authorization server. ```http HTTP/1.1 500 Bad Request Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache {"error": " Internal Server Error "} ``` -------------------------------- ### ID Token Structure Source: https://fhir.eclinicalworks.com/ecwopendev/documentation/getting-started/provider/ehr-launch-asymmetric Example of the header and payload structure for an ID token used in the SMART App Launch framework. ```json { "typ": "JWT", "alg": "RS384" } ``` ```json { "sub": "ded07871-5b7c-11ed-aea8-84144d0c0bc5_sam", "aud": [ "-sXuHfoq0ykK-8nMukEb4auRtgleDvcB5IzwSA1HlwI", "https://{fhir_base_url}” ], "azp": "-sXuHfoq0ykK-8nMukEb4auRtgleDvcB5IzwSA1HlwI", "iss": "https://{ehr_auth_url}", "vendorId": "16", "exp": 1676927234, "iat": 1676925434 "fhirUser":"https://fhir4.eclinicalworks.com/fhir/r4/JAFJCD/Practitioner/43ZU. 9YY0T8NvTsQACfdhe5TMNNJZrkIJrpJkYDL3aI" } ``` -------------------------------- ### Access Token Refresh Request Example Source: https://fhir.eclinicalworks.com/ecwopendev/documentation/getting-started/provider/standalone-asymmetric Example of an HTTP POST request to the EHR token endpoint to refresh an access token using a refresh token and client assertion. ```http POST https://{ehr_token_url} HTTP/1.1 Host: server.example.com Content-Type: application/x-www-form-urlencoded ``` -------------------------------- ### GET /authorize Source: https://fhir.eclinicalworks.com/ecwopendev/documentation/getting-started/provider/ehr-launch-asymmetric Requests an authorization code from the EHR authorization server to initiate the SMART App Launch flow. ```APIDOC ## GET /authorize ### Description The app constructs a request for the authorization code by adding required parameters to the query component of the EHR’s authorize endpoint URL. ### Method GET (or POST) ### Parameters #### Query Parameters - **response_type** (string) - Required - Fixed value: code - **client_id** (string) - Required - Client identifier assigned by eClinicalWorks - **redirect_uri** (string) - Required - Pre-registered redirect URI - **launch** (string) - Required - Launch token assigned by eClinicalWorks - **state** (string) - Required - Opaque value generated by the app to maintain state - **scope** (string) - Required - Space delimited list of requested scopes - **aud** (string) - Required - URL of the EHR resource server - **code_challenge** (string) - Required - Base64 encoded S256 hashed version of the code_verifier (PKCE) - **code_challenge_method** (string) - Required - Fixed value: S256 ### Request Example https://{ehr_authorize_url}?response_type=code&client_id=sXuHfoq0ykKSA1HlwI&redirect_uri=app_redirect_url&scope=launch openid fhirUser offline_access user/Encounter.read&state=270579bc-853c-4ed8-a7f4-c8957519b222&aud=https://{fhir_base_url}&launch=qGmDjbNi4RIL6wX74y3Lz9lwR9sQ%2FdWUfnsQny7aSHz6L6zURCkNUJEU9S%2Bmc&code_challenge=NBSSe6w_ABTFmOl0dBC_1dmuYtRJpARHcJAVithSOsA&code_challenge_method=S256 ### Response #### Success Response (200) - **code** (string) - The authorization code generated by the server - **state** (string) - The state parameter returned exactly as received in the request ```