Authorization Methods

You can get access to the protected data on the 1up FHIR Server using one of the following authorization methods.

  • OAuth 2.0 Access Tokens

  • Client Credentials Headers

OAuth 2.0 Access Tokens

In addition to the 1up FHIR Server, 1up also provides an authorization server. This server is responsible for generating authorization codes, exchanging authorization codes for access tokens, and exchanging refresh tokens for new access tokens.

You can make a call to our FHIR Server with a OAuth 2.0 Access Bearer token in the header in order to perform a create, read, update, delete (CRUD) or search operation against the 1up FHIR Server .

For information about how to interact with the 1up OAuth 2.0 authorization server, see Authentication & Authorization APIs.

Client Credential Headers

As an alternative to OAuth 2.0, if you have the client credentials (client ID and client secret) for the FHIR resources that you want to get access to, you can access those resources directly using request headers.

GET  https://api.1up.health/:fhirApiEndpoint

An application can make a request to certain 1upHealth APIs with the client ID and client secret without getting a user specific access token. This method should be reserved to system-level access and not be revealed to end users on client-side code.

Parameters

Path    

fhirApiEndpoint

string

The 1upHealth API endpoint path: /r4, /stu3, and /dsut2.
Header    

x-oneup-user-id

string

The 1up user ID for this request.

The oneup-user-id is a numeric value that is automatically created for every user with data on the 1up FHIR Server. This is not the app_user_id.

For GET requests, if you want to get data for all of your client’s users, you can specify client as the value for this parameter.

client_id

string

The client ID for your application.

client_secret

string

The client secret for your application.

Responses

200