Configure Access with OAuth 2.0
You can use any standard FHIR® API server with OAuth 2.0 for authorization to secure your API endpoints and make them accessible to consumer applications. To get started, you'll need to create a 1upHealth developer account, create a new application, and get the tokens for your new application. After you complete these steps, you can pull clinical data from electronic health record (EHR) systems.
Set Up & Registration
For the FHIR Server that you want to connect to, you must have a client_id and client_secret. If you want OAuth client keys to the 1upHealth API, you must first create an account, and then go to the 1up Developer Console and create a new application. For more information about this process, see Register & Create an Application.
After you complete the initial setup and registration steps, you can use the following code to connect to the FHIR Server.
client_id = 'clientidclientidclientid'
client_secret = 'clientsecretclientsecret'
token_url = https://auth.1up.health/oauth2/token
api_url = https://api.1up.health/
scope = user/*.*Get Access to User Data
You can enable your application to access data on behalf of a patient or user with credentials that only grant you access to that user's data. For each user whose data you want to consume, you must make a separate request for access to that user's data. You can then use the 1upHealth User Management API to control user permissions. You can use Postman and the 1upHealth Postman collection to test this process.
Get access to user data
-
To create a user, run:
curl -X POST "https://api.1up.health/user-management/v1/user" \
-d "app_user_id=myappsuserid" \
-d "client_id=clientidclientidclientid" \
-d "client_secret=clientsecretclientsecret"Each response contains the new user's
oneup_user_id,access_token,refresh_token, andapp_user_id.You can use the
app_user_idto monitor users between the 1up API and your user management system.After you create a user, your app receives a code. For each user, the
codevariable is the OAuth2 access code. You use thecodeto get the OAuth2 access token. You then use the access_token and refresh_token to get access to the user's data.Make sure you keep the access token and the refresh token in a secure location.
-
Use the
codevariable in this request.curl -X POST https://auth.1up.health/oauth2/token \
-d "client_id=clientidclientidclientid" \
-d "client_secret=clientsecretclientsecret" \
-d "code=accesscodeaccesscodeaccesscode" \
-d "grant_type=authorization_code"The
access_tokenexpires after 7200 seconds. -
To get a new token, run:
curl -X POST https://auth.1up.health/oauth2/token \
-d "client_id=clientidclientidclientid" \
-d "client_secret=clientsecretclientsecret" \
-d "refresh_token=b23ae107a6584fecab17826537f464cf" \
-d "grant_type=refresh_token" -
Create FHIR resources and use the user's token to associate them with the user, using the
refresh_tokenandaccess_tokenfrom the previous response.Example request:
{
curl -X POST "https://api.1up.health/dstu2/Patient"
-H "Content-Type: application/json"
-H "Authorization: Bearer 94b760b2dff748f992dc8e52e9a5bd51"
-d '{
"resourceType": "Patient",
"id": "helloiamatestpatient",
"gender": "female"
}'
}This example request creates a patient resource and specifies a user name, gender, and age. You can also define an ID for the resource.
-
Submit a query for the user resource of the Patient ID using the token that you just created.
{
curl -X GET "https://api.1up.health/dstu2/Patient/helloiamatestpatient"
-H "Authorization: Bearer accesstokenaccesstokenaccesstoken"
}This endpoint returns basic data with this endpoint. After you add a health system EHR, you can submit a query to other endpoints to get more data.
Get Clinical Data From EHRs
You can use the Electronic Health Record (EHR) Data Connect API to get existing data for patients that are included in the health systems we support using FHIR.
