Create custom api routes on the openEmr


I’m trying to create new routes to the API, but I couldn’t get this working.

I made all the API client setup right, but when I tried to create new route, I get 401 error.

The same errors happens if I change any route name.

I could get working on version 6, but not at the version 7. Please some one help.

The code:

"GET /api/facility" => function () {
        RestConfig::scope_check("user", "facility", "read");
        RestConfig::authorization_check("admin", "users");
        $return = (new FacilityRestController())->getAll($_GET);
        return $return;

this is an default one and workfine, but if I change to GET /api/facilit just to test, I got the 401 response instead the 200.

Every api endpoint now has a corresponding scope in the ScopeRepository class on version 7. In your hypothetical facilit endpoint you would need a user/ scope to be able to access the endpoint. Endpoints are now checked against scopes in the access token automatically for the context of the user (patient or user) and the action (read for GET and write for PUT/POST/DELETE).


and where I add scopes?

Look at how I do it in my module skeleton example if you are doing this in a module:

If you are modifying core (which is not recommended) its in the ScopeRepository class as I mentioned earlier:


Man, I will enjoy your help and let you know some thing about what we are doing, to get the best pratices.

I’m creating some extra functionalities to opememr, but I’m using a external webapp to do this, so the best way is to get all my endpoints under openemr apis umbrella.

in that case is the reason i need the external access by apis, and was fine on 6.0, so now on 7 is needed to add scope to it.

So, I saw your bootstrap and I understand this code is to create new internals features right?

If I just wanna add a scope, can I use just the 257 func?

If you haven’t built a module or are not doing anything in a module then you won’t be able to listen to the events that get fired in the ScopeRepository class.

In your external APIs are you just adding everything directly to the If so you’ll need to go and modify the ScopeRepository class and add to the apiScopes() function or the fhirScopes() function.

Be aware that your code will likely break on future updates of OpenEMR as we modify the class. This is why its recommended you keep your changes in a module where you can listen to the ScopeRepository events and add your scopes when you receive the module event as demonstrated in my skeleton bootstrap file.


I have another question about the scopes.

I wanna make the following path on API


but if I create a scope user/module, I can access the /api/module/submodule, but can not the getone, give me a 401.

I need to add another scope, or change the scope for user/module/submodule?

Any advice for my last question?