Every api endpoint now has a corresponding scope in the ScopeRepository class on version 7. In your hypothetical facilit endpoint you would need a user/facilit.read scope to be able to access the endpoint. Endpoints are now checked against scopes in the access token automatically for the context of the user (patient or user) and the action (read for GET and write for PUT/POST/DELETE).
Man, I will enjoy your help and let you know some thing about what we are doing, to get the best pratices.
I’m creating some extra functionalities to opememr, but I’m using a external webapp to do this, so the best way is to get all my endpoints under openemr apis umbrella.
in that case is the reason i need the external access by apis, and was fine on 6.0, so now on 7 is needed to add scope to it.
So, I saw your bootstrap and I understand this code is to create new internals features right?
If I just wanna add a scope, can I use just the 257 func?
If you haven’t built a module or are not doing anything in a module then you won’t be able to listen to the events that get fired in the ScopeRepository class.
In your external APIs are you just adding everything directly to the _rest_routes.inc.php? If so you’ll need to go and modify the ScopeRepository class and add to the apiScopes() function or the fhirScopes() function.
Be aware that your code will likely break on future updates of OpenEMR as we modify the class. This is why its recommended you keep your changes in a module where you can listen to the ScopeRepository events and add your scopes when you receive the module event as demonstrated in my skeleton bootstrap file.