How to authorized the api for Login and another ends point for patient

Dhanish_Yadav · March 12, 2025, 10:53am

I am mobile developer , how to got the bear token also end points of such login

Selvan_V · March 12, 2025, 11:05am

1. Enable API in OpenEMR

Log in to OpenEMR as an administrator.
Go to Administration > Globals > Connectors.
Enable REST API.
Save the settings and restart OpenEMR if needed.

2. Generate API Credentials (Client ID & Secret)

Navigate to Administration > System > API Clients.
Click on “Add API Client”.
Provide the client name and authorized redirect URI (if needed).
Generate the Client ID and Client Secret.

3. Obtain an Access Token (Login API)

You need to send a POST request to OpenEMR’s token endpoint to get an OAuth 2.0 token.

Endpoint:
POST {your_openemr_url}/oauth2/default/token
Headers:
Content-Type: application/x-www-form-urlencoded
Body (Form Data):
{
“grant_type”: “password”,
“client_id”: “your_client_id”,
“client_secret”: “your_client_secret”,
“username”: “your_username”,
“password”: “your_password”,
“scope”: “openid”
}

4. Use the Access Token to Call Patient API

Once you have the access token, use it to authenticate requests to OpenEMR endpoints.

Example: Get Patient List
GET {your_openemr_url}/api/patient
Headers:

json

CopyEdit

{
  "Authorization": "Bearer your_access_token",
  "Accept": "application/json"
}

Response (Example):

json

CopyEdit

[
  {
    "id": "1",
    "first_name": "John",
    "last_name": "Doe",
    "dob": "1990-01-01",
    "gender": "M"
  }
]

5. Refresh Token (Optional)

If your access token expires, use the refresh token to get a new one.

Endpoint:

bash

CopyEdit

POST {your_openemr_url}/oauth2/default/token

Body (Form Data):

json

CopyEdit

{
  "grant_type": "refresh_token",
  "refresh_token": "your_refresh_token",
  "client_id": "your_client_id",
  "client_secret": "your_client_secret"
}

If need any free support, Book your free appointment.

Selvan_V · March 12, 2025, 11:08am

Follow these steps which I have gave. If you can’t find, you can schedule free meeting. We will support.

Dhanish_Yadav · March 12, 2025, 11:37am

I not getting * Navigate to Administration > System > API Clients. this, as login after Administrator

ruth · March 12, 2025, 12:11pm

just go down a couple more items in the admin

menu

Dhanish_Yadav · March 12, 2025, 12:49pm

thank you fot his help at the moment

ruth · March 12, 2025, 4:22pm

it’s a pleasure - and welcome to the openemr developers’ community - i hope you find all the help you need - and good luck with your project!!

Dhanish_Yadav · March 19, 2025, 5:44am

hey, please help me to fixe this issue `

Dhanish_Yadav · March 19, 2025, 5:46am

after used this I am getting this how to handle this

luissantosHCIT · April 13, 2026, 12:41am

For anyone coming to this thread from google a year+ later. Here is the link to the video from Stephen Nielson covering the topic. This and my attempt at automating the Bulk FHIR Import docker flow points towards the usage of the authorization_code grant instead of the password grant.

https://www.youtube.com/watch?v=LQHNRBgg6Q8 @46464646:25

password grant type will yield an unsupported error message.

authorization_code grant type will yield a missing csrf token kind of error if there is no session token established. I am currently trying to figure this one out for my script. Maybe this is the result of not having a redirect url but I don’t know. I will follow up if I find the time to figure it out.