There are tokens available for doctors and admin. but there are no tokens for patients. please guide us how to create patients for token ?
How do we get the access token for patient as we get it for users ( admin or practitioners
In OpenEMR, token-based access is typically managed for API authentication (such as FHIR or REST APIs). If tokens are available for doctors and admin, but not for patients, it means the patient user accounts have not been set up properly with API access or credentials.
Here’s how to enable and generate tokens for patients in OpenEMR:
Step-by-Step to Enable Token for Patients in OpenEMR
- Create a Portal Login for the Patient
Tokens can only be created for users who exist in the users_secure or portal_users table.
Steps:
Go to Patient/Client → Patients
Search and select the patient
Click Portal Activity (or “Create Portal Account”)
Assign:
Username
Password
Ensure portal access is enabled
This creates a record in portal_users and links the patient to a login.
- Enable API Access for Patients (if needed)
If you’re using FHIR API or OAuth2 and want to allow patients to generate tokens:
Go to:
Administration → Globals → Connectors
Enable FHIR API
Set Patient API Access: ON
Save the settings
Then, under:
Administration → API Clients
Add a new API Client (used for issuing tokens)
Set scope to include patient/*.read etc.
Set redirect URI if using authorization code flow
- Generate Token for Patient User
You can generate a token in 2 ways:
Option A: Manually via Backend (Developer Admin)
Use the MySQL console or a DB tool to insert a token:
INSERT INTO oauth_access_tokens
(access_token
, client_id
, user_id
, expires
, scope
)
VALUES
(‘PATIENT_TOKEN_SAMPLE’, ‘CLIENT_ID_FROM_API_CLIENT’, ‘patient_user_id’, DATE_ADD(NOW(), INTERVAL 1 HOUR), ‘patient/*.read’);
You need:
client_id: From oauth_clients table
user_id: The patient user ID (linked via portal_users)
Option B: Use Token Endpoint via Postman / Curl
Use OpenEMR’s OAuth2 endpoint:
curl -X POST https://yourdomain.com/oauth2/token \
-H “Content-Type: application/x-www-form-urlencoded” \
-d “grant_type=password&username=PATIENT_USERNAME&password=PATIENT_PASSWORD&client_id=CLIENT_ID&client_secret=CLIENT_SECRET”
The response will include an access_token.
Validate Token Access
Once token is obtained, use it with the FHIR API:
GET /apis/fhir/Patient
Authorization: Bearer YOUR_PATIENT_TOKEN
May It works for you.