Making FHIR API requests on Public/Multipurpose Application client app

ekim · January 13, 2023, 7:57pm

OpenEMR Version:
I’m using OpenEMR version 7.0.0

Browser:
Google Chrome

Operating System:
Windows 11

Situation:
I am trying to figure out how to make FHIR API requests on a patient I created in my localhost OpenEMR server. I have already read through openemr/API_README.md at master · openemr/openemr · GitHub and openemr/FHIR_README.md at master · openemr/openemr · GitHub, but the issue lies in the fact that the documentations rely on using Swagger, which requires on having a client_secret in order to authorize and make FHIR requests - and creating a Public app during the app registration seems to only gives me a Client APP ID and no secret key.

For context, I am also launching SMART on my own SoF application, so clicking “Launch” on a patient doesn’t take me to Swagger anyway.

I am fairly certain that I’m misunderstanding something, but to summarize, I want to register and launch my own Public SoF application, but I also want to make API requests without having to use Swagger and needing a secret key.

Any help would be greatly appreciated!

adunsulag · January 14, 2023, 1:42am

Have you looked at the public app authorization_grant usage documentation?

github.com

openemr/openemr/blob/master/API_README.md#authorization-code-grant

# OpenEMR REST API Documentation

## REST API Table of Contents
- [Overview](API_README.md#overview)
- [Prerequisite](API_README.md#prerequisite)
- [Using API Internally](API_README.md#using-api-internally)
- [Multisite Support](API_README.md#multisite-support)
- [Authorization](API_README.md#authorization)
    - [Scopes](API_README.md#scopes)
    - [Registration](API_README.md#registration)
        - [SMART on FHIR Registration](API_README.md#smart-on-fhir-registration)
    - [Authorization Code Grant](API_README.md#authorization-code-grant)
    - [Refresh Token Grant](API_README.md#refresh-token-grant)
    - [Password Grant](API_README.md#password-grant)
    - [Client Credentials Grant](API_README#client-credentials-grant)
    - [Logout](API_README.md#logout)
    - [More Details](API_README.md#more-details)
- [Standard API Documentation](API_README.md#standard-api-documentation)
- [Patient Portal API Documentation](API_README.md#patient-portal-api-documentation)
- [FHIR API Documentation (in FHIR_README.md)](FHIR_README.md#fhir-api-documentation)

This file has been truncated. show original

There’s an example public app POST there for making an authorization request using just a public app. The public app doesn’t require the secret key and Swagger is there purely for demonstration purposes. You aren’t required to use it, nor does swagger require a client secret key. You can leave the field blank and still authenticate with a public app.