Client App Registration Instructions

PCIS Gold FHIR API Version 2.6

Overview

The FHIR api uses the OAuth 2.0 protocol for providing access to patient data. Applications must first register with the authentication server in order to access the API. Applications authenticate patients by redirecting them to the authentication server where their credentials are verified. Once valid credentials are verified, a token is returned that your application can use to access the API. The patient must be a valid PCIS Gold portal user and the provider must grant access for the patient to access their information via API.

Registration

An application must first be registered to access the PCIS Gold FHIR API. Registering your application provides you with a client id and client secret that can be used on subsequent calls to authenticate the patient. To register your application you must email support@pcisgold.com and include the following information:

Registration Request

{
    "ClientId": "MyApplication",
    "Name":"My Application Name",
    "RedirectUris": ["http://myapplication/", "http://myapplication/postlogin"],
    "PostLogoutRedirectUri":"http://myapplication/postlogout/"
}

ClientId

The unique identifier for your application

Name

A friendly description of your application

RedirectUris

A list of valid redirect uris the user can be routed to after authenticating with the server. The uri being redirected to must match one of those provided in the list exactly.

PortLogoutRedirectUri

The uri the user will be redirected to after logging out

If registration is approved you will receive an email response containing the ClientId and the ClientSecret.

Successful Registration Response

 {
    "ClientId": "MyApplication",
    "ClientSecret": "68T5u2isDDCTj4img-WMUNdcJztfSn3vn2Xe43Yh"
}

ClientId

The client Id requested

ClientSecret

Secret that your application alone will use to access the API. This secret cannot be re-generated. You should save the secret in a secure location to prevent it from being lost.

User Authentication

The PCIS Gold API uses the industry standard FHIR and OpenID connect identity layer with the OAuth 2.0 protocol. Information about the OpenID connect protocol can be found at the OpenID foundation's website: http://openid.net/connect/.

Information about FHIR and SMART on FHIR authentication can be found at HL7 FHIR.