Get Started: Concepts: Security

Security

Like many other RESTful APIs, Allscripts FHIR API uses OAuth 2 for security. When making calls to any resource with Allscripts FHIR API, you must pass a Bearer token. This token is passed in the HTTP Authorization header. For example:

Authorization: Bearer 123.456.7890

The authorization server includes two endpoints:

• Authorize: Indicates the user's credentials
• Token: Obtains the Bearer token

To obtain a Bearer token, you must call an authorization server.