Fast Healthcare Interoperability Resources, or FHIR, is a standard way of defining an API for healthcare resources. More information can be found at the FHIR website.

The Allscripts FHIR API is based on DSTU 2, or version 1.0.2, of the FHIR standard. The Allscripts FHIR API uses the Data Access Framework (DAF) profile that was originally developed for Meaningful Use 2 by ONC. Updates and definitions for use of DAF for Meaningful Use 3 can be found on the Argonaut Wiki.

The Allscripts FHIR API is a RESTful implementation for an API. At a high level this means several things.

The following call will retrieve a patient with ID 123:

GET http://FHIR.server/patient/123

Examples of FHIR resources are Patient or Immunization.

Resources have three parts:

FHIR Resources 2

Resources can reference other resources.

FHIR Resources

Resources are independent. You don’t need other resources to correctly interpret a resource. Resources reference each other extensively to form a web of information. You need to resolve references to fully understand the data. A reference is relative to a server based URL.

<Procedure xmlns="http://hl7.org/fhir"> 
   <reference value="Patient/23"/> 

All resources carry an HTML representation of their content to ensure clinical safety in the case that the receiver does not understand the content.


Like many RESTful APIs, the Allscripts FHIR API uses OAuth 2 for security. This means that when making calls to any resource with the Allscripts FHIR API, you must pass a Bearer token. This token is passed in the Authorization Header.

Authorization: Bearer 123.456.7890

To obtain a Bearer token, you must call an Authorization Server. The authorization server typically exposes two endpoints:

As per the FHIR specification, the Allscripts FHIR API supports both JSON and XML. However, for simplicity, we limit our examples to JSON.