Process Overview

Welcome to the Allscripts FHIR API getting started page. Check out our terms of use here and review our documentation to begin developing your FHIR integration. Follow the instructions below to sign-up for an account and register your application.

When you sign up for a developer account, you will be asked to accept the User Agreement and provide a valid email address. After signing up, you will be issued credentials that you can use to register your applications. If you have any questions, reach out to AllscriptsDeveloperProgram@allscripts.com.

ADP Sign-up

Sign up as an Allscripts Developer Program Member at https://developer.allscripts.com/. Allscripts FHIR-enabled APIs are included with each level of partnership. Check out our membership benefits table here to learn more about our different levels.

1. Click Sign Up.
2. Complete the required information.
3. Review the user agreement.
4. Confirm you are not a robot.
5. Click I Accept.

Register FHIR Application

Register your FHIR application to connect to clients and begin testing. Learn more about the registration process here.

1. On the Allscripts Developer Program portal (developer.allscripts.com), go to the My Dashboard page.
2. On the My FHIR Applications tile, click + to a new application.Note: If there is already a version of the application for DSTU2, you do not need to create a new application.
3. On the FHIR App page, complete the following information:
   • App Name: Indicates the application name. Please make sure to enter an App Name that clearly identifies your company and product. This label will appear in our client's license management portal to determine whether they choose to license your application.
   • App Type (optional): Indicates the primary audience for the application. Select Patient, Provider, or System. The App type impacts how the client views your application within their license management portal. It is important to identify the app type accurately.
     • Patient: The app's intended audience is patients.
     • Provider: The app's intended audience is physicians and healthcare providers.
     • System: The app's intended audience is an external system, not a physician or provider. For example, an insurance company.
   • App Description: Indicates a detailed description of how and why the application is used.
   • Redirect URLs: Indicates up to five redirect URLs. Include redirect_uri urn:ietf:wg:oauth:2.0:oob for desktop applications; if you are developing a web client, use a URL pointing back to your website.
   • Client Type: Indicate if this is a Confidential Client (trusted) or a Public Client (not trusted).
   • App Type: Indicate if this is a Native App (desktop) or a Web App (mobile).
4. There is no need to indicate if this is a test or production application under Licensing Information. Once clients have licensed the application, the portal displays a list of organizations that have authorized the R4 application to connect to their environments.
5. Click Save. The portal generates and displays the following information, collectively referred to as OAuth/FHIR Credentials:
   • Client ID
   • Secret
   • Secret Expiration Date
6. Click OK.

Licensing Information

On the FHIR App page, the Licensing Information section was expanded to include both FHIR R2 (DSTU2) and R4 applications. Applications that use the Allscripts FHIR R4 API must be explicitly licensed for individual client sites. The list of previously configured client sites for the selected application displays.

Note: An application can be licensed for both R2 and R4. You do not need to configure a new application in the Allscripts Developer Portal if the application was already licensed for R2. However, you will need to configure the specific client sites using the R4 version of the application.

Testing

1. Launch Postman.
2. Create a new collection. Click New, and then click Collection. Enter the required information, and then click Save.
3. Create a new request. Click New, and then click Request. Enter the required information, and then click Save to. Postman displays an "empty" request.
4. Select the Authorization tab, and then in Type, select OAuth 2.0.
5. Click Get New Access Token.
6. On the Get New Access Token panel, enter detailed information about your application, as well as the selected sandbox's authorization URL and token URL.
7. Click Request Token.
8. Enter the provider credentials for the selected sandbox, and then click Login.
9. Review the application access permissions, and then click Yes, Allow.
10. Postman displays the token. Click Use Token.
11. In Enter request URL, copy and paste the base FHIR URL (such as https://scmlatestdev.open.allscripts.com/FHIR for the selected sandbox.)
12. Click Send.

Examples

• To view the FHIR sandbox's metadata, use the URL:
  https://scmlatestdev.open.allscripts.com/FHIR/Options (Postman displays the response. The response includes the FHIR conformance statement.)
• To view all patients in the sandbox with the surname "Smith," use the URL:
  https://scmlatestdev.open.allscripts.com/FHIR/Patient?family=Smith (Postman displays the response. The response includes a resource bundle that contains information about every patient on the server with surname "Smith".)