Example: Using the Allscripts sandbox for anonymous access

Allscripts provides a sandbox environment that you can use for testing purposes.

Obtaining a token is not needed. The samples provided here use an unauthorized call.

This endpoint is provided for convenience, and is intended to assist developers getting started with Allscripts FHIR API. All access to the Allscripts FHIR API will be secured in production environments.

See the example below for more information on getting an OAuth2 token.

Step 1: Search for a patient

Once you have the bearer token, you can call the API. Use it to search for a patient called Allison.

GET https://tw171.open.allscripts.com/FHIRanon/Patient?_summary=true&given=Allison

Note: This example uses an anonymous endpoint, so you don’t need the bearer token.

This returns a collection of patient references.

Note: FHIR returns this collection as a bundle. When developing the app, you must consider the bundle, but it does not apply to this example.

{
"resourceType": "Bundle",
"type": "searchset",
"entry":[
    {
        "resource":{"resourceType": "Patient", "id": "47675", "language": "", "text":{"status": "generated",…}
    },
    {
        "resource":{"resourceType": "Patient", "id": "1556", "language": "", "text":{"status": "generated",…}
    },
    {
        "resource":{"resourceType": "Patient", "id": "27190", "language": "", "text":{"status": "generated",…}
    },
    {
        "resource":{"resourceType": "Patient", "id": "36530", "language": "", "text":{"status": "generated",…}
    }
]}

Step 2: Retrieve a patient

To retrieve the information for the patient with ID 19, issue the following request:

GET https://tw171.open.allscripts.com/FHIRanon/Patient/19

Note: This example uses an anonymous endpoint, so you don’t need the bearer token.

This returns the patient information.

{
   "resourceType": "Bundle",
   "type": "searchset",
   "entry": [{"resource":    {
      "resourceType": "Patient",
      "id": "19",
      "extension":       [
                  {
            "url": "http://hl7.org/fhir/StructureDefinition/us-core-race",
            "valueCodeableConcept": {"coding": [            {
               "system": "OBM",
               "code": "0",
               "display": " "
            }]}
         },
                  {
            "url": "http://hl7.org/fhir/StructureDefinition/us-core-ethnicity",
            "valueCodeableConcept": {"coding": [            {
               "system": "OBM",
               "code": "0",
               "display": ""
            }]}
         },
                  {
            "url": "http://hl7.org/fhir/StructureDefinition/us-core-religion",
            "valueCodeableConcept": {"coding": [            {
               "code": "          ",
               "display": " "
            }]}
         }
      ],
      "identifier": [      {
         "type":          {
            "coding":             [
                              {
                  "code": "ZZZTW01",
                  "display": "ZZZTW01",
                  "userSelected": false
               },
                              {
                  "code": "4         ",
                  "display": "Other",
                  "userSelected": false
               }
            ],
            "text": "TouchWorks MRN"
         },
         "system": "dummy identifier system",
         "value": "ZZZTW01",
         "assigner": {"reference": "Organization/3"}
      }],
      "active": true,
      "name": [      {
         "text": "Allscripts,Allison ",
         "family": ["Allscripts"],
         "given": ["Allison"],
         "prefix": ["     "],
         "suffix": ["     "]
      }],
      "telecom":       [
                  {
            "system": "phone",
            "value": "(312) 555-1112",
            "use": "home"
         },
                  {
            "system": "phone",
            "value": "(847) 608-3515x4357 ",
            "use": "work"
         },
                  {
            "system": "fax",
            "value": "(708) 555-1001"
         },
                  {
            "system": "email",
            "value": "allison@allscripts.com"
         }
      ],
      "gender": "female",
      "birthDate": "1973-03-05",
      "deceasedBoolean": false,
      "address": [      {
         "text": "34 Smith Mt. Road. Apartment 1 Springfield IL 60654      USA",
         "line":          [
            "34 Smith Mt. Road.",
            "Apartment 1"
         ],
         "city": "Springfield",
         "state": "IL",
         "postalCode": "60654     ",
         "country": "USA"
      }],
      "maritalStatus": {"coding": [      {
         "system": "http://hl7.org/fhir/v3/vs/MaritalStatus",
         "code": "W",
         "display": "Widowed"
      }]},
      "multipleBirthBoolean": false,
      "contact":       [
                  {
            "relationship": [{"coding": [            {
               "code": "4         ",
               "display": "Other"
            }]}],
            "name":             {
               "text": "Washington George",
               "family": ["Washington"],
               "given": ["George"]
            },
            "telecom":             [
                              {
                  "system": "other",
                  "value": "(312) 555-1101",
                  "use": "home"
               },
                              {
                  "system": "other",
                  "value": "(773) 555-1201x1101",
                  "use": "work"
               }
            ],
            "address":             {
               "line":                [
                  "123 Waulnut Street",
                  "Apartment 2E"
               ],
               "city": "dummy address city",
               "state": "dummy address state",
               "postalCode": "dummy address postal code",
               "country": "dummy address country"
            }
         },
                  {
            "relationship": [{"coding": [            {
               "code": "4         ",
               "display": "Other"
            }]}],
            "name":             {
               "text": "Adams Abigail",
               "family": ["Adams"],
               "given": ["Abigail"]
            },
            "telecom":             [
                              {
                  "system": "other",
                  "value": "(312) 555-7701x8850",
                  "use": "work"
               },
                              {
                  "system": "other",
                  "value": "(847) 555-9901",
                  "use": "home"
               }
            ],
            "address":             {
               "line":                [
                  "123 Main Street",
                  "Apartment 41"
               ],
               "city": "dummy address city",
               "state": "dummy address state",
               "postalCode": "dummy address postal code",
               "country": "dummy address country"
            }
         }
      ],
      "communication": [{"language": {"coding": [      {
         "system": "ISO-639-2",
         "code": "eng       ",
         "display": "English"
      }]}}],
      "careProvider": [      {
         "reference": "Practitioner/53",
         "display": "Allscripts,Family Medicine "
      }]
   }}]
}

Example: Using the Allscripts sandbox for secured access

Step 1: Signup for a developer account and register the app

If you have not already completed this step, follow the instructions in Developer Signup and Application Registration to register your application.

After the registration, you should have the following:

Step 2: Obtain a bearer token

You must use the OAuth 2.0 authorization client that is built into the framework you are using. Refer to: Helpful resources.

Note: The examples provided use a TouchWorks EHR FHIR sandbox. See Sandboxes for sandboxes available for other Allscripts products including Sunrise and Professional EHR.

Review the following data items:

Your OAuth 2.0 authorization client issues a request similar to the following:

https://tw171.open.allscripts.com/authorization/connect/authorize?response_type=code&client_id=<your ClientID>&redirect_uri=<your redirect_uri>&scope=launch%20openid%20profile

The Authrorization Server requests your credentials. Use the following:

After you have entered the username and password, the OAuth 2.0 authorization client issues a request to the token endpoint to get the authrorization token. Enter the secret that was provided earlier.

You now have an authorization token that you can use in subsequent calls.

Call the authorization server to get a bearer token.

The authorization server returns a JSON structure:

{
    "access_token" :  123.456.7890
    "expires_in": 1200,
    "token_type": "Bearer"    
}

There are other values returned, but they are not used in this example.

The authorization token is is a JSON Web Token (JWT). It uses the format:

nnn.nn.nnnn.

Bearer tokens are valid for a short time, typically 20 minutes. If the bearer token expires, you must refresh it.

Step 3: Retrieve a patient

To retrieve information for the patient with ID 19, issue the following request:

GET https://tw171.open.allscripts.com/FHIR/Patient/19  
Authorization: Bearer 123.456.7890

The Bearer token is retrieved in the previous step. It is used in the authorization header.

This returns the patient.