athenahealth · OAuth Scopes

athenahealth OAuth Scopes

OAuth 2.0 derived

athenahealth publishes 11 OAuth 2.0 scopes via the clientCredentials and authorizationCode flows. Scopes are the fine-grained permissions an application requests at authorization time to act against the athenahealth API on a user’s behalf.

Tokens are issued from https://api.platform.athenahealth.com/oauth2/v1/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

EHRElectronic Health RecordsHealthcareHL7FHIRInteroperabilityPractice ManagementRevenue Cycle ManagementUSCDICures ActSMART on FHIRCDS HooksCloud EHR
Scopes: 11 Flows: clientCredentials, authorizationCode Method: derived

OAuth endpoints

Authorization URL
https://api.platform.athenahealth.com/oauth2/v1/authorize
Token URL
https://api.platform.athenahealth.com/oauth2/v1/token
Flows
clientCredentialsauthorizationCode

Scopes (11)

ScopeDescriptionFlows
athena/service/Athenanet.MDP.* athenahealth MDP scope authorizationCode, clientCredentials
fhirUser Current FHIR user identity authorizationCode
launch SMART launch context authorizationCode
launch/patient Patient launch context authorizationCode
offline_access Issue refresh token authorizationCode
openid OpenID Connect authorizationCode
patient/*.read Read patient-scoped resources authorizationCode
system/*.read System-level read for Bulk Data authorizationCode, clientCredentials
system/Subscription.read Read Subscriptions clientCredentials
system/Subscription.write Manage Subscriptions clientCredentials
user/*.read Read user-scoped resources authorizationCode

Source

OAuth Scopes

athena-health-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/athenahealth-athenaone-rest-api-openapi.yml, openapi/athenahealth-fhir-bulk-data-api-openapi.yml,
  openapi/athenahealth-fhir-r4-api-openapi.yml, openapi/athenahealth-fhir-subscriptions-api-openapi.yml
schemes:
- name: oauth2
  source: openapi/athenahealth-athenaone-rest-api-openapi.yml
  flows:
  - flow: clientCredentials
    tokenUrl: https://api.platform.athenahealth.com/oauth2/v1/token
  - flow: authorizationCode
    authorizationUrl: https://api.platform.athenahealth.com/oauth2/v1/authorize
    tokenUrl: https://api.platform.athenahealth.com/oauth2/v1/token
- name: backend
  source: openapi/athenahealth-fhir-bulk-data-api-openapi.yml
  flows:
  - flow: clientCredentials
    tokenUrl: https://api.platform.athenahealth.com/oauth2/v1/token
  description: SMART Backend Services (JWT client assertion)
- name: smart
  source: openapi/athenahealth-fhir-r4-api-openapi.yml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://api.platform.athenahealth.com/oauth2/v1/authorize
    tokenUrl: https://api.platform.athenahealth.com/oauth2/v1/token
  - flow: clientCredentials
    tokenUrl: https://api.platform.athenahealth.com/oauth2/v1/token
  description: SMART on FHIR / OAuth 2.0
- name: oauth2
  source: openapi/athenahealth-fhir-subscriptions-api-openapi.yml
  flows:
  - flow: clientCredentials
    tokenUrl: https://api.platform.athenahealth.com/oauth2/v1/token
scopes:
- scope: athena/service/Athenanet.MDP.*
  description: athenahealth MDP scope
  flows:
  - authorizationCode
  - clientCredentials
  sources:
  - openapi/athenahealth-athenaone-rest-api-openapi.yml
- scope: fhirUser
  description: Current FHIR user identity
  flows:
  - authorizationCode
  sources:
  - openapi/athenahealth-fhir-r4-api-openapi.yml
- scope: launch
  description: SMART launch context
  flows:
  - authorizationCode
  sources:
  - openapi/athenahealth-fhir-r4-api-openapi.yml
- scope: launch/patient
  description: Patient launch context
  flows:
  - authorizationCode
  sources:
  - openapi/athenahealth-fhir-r4-api-openapi.yml
- scope: offline_access
  description: Issue refresh token
  flows:
  - authorizationCode
  sources:
  - openapi/athenahealth-fhir-r4-api-openapi.yml
- scope: openid
  description: OpenID Connect
  flows:
  - authorizationCode
  sources:
  - openapi/athenahealth-fhir-r4-api-openapi.yml
- scope: patient/*.read
  description: Read patient-scoped resources
  flows:
  - authorizationCode
  sources:
  - openapi/athenahealth-fhir-r4-api-openapi.yml
- scope: system/*.read
  description: System-level read for Bulk Data
  flows:
  - authorizationCode
  - clientCredentials
  sources:
  - openapi/athenahealth-fhir-bulk-data-api-openapi.yml
  - openapi/athenahealth-fhir-r4-api-openapi.yml
- scope: system/Subscription.read
  description: Read Subscriptions
  flows:
  - clientCredentials
  sources:
  - openapi/athenahealth-fhir-subscriptions-api-openapi.yml
- scope: system/Subscription.write
  description: Manage Subscriptions
  flows:
  - clientCredentials
  sources:
  - openapi/athenahealth-fhir-subscriptions-api-openapi.yml
- scope: user/*.read
  description: Read user-scoped resources
  flows:
  - authorizationCode
  sources:
  - openapi/athenahealth-fhir-r4-api-openapi.yml