Canvas Medical · OAuth Scopes

Canvas Medical OAuth Scopes

OAuth 2.0 derived

Canvas Medical publishes 11 OAuth 2.0 scopes via the clientCredentials and authorizationCode flows. Scopes are the fine-grained permissions an application requests at authorization time to act against the Canvas Medical API on a user’s behalf.

Tokens are issued from https://{canvas-instance}.canvasmedical.com/auth/token/.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

EHRFHIRHealthcareElectronic Health RecordsVirtual CareClinical WorkflowsPatient ManagementCare Coordination
Scopes: 11 Flows: clientCredentials, authorizationCode Method: derived

OAuth endpoints

Authorization URL
https://{canvas-instance}.canvasmedical.com/auth/authorize/
Token URL
https://{canvas-instance}.canvasmedical.com/auth/token/
Flows
clientCredentialsauthorizationCode

Scopes (11)

ScopeDescriptionFlows
patient/*.read Read patient-context FHIR resources authorizationCode
system/*.read Read all FHIR resources clientCredentials
system/*.write Write all FHIR resources clientCredentials
system/Appointment.read Read Appointment resources clientCredentials
system/Appointment.write Write Appointment resources clientCredentials
system/Observation.read Read Observation resources clientCredentials
system/Observation.write Write Observation resources clientCredentials
system/Patient.read Read Patient resources clientCredentials
system/Patient.write Write Patient resources clientCredentials
user/*.read Read user-context FHIR resources authorizationCode
user/*.write Write user-context FHIR resources authorizationCode

Source

OAuth Scopes

canvas-medical-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/canvas-medical-fhir-api-openapi.yml
schemes:
- name: OAuth2ClientCredentials
  source: openapi/canvas-medical-fhir-api-openapi.yml
  flows:
  - flow: clientCredentials
    tokenUrl: https://{canvas-instance}.canvasmedical.com/auth/token/
  description: Machine-to-machine authentication using client credentials grant. Obtain client_id
    and client_secret from Canvas admin panel.
- name: OAuth2AuthCode
  source: openapi/canvas-medical-fhir-api-openapi.yml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://{canvas-instance}.canvasmedical.com/auth/authorize/
    tokenUrl: https://{canvas-instance}.canvasmedical.com/auth/token/
  description: User-delegated access using Authorization Code flow with SMART on FHIR scopes.
scopes:
- scope: patient/*.read
  description: Read patient-context FHIR resources
  flows:
  - authorizationCode
  sources:
  - openapi/canvas-medical-fhir-api-openapi.yml
- scope: system/*.read
  description: Read all FHIR resources
  flows:
  - clientCredentials
  sources:
  - openapi/canvas-medical-fhir-api-openapi.yml
- scope: system/*.write
  description: Write all FHIR resources
  flows:
  - clientCredentials
  sources:
  - openapi/canvas-medical-fhir-api-openapi.yml
- scope: system/Appointment.read
  description: Read Appointment resources
  flows:
  - clientCredentials
  sources:
  - openapi/canvas-medical-fhir-api-openapi.yml
- scope: system/Appointment.write
  description: Write Appointment resources
  flows:
  - clientCredentials
  sources:
  - openapi/canvas-medical-fhir-api-openapi.yml
- scope: system/Observation.read
  description: Read Observation resources
  flows:
  - clientCredentials
  sources:
  - openapi/canvas-medical-fhir-api-openapi.yml
- scope: system/Observation.write
  description: Write Observation resources
  flows:
  - clientCredentials
  sources:
  - openapi/canvas-medical-fhir-api-openapi.yml
- scope: system/Patient.read
  description: Read Patient resources
  flows:
  - clientCredentials
  sources:
  - openapi/canvas-medical-fhir-api-openapi.yml
- scope: system/Patient.write
  description: Write Patient resources
  flows:
  - clientCredentials
  sources:
  - openapi/canvas-medical-fhir-api-openapi.yml
- scope: user/*.read
  description: Read user-context FHIR resources
  flows:
  - authorizationCode
  sources:
  - openapi/canvas-medical-fhir-api-openapi.yml
- scope: user/*.write
  description: Write user-context FHIR resources
  flows:
  - authorizationCode
  sources:
  - openapi/canvas-medical-fhir-api-openapi.yml