Department of Veterans Affairs (VA) OAuth Scopes

OAuth 2.0 derived

Department of Veterans Affairs (VA) publishes 3 OAuth 2.0 scopes via the authorizationCode flow. Scopes are the fine-grained permissions an application requests at authorization time to act against the Department of Veterans Affairs (VA) API on a user’s behalf.

Tokens are issued from https://sandbox-api.va.gov/oauth2/health/v1/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

Federal GovernmentHealthcareVeterans
Scopes: 3 Flows: authorizationCode Method: derived

OAuth endpoints

Authorization URL
https://sandbox-api.va.gov/oauth2/health/v1/authorization
Token URL
https://sandbox-api.va.gov/oauth2/health/v1/token
Flows
authorizationCode

Scopes (3)

ScopeDescriptionFlows
launch/patient Patient context launch authorizationCode
offline_access Refresh tokens authorizationCode
patient/*.read Read patient-scoped resources authorizationCode

Source

OAuth Scopes

department-of-veterans-affairs-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/va-clinical-health-fhir-api-openapi.yml
schemes:
- name: SmartOnFhir
  source: openapi/va-clinical-health-fhir-api-openapi.yml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://sandbox-api.va.gov/oauth2/health/v1/authorization
    tokenUrl: https://sandbox-api.va.gov/oauth2/health/v1/token
scopes:
- scope: launch/patient
  description: Patient context launch
  flows:
  - authorizationCode
  sources:
  - openapi/va-clinical-health-fhir-api-openapi.yml
- scope: offline_access
  description: Refresh tokens
  flows:
  - authorizationCode
  sources:
  - openapi/va-clinical-health-fhir-api-openapi.yml
- scope: patient/*.read
  description: Read patient-scoped resources
  flows:
  - authorizationCode
  sources:
  - openapi/va-clinical-health-fhir-api-openapi.yml