HL7 FHIR · OAuth Scopes

HL7 FHIR OAuth Scopes

OAuth 2.0 derived

HL7 FHIR publishes 7 OAuth 2.0 scopes via the authorizationCode flow. Scopes are the fine-grained permissions an application requests at authorization time to act against the HL7 FHIR API on a user’s behalf.

Tokens are issued from https://auth.example.com/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

ClinicalFHIRHealthcareHL7Interoperability
Scopes: 7 Flows: authorizationCode Method: derived

OAuth endpoints

Authorization URL
https://auth.example.com/authorize
Token URL
https://auth.example.com/token
Flows
authorizationCode

Scopes (7)

ScopeDescriptionFlows
launch/patient Patient context launch authorizationCode
openid OpenID Connect identity authorizationCode
patient/Condition.read Read conditions authorizationCode
patient/Encounter.read Read encounters authorizationCode
patient/MedicationRequest.read Read medication requests authorizationCode
patient/Observation.read Read observations authorizationCode
patient/Patient.read Read patient data authorizationCode

Source

OAuth Scopes

hl7-fhir-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/hl7-fhir-r4-openapi.yml
schemes:
- name: SMARTonFHIR
  source: openapi/hl7-fhir-r4-openapi.yml
  flows:
  - flow: authorizationCode
    authorizationUrl: https://auth.example.com/authorize
    tokenUrl: https://auth.example.com/token
  description: SMART on FHIR OAuth 2.0 authorization
scopes:
- scope: launch/patient
  description: Patient context launch
  flows:
  - authorizationCode
  sources:
  - openapi/hl7-fhir-r4-openapi.yml
- scope: openid
  description: OpenID Connect identity
  flows:
  - authorizationCode
  sources:
  - openapi/hl7-fhir-r4-openapi.yml
- scope: patient/Condition.read
  description: Read conditions
  flows:
  - authorizationCode
  sources:
  - openapi/hl7-fhir-r4-openapi.yml
- scope: patient/Encounter.read
  description: Read encounters
  flows:
  - authorizationCode
  sources:
  - openapi/hl7-fhir-r4-openapi.yml
- scope: patient/MedicationRequest.read
  description: Read medication requests
  flows:
  - authorizationCode
  sources:
  - openapi/hl7-fhir-r4-openapi.yml
- scope: patient/Observation.read
  description: Read observations
  flows:
  - authorizationCode
  sources:
  - openapi/hl7-fhir-r4-openapi.yml
- scope: patient/Patient.read
  description: Read patient data
  flows:
  - authorizationCode
  sources:
  - openapi/hl7-fhir-r4-openapi.yml