Canvas Medical · Authentication Profile

Canvas Medical Authentication

Authentication

Canvas Medical secures its APIs with http and oauth2 across 3 declared security schemes, as derived from its OpenAPI definitions. OAuth 2.0 is offered via the authorizationCode and clientCredentials flow(s).

EHRFHIRHealthcareElectronic Health RecordsVirtual CareClinical WorkflowsPatient ManagementCare Coordination
Methods: http, oauth2 Schemes: 3 OAuth flows: authorizationCode, clientCredentials API key in:

Security Schemes

OAuth2ClientCredentials oauth2
· flows: clientCredentials
OAuth2AuthCode oauth2
· flows: authorizationCode
BearerAuth http
scheme: bearer

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/canvas-medical-fhir-api-openapi.yml
summary:
  types:
  - http
  - oauth2
  oauth2_flows:
  - authorizationCode
  - clientCredentials
schemes:
- name: OAuth2ClientCredentials
  type: oauth2
  flows:
  - flow: clientCredentials
    tokenUrl: https://{canvas-instance}.canvasmedical.com/auth/token/
    scopes: 8
  description: Machine-to-machine authentication using client credentials grant. Obtain client_id
    and client_secret from Canvas admin panel.
  sources:
  - openapi/canvas-medical-fhir-api-openapi.yml
- name: OAuth2AuthCode
  type: oauth2
  flows:
  - flow: authorizationCode
    authorizationUrl: https://{canvas-instance}.canvasmedical.com/auth/authorize/
    tokenUrl: https://{canvas-instance}.canvasmedical.com/auth/token/
    scopes: 3
  description: User-delegated access using Authorization Code flow with SMART on FHIR scopes.
  sources:
  - openapi/canvas-medical-fhir-api-openapi.yml
- name: BearerAuth
  type: http
  scheme: bearer
  bearerFormat: JWT
  sources:
  - openapi/canvas-medical-fhir-api-openapi.yml