Orion Health · Authentication Profile

Orion Authentication

Authentication

Orion Health secures its APIs with apiKey, http, and oauth2 across 4 declared security schemes, as derived from its OpenAPI definitions. OAuth 2.0 is offered via the authorizationCode and clientCredentials flow(s).

EHRFHIRHealth ITHealthcareHIEHL7IntegrationInteroperabilityPopulation Health
Methods: apiKey, http, oauth2 Schemes: 4 OAuth flows: authorizationCode, clientCredentials API key in: header

Security Schemes

oauth2 oauth2
· flows: authorizationCode
bearerAuth http
scheme: bearer
oauth2 oauth2
· flows: clientCredentials
apiKeyAuth apiKey
· in: header (X-API-Key)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/orion-fhir-openapi.yml, openapi/orion-hie-openapi.yml, openapi/orion-population-health-openapi.yml,
  openapi/orion-rhapsody-openapi.yml
summary:
  types:
  - apiKey
  - http
  - oauth2
  api_key_in:
  - header
  oauth2_flows:
  - authorizationCode
  - clientCredentials
schemes:
- name: oauth2
  type: oauth2
  flows:
  - flow: authorizationCode
    authorizationUrl: https://auth.orionhealth.com/oauth2/authorize
    tokenUrl: https://auth.orionhealth.com/oauth2/token
    scopes: 9
  description: OAuth 2.0 authorization using SMART on FHIR
  sources:
  - openapi/orion-fhir-openapi.yml
- name: bearerAuth
  type: http
  scheme: bearer
  bearerFormat: JWT
  sources:
  - openapi/orion-fhir-openapi.yml
  - openapi/orion-hie-openapi.yml
  - openapi/orion-population-health-openapi.yml
  - openapi/orion-rhapsody-openapi.yml
- name: oauth2
  type: oauth2
  flows:
  - flow: clientCredentials
    tokenUrl: https://auth.orionhealth.com/oauth2/token
    scopes: 9
  sources:
  - openapi/orion-hie-openapi.yml
  - openapi/orion-population-health-openapi.yml
  - openapi/orion-rhapsody-openapi.yml
- name: apiKeyAuth
  type: apiKey
  in: header
  parameter: X-API-Key
  sources:
  - openapi/orion-rhapsody-openapi.yml