SMART Health IT · Authentication Profile

Smarthealthit Authentication

Authentication

SMART Health IT secures its APIs with oauth2 across 1 declared security scheme, as derived from its OpenAPI definitions. OAuth 2.0 is offered via the authorizationCode and clientCredentials flow(s).

SMART on FHIRFHIRHealth ITEHR IntegrationClinical DataClinical RecordsPatient FacingOpen StandardsInteroperability
Methods: oauth2 Schemes: 1 OAuth flows: authorizationCode, clientCredentials API key in:

Security Schemes

smartOnFhir oauth2
· flows: authorizationCode, clientCredentials

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/smarthealthit-openapi.yml
summary:
  types:
  - oauth2
  oauth2_flows:
  - authorizationCode
  - clientCredentials
schemes:
- name: smartOnFhir
  type: oauth2
  flows:
  - flow: authorizationCode
    authorizationUrl: https://launch.smarthealthit.org/v/r4/auth/authorize
    tokenUrl: https://launch.smarthealthit.org/v/r4/auth/token
    scopes: 6
  - flow: clientCredentials
    tokenUrl: https://launch.smarthealthit.org/v/r4/auth/token
    scopes: 1
  description: HL7 SMART App Launch OAuth 2.0 profile, used by the launcher's protected FHIR
    proxy. The open r4.smarthealthit.org sandbox requires no authentication; the Bulk Data server
    uses SMART Backend Services (client_credentials with a signed JWT assertion).
  sources:
  - openapi/smarthealthit-openapi.yml