Protected data on our FHIR server can be accessed in two main ways of authorization described below:
  • OAuth2 Access Tokens
  • Client Credentials Headers

OAuth2.0 Access Tokens

Apart from the FHIR Server 1up also provides an Authorization Server. This server is responsible for generation authorization codes, exchanging authorization codes for access tokens, and exchaning refresh tokens for new access tokens.
You can make a call to our FHIR server with a OAuth2 Access Bearer Token in the header in order to perform a create, read, update, delete (CRUD) or search operation against the 1up FHIR server.
For information about how to interact with our OAuth2 Authorization Server see here.

Client Credential Headers

As an alternative to OAuth2 described above, if you have the client credentials (client ID and secret) that own the FHIR Resources in question, you can access those directly using request headers.
API Request via Client Credentials