Developer signup
Before you can use the Allscripts FHIR API, you have to signup for an account. This is done from the Allscripts Developer Program website.
When you sign up for a developer account, you will be asked to accept the User Agreement and provide a valid email address.
After sign up, you will be issued credentials that you can use to register your applications.
Application registration
On the Allscripts Developer Program website, click My FHIR Applications. A list of your FHIR applications displays.
Click + to register your application using a developer portal, or click Manage API Credentials to obtain credentials to register your application programmatically using OAuth 2 Dynamic Client Registration.
Registering your application on the ADP portal
To register your application using the ADP portal, populate the required fields.
Review Authentication and Authorization for more information about the required OAuth 2 parameters.
You can also modify some of the parameters associated with the API. For example, if you wanted to add an additional redirect URI.
Registering your application programmatically
The Allscripts FHIR API OAuth 2.0 authentication supports the following protocols for managing your application:
- OAuth 2.0 Dynamic Client Registration Protocol: an RFC draft defining a base RESTful server endpoint and JSON object to facilitate registration of common OAuth 2.0 clients.
- OAuth 2.0 Dynamic Client Registration Management Protocol: extends the above spec with RESTful operations to permit retrieval (via GET), modification (PUT), and deletion (DELETE) of an OAuth 2.0 client registration.
- OpenID Connect Dynamic Client Registration 1.0 : specifies additional metadata for OAuth 2.0 clients that are OpenID Connect clients.
The Allscripts FHIR API OAuth 2.0 authentication supports managed registration. This means that an authorization header is required to invoke the endpoints.
Authorization header
To access the API, you will need an API ID and KEY. To obain these, click Manage API Credentials.
To generate the AMX authorization header, use the following algorithm.
For example, to register your application, send the following:
POST http://adpstage.southcentralus.cloudapp.azure.com/authmgmt/api/client/add
{
'client_name' : 'My Cool App',
'application_type' : 'native',
'client_type' : 'confidential',
'redirect_uris': ['http://localhost/callback','urn:ietf:wg:oauth:2.0:oob', 'https://www.getpostman.com/oauth2/callback']
}
The server returns the access token which your app then uses in subsequent calls to the API.
{
'client_id' : 'abcdef1234567890'
'secret': 'secret',
}