Introduction

The Veradigm and Altera FHIR API allows you to connect to Veradigm and Altera products using the FHIR (Fast Healthcare Interoperability Resources) standard for healthcare resources. The FHIR standard enables application developers to create products and exchange clinical data in a secure manner that is consistent, flexible, and easy to implement.

The FHIR standard is constantly evolving. The current version of the Veradigm and Altera implementation of the FHIR API supports FHIR release 4 (“R4”) and the United States Core Data for Interoperability (“USCDI”) guidelines and requirements for data sharing. Previous versions of the Veradigm and Altera FHIR API were compatible with the DSTU2 release. However, as of 6/1/2025, Veradigm will no longer be providing support for DSTU2 as it approaches deprecation. The API will not be turned off, but there will no longer be technical support or resolution provided for any issues that arise. If your organization is still using DSTU2 with some clients, make plans to migrate all clients to R4 in order to ensure continued support of the API.

A note on terminology: For the purpose of this documentation, the term “application” refers to a software program connecting to a Veradigm or Altera product through the Veradigm and Altera FHIR API. The term “product” refers to the Veradigm or Altera base system such as TouchWorks EHR.

Capability Statement

A FHIR Capability Statement documents the set of capabilities and behaviors available from the FHIR API service implementation. The Capability Statement includes information about supported FHIR resources and security protocols and should be used by applications as the set of rules the application should follow.

To get a copy of the Veradigm and Altera FHIR API capability statement, make the following request:

FHIR Resources

The Veradigm and Altera FHIR API allows users to search for and access selected clinical, demographic, and facility information via REST. This data is referred to by FHIR as resources and include healthcare or related items such as patients or medications. All resources are addressable by a unique identifier (id) that can be used to access or reference them. For information on the individual FHIR resources supported by the Veradigm and Altera FHIR API and the requests they support, see the Resources page.

FHIR resources are accessed through HTTP and use the HTTP verbs. For example, GET.

The Veradigm and Altera FHIR API supports both JSON and XML formats. By default, the Veradigm and Altera FHIR API returns data in JSON. Use the Accept HTTP header to control this format.

• */*: Application accepts anything.
• application/fhir+XML: Response is in XML.
• application/fhir+JSON: Response is in JSON.

The Veradigm and Altera FHIR API returns information using the FHIR standard (DSTU2 or R4) specific to the FHIR version installed at the organization. To have the API to return information using the R4 standard from a version-less environment, add fhirVersion=4.0 to the Accept header in the request. To verify the FHIR version, refer to the Endpoint Directory. This may be useful when preparing for the deprecation of support for the DSTU2 standard.

Authorization

The Veradigm and Altera FHIR API supports the HL7® SMART Application Launch Framework Implementation Guide Release 1.0.0 implementation specification, a profile of the OAuth 2.0 specification. Additionally, the Veradigm and Altera FHIR API supports OpenID Connect Core 1.0. For more information on these specifications, see https://hl7.org/fhir/smart-app-launch/1.0.0/.

The following sections describe the authorization flows for FHIR applications.

Stand-alone application launch for a Veradigm product user

The endpoint for the product's Veradigm FHIR server is available from the Veradigm Endpoint Directory. Typically endpoints that include /fhir are for product users. These (non-patient) application endpoints can also be tagged with a Provider badge on the Endpoint Directory.

1. The application requests the Capability Statement from Veradigm FHIR server.
2. The Veradigm FHIR server returns the Capability Statement which includes two endpoints:
   • authorize endpoint for the Veradigm Authorization server
   • token endpoint

   For example:

   “url”: “authorize”,
“valueUri”: “https://.../authorize”
},
{
“url”: “token”,
“valueUri”: “https://.../token”
3. The application sends credentials to the Veradigm Authorization server. These credentials include the application's client ID and client secret. (On the FHIR App page on the Veradigm Connect Portal.)
4. If the application credentials are recognized by the Veradigm Authorization server (meaning the client has authorized the application in the Veradigm and Altera License Management Portal), the product's log in screen displays. The user can enter their user credentials (user ID and password) in the product.

   If the application credentials are not recognized by the Veradigm Authorization server, the server returns an error.

5. OAuth sends the user's product credentials to the Veradigm Authorization server. If the credentials are valid, the server returns a temporary token to the application's Callback URL (as defined in the Veradigm Connect Portal for the application).
6. The application sends the temporary token to the token endpoint, and the Veradigm Authorization server returns a regular token. The length of time during which the token is valid is defined in the Veradigm and Altera License Management Portal.

Stand-alone application launch for a patient

The endpoint for the product's Veradigm FHIR server is available from the Veradigm Endpoint Directory or Altera Endpoint Directory. Typically endpoints that include /open are for patient applications. These patient application endpoints can also be tagged with a Patient badge on the Endpoint Directory.

1. The application requests the Capability Statement from Veradigm FHIR server.
2. The Veradigm and Altera FHIR server returns the Capability Statement which includes the authorize endpoint for the Veradigm Authorization server and the token endpoint.
3. The application sends credentials to the Veradigm Authorization server. These credentials include the application's client ID and client secret. (On the FHIR App page on the Veradigm Connect Portal.)
4. If the application credentials are recognized by the Veradigm Authorization server (meaning the client has authorized the application), the server verifies that the patient is valid.

SMART launch

1. A Veradigm or Altera product user launches a SMART application from the product. The product sends any relevant context with the launch command to the application.
2. Application sends credentials to the Veradigm Authorization server. These credentials include the application's client ID and client secret. (On the FHIR App page on the Veradigm Connect Portal.)
3. If the application credentials are recognized by the Veradigm Authorization server (meaning the client has authorized the application in the Veradigm and Altera License Management Portal), the product's log in screen displays. The user can enter their user credentials (user ID and password) in the product. If the application credentials are not recognized by the Veradigm Authorization server, the server returns an error.
4. OAuth sends the user's product credentials to the Veradigm Authorization server. If the credentials are valid, the server returns a temporary token to the application's Callback URL (as defined in the Veradigm Connect Portal for the application).
5. The application sends the temporary token to the token endpoint, and the Veradigm Authorization server returns a regular token. The length of time during which the token is valid is defined in the Veradigm and Altera License Management Portal.
6. If you are testing the authentication in Postman, you can manually copy the access token and paste it into Authorization tab > Current Token section > Token. Enter the URL for the request, and then click Send.