website logo
⌘K
👋Welcome!
🚀About Founda
Introduction to Founda
Glossary
🔌Getting started
Start your integration
Founda FHIR Sandbox
🧑‍🏫Tutorials
Console
Authentication with OAuth2.0
📖Interaction Guides
Patient Demographics Exchange
Clinical Information Exchange
Subscription Management
Audit Record Repository
Docs powered by
Archbee
website logo
Tutorials

Authentication with OAuth2.0

8min

This tutorial explains how to connect to the API Gateway (or Sandbox) with (test) Client Credentials, using OAuth2 for authorization and authentication.

As explained in the getting started guide, you will need the Client ID and the Client Secret to get access.

Step 1: Get access token

Access tokens and refresh tokens can be generated using the following URLs, depending on the region your organization is hosted in:

  • https://identity-oauth.eu.founda.com/oauth2/token
  • https://identity-oauth.us.founda.com/oauth2/token

Example cURL command

In order to get an access token you can use the following cURL command as an example:

Don't forget to replace the URL with the EU variant if that's where your organization is hosted.

JS
|
curl --location --request POST 'https://identity-oauth.us.founda.co/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<client_id>' \
--data-urlencode 'client_secret=<client_secret>' \
--data-urlencode 'grant_type=client_credentials'


Replacing <client_id> and <client_secret> with your Client Credentials.

Example Postman command

In order to get an access token you can use the following Postman steps as an example:

Don't forget to replace the URL with the EU variant if that's where your organization is hosted.

  1. Open a new request and go to the Authorization tab
  2. Configure the settings:
    1. Type: OAuth2.0
    2. Grant Type: Client Credentials
    3. Access token URL:
      1. https://identity-oauth.eu.founda.co/oauth2/token
      2. https://identity-oauth.us.founda.co/oauth2/token
    4. Client ID: Client ID of Test Client retrieved via 1Password
    5. Client Secret: Client Secret of Test Client retrieved via 1Password
    6. Client authentication: ‘Send client credentials in body’
Configure new access token
Configure new access token

  1. Choose ‘Get New Access Token’
  2. When authentication is successful: Authentication complete
  3. Choose ‘Use Token’

Postman will copy the token to the token field.

Please keep your API keys private.

API Keys created should never be exposed in untrusted contexts. Never put Client Credentials in client-side JavaScript, embed it in a web page, or otherwise allow users to access it. If Client Credentials are exposed, lost, or stolen, then it is compromised. Revoke compromised keys immediately from your Clients page to prevent unauthorized access.

Step 2: Start using the API

Now that your Test Client has an Access Token, it is possible to start making test calls to the Sandbox. The FHIR 4 Base URL for this is:

  • https://api.us.founda.co/1/health/organizations/{organizationId}/fhir/4
  • https://api.eu.founda.co/1/health/organizations/{organizationId}/fhir/4

Note that {organizationId} has to be replaced with the organization ID of the Sandbox, this ID is provided along with the Client Credentials.

Updated 01 May 2023
Did this page help you?
PREVIOUS
Audit Record Repository
NEXT
Interaction Guides
Docs powered by
Archbee
TABLE OF CONTENTS
Step 1: Get access token
Step 2: Start using the API
Docs powered by
Archbee