The Client represents a profile of the Application Provider that contains all configurations and logic. An Application Provider requires at least one configured Client in order to set up Subscriptions and to receive authorizations from Provider Organizations.
A Client of an Application Provider must always be authorized by a Provider Organization before the Application Provider can start using the Client and before sending API calls.
The provider organization will be able to see the requests from all application provider clients under a consolidated section named "client management". The user can search for a specific client/provider using the search bar and can also filter clients by the status of their authorization request.
When a new request is made by a provider, it is categorized and ‘waiting for approval’, the user can click on that row to enter another screen which displays the following:
- Client name and the application provider’s name
- The reason provided by the Application Provider for the request
- The FHIR resources for which client is requesting access for
- Option to approve or reject the client
Once the user clicks on "approve client" the application provider is notified that their integration is now live and they can proceed with their API requests.
Founda architecture allows the provider organization to be in complete control and transparency of their data access. If at any point in time the provider organization wants to restrict the data access of their approved clients then these are the steps to follow -
- Access the client management module though the left navigation panel.
- Select the approved client you want to restrict the data access for.
- Click on the red "disable client" button to restrict the data access to the selected client.
The provider organization user can at any point in time also easily enable client again by clicking on the green "Enable client" button.