This page describes SMART’s client-confidential-symmetric authentication mechanism. It is intended for SMART App Launch clients that can maintain a secret but cannot manage asymmetric keypairs. For clients that can manage asymmetric keypairs, Asymmetric Authentication is preferred. This profile is not intended for SMART Backend Services clients.
Register Client
PUT /Client/client-confidential-symmetriccontent-type: application/jsonaccept: application/json{"id":"client-confidential-symmetric","secret":"secret","grant_types": ["basic" ]}
Create AccessPolicy
PUT /AccessPolicy/client-confidential-symmetric-allowcontent-type: application/jsonaccept: application/json{"id":"client-confidential-symmetric-allow","engine":"allow","link": [ {"resourceType":"Client","id":"client-confidential-symmetric" } ]}
Access FHIR API
GET /fhir/Observation?code=4548-4&_count=2
content-type: application/json
accept: application/json
authorization: "Basic Y2xpZW50LWNvbmZpZGVudGlhbC1zeW1tZXRyaWM6c2VjcmV0"