Authentication
Health Gorilla APIs use OAuth 2.0 and SMART on FHIR protocols to secure access and enforce role-based authorization. Authentication defines how applications register clients, obtain and refresh tokens, and control access to protected resources across users and systems.
Overview
Understand the supported API protocols, interaction models, and typical use cases.
OAuth Authentication
Register clients, obtain credentials, and generate access tokens using OAuth 2.0.
OAuth Flows
Select the appropriate OAuth flow for your use case—client credentials for system-level access or authorization code for user-facing applications.
Scopes and Access
Apply and enforce scopes to control which FHIR resources and operations an application can access.
Token Management
Handle token expiration and refresh cycles, and inspect token metadata to validate identity, roles, and tenant context.
SMART on FHIR
Launch patient- or provider-facing applications using SMART on FHIR context and authorization parameters.
Versioning
Retrieve user and tenant details from the access token and use them to select the appropriate FHIR API version.