OAuth Flows
Choose the appropriate OAuth 2.0 flow based on your application type and access requirements. Health Gorilla supports the following grant types for secure access to FHIR APIs.
Supported Grant Types
- Client Credentials Grant: Use this flow when a backend system authenticates on its own behalf. Suitable for server-to-server interactions with no user involvement.
- Authorization Code Grant: Use this flow for applications that require user login. Often paired with SMART on FHIR for secure launch from portals or EHRs.
- Refresh Token Flow: Use this flow to obtain a new access token after the original token expires. Only available for Authorization Code Grant flows with refresh token issuance enabled.
Choosing a Flow
| Scenario | Recommended Flow |
|---|---|
| Background system syncing records | Client Credentials Grant |
| Launching a user-facing app via SMART | Authorization Code Grant |
| Long-lived session with automatic renewal | Authorization Code + Refresh Token |
Each flow requires appropriate registration, scopes, and redirect URIs.