My360 Iframe


The My360 iframe allows developers to embed our patient access UI directly into their own products. This functionality allows patients to access their own medical records without leaving your product’s own UI. This guide describes retrieving an access token associated with a patient user and using the token as a parameter in the iframe URL.


Using the My360 Iframe

There are three steps involved in utilizing the My360 iframe.

  1. Creating the Patient User (if the patient does not already exist)
  2. Retrieving an access token for the user.
  3. Creating the iframe URL

Creating the Patient User

The My360 iframe requires the creation of a patient user inside of Health Gorilla. Each patient user is assigned a UUID by the client application. That UUID should be stored in your application and associated with your patient. This UUID is used in step two of the My360 iframe process. The patient user creation process is detailed in the Create a Patient User section of the developer guide. If you have already created a Health Gorilla Patient user for your patient, this step can be skipped.

Retrieving An Access Token for the Patient User

An access token for the patient must be retrieved from the Health Gorilla Oauth endpoint using the JWT Bearer Token Grant workflow (
The sub of the JWT must be the UUID of the patient you want to retrieve the access token for.

The patient_request scope must be included in the request to the Oauth token endpoint.

Creating the Iframe URL

Once an access token has been retrieved for the patient, the token is used as a parameter inside of the url to be framed inside of your application. This URL will open the Health Gorilla My360 UI, sign in the patient and take the patient to the My360 dashboard.<ACCESS_TOKEN>&go=/pp#dashboard