A FHIR-first approach underpins the platform. Core capabilities implement the FHIR R4 standard, while additional APIs and operations support common interoperability workflows that extend beyond standard FHIR REST patterns. The API surface is designed for developers building healthcare applications, organizations integrating with national networks, and partners implementing TEFCA- and USCDI-aligned workflows.

How the APIs Are Organized

The APIs are grouped by function to reflect how interoperability workflows are implemented in practice.

Platform and authentication APIs: Manage secure access to platform services, including OAuth 2.0 authentication and authorization. Client credentials issued during onboarding are used to obtain access tokens for all API requests.
Record retrieval APIs: Support longitudinal patient record access through document query and retrieve workflows. Patient360 and the Individual Access Service (IAS) use FHIR-based operations to retrieve and assemble clinical documents and discrete data from participating data sources.
FHIR R4 APIs: Provide access to clinical data such as patients, encounters, observations, medications, immunizations, and documents. Resource structures, search behavior, and response formats follow the FHIR R4 standard, with implementation-specific behavior documented where applicable.
Subscription services APIs: Deliver event-driven notifications when qualifying patient activity is detected through document exchange. Clinical Alerts and ADT notifications support delivery through FHIR subscriptions or Secure File Transfer Protocol (SFTP) when configured.
Orders and results APIs: Support electronic diagnostic ordering and results delivery. The Lab Network enables submission of diagnostic orders and delivery of normalized results from participating laboratory partners using APIs designed for operational ordering workflows.

Common Use Cases

Health Gorilla APIs support a range of interoperability and data access scenarios, including:

Retrieve longitudinal patient records using $p360-retrieve or $everything
Generate clinical document exports in C-CDA or PDF format using $export-ccda
Access clinical data such as lab results, medications, immunizations, and vital signs
Subscribe to event-driven notifications using FHIR subscriptions
Receive admission, discharge, and transfer notifications using HL7 v2 ADT messages when configured
Submit and manage diagnostic orders through the Requisition API
Build interoperable applications or private health information exchanges using FHIR R4 standards
Support care coordination, population health, and compliance workflows aligned to USCDI and TEFCA

Design Principles

The API design reflects a consistent set of architectural principles:

FHIR-first: FHIR R4 is used wherever it supports interoperable exchange.
Network-aware: APIs reflect how data is accessed across national interoperability networks.
Purpose-built extensions: Custom operations and services address interoperability needs not fully covered by standard FHIR patterns.
Event-driven delivery: Notifications are delivered when qualifying activity is detected rather than through continuous polling.
Auditability and traceability: Provenance, attribution, and compliance requirements are supported across workflows.

Getting Started

Using the Health Gorilla APIs involves a small set of standard steps.

Request sandbox credentials for your organization
Review authentication and authorization requirements
Explore supported FHIR R4 resources and operations
Reference example requests and responses using samples or Postman collections

All requests require OAuth 2.0 authentication using the client ID and secret issued during onboarding.