Health Gorilla's API uses the OAuth 2.0 protocol with SMART-on-FHIR extensions to secure access to sensitive clinical data. This includes support for real-time FHIR R4 APIs, asynchronous STU3 workflows, and additional Health Gorilla-specific authorization flows. OAuth 2.0 enables secure, token-based access control and ensures applications and users are only permitted to access the data they’re authorized for.
This guide includes:
- Supported grant types and endpoints
- Access token request flows
- Scope definitions and fine-grained access control
- Role-based access control (RBAC)
- Token refresh, validation, and revocation
- User info retrieval and API version targeting