If you are using Postman to test the Patient Access API, you need to generate an access token that represents the synthetic beneficiary has granted access to your application.
- Launch Postman and open a new tab.
- Select the GET method and enter the following :
Replace the resource_name with the Patient Access resource name.
- Click Authorization and select type OAuth 2.0.
- Enter the following parameters in the Authorization section:
- Token Name: This is your application name
- Grant Type: Authorization Code (with PKCE)
- Auth URL: https://api.geisinger.org/oauth/v1/authorize
- Access Token URL: https://api.geisinger.org/oauth/v1/token
- Client ID: This is the Client ID for your registered application. You can obtain the Client ID for your application from the My Applications page
- Client Secret: This is the Client Secret that was assigned to your application. You can obtain the Client Secret for your application from the My Applications page.
- Code Challenge Method: SHA-256
- Code Verifier: This is the unhashed version of your code_challenge value
- Scope: Scope provides the beneficiary granular choice over what data they would like to share with the application. For e.g. scope=openid profile/*
- Client Authentication: Select Send as Basic Auth header
- Select Authorize using Browser.
- Click Get New Access Token.
- You should see a popup to the login page. You can login as a synthetic beneficiary using one of the synthetic beneficiary accounts.
- After you are authenticated using the synthetic beneficiary credentials, you will be redirected to the consent screen where you can read the scopes and grant/deny access to the application.
Once you grant consent, you will see a message on the browser that your call is authenticated.
- On the Postman screen, click Use Token to append access token to your request.
- Click Send.
You should be able to view the API response with 200 OK status. Here’s a sample response for a GET request:
This is only a subset of the entire output.