Published Date

If you are using Postman to test the Patient Access API, you need to generate an access token that represents the synthetic beneficiary has granted access to your application.

  1. Launch Postman and open a new tab.
  2. Select the GET method and enter the following :

         https://api.geisinger.org/ghp/fhir4/v1/<resource_name>

         Replace the resource_name with the Patient Access resource name.

  1. Click Authorization and select type OAuth 2.0.
  2. Enter the following parameters in the Authorization section:
  • Token Name: This is your application name
  • Grant Type: Authorization Code (with PKCE)
  • Auth URL: https://api.geisinger.org/oauth/v1/authorize
  • Access Token URL: https://api.geisinger.org/oauth/v1/token
  • Client ID: This is the Client ID for your registered application. You can obtain the Client ID for your application from the My Applications page
  • Client Secret: This is the Client Secret that was assigned to your application. You can obtain the Client Secret for your application from the My Applications page. 
  • Code Challenge Method: SHA-256
  • Code Verifier: This is the unhashed version of your code_challenge value
  • Scope: Scope provides the beneficiary granular choice over what data they would like to share with the application. For e.g. scope=openid profile/*
  • Client Authentication: Select Send as Basic Auth header
  1. Select Authorize using Browser.
  2. Click Get New Access Token.
  3. You should see a popup to the login page. You can login as a synthetic beneficiary using one of the synthetic beneficiary accounts.
  4. After you are authenticated using the synthetic beneficiary credentials, you will be redirected to the consent screen where you can read the scopes and grant/deny access to the application.

         Once you grant consent, you will see a message on the browser that your call is authenticated.

  1. On the Postman screen, click Use Token to append access token to your request.
  2. Click Send.

You should be able to view the API response with 200 OK status. Here’s a sample response for a GET request:

{

    "resourceType": "Patient",

    "id": "Ptp01",

    "meta": {

      "versionId": "1",

      "lastUpdated": "2020-11-23T23:26:29.190+00:00",

      "profile": [

      "http://hl7.org/fhir/us/core/StructureDefinition/us-core-patient"

      ],

    "tag": [

    {

      "system": "tranzform-apim-request-ns",

      "code": "user-request-id",

      "display": "1fb888bb-d0a3-49dc-a64b-d1fff9e01f9e\t\t\t1"

     }

    ]

    },

This is only a subset of the entire output.