Table of Contents¶
Introduction¶
This documentation is intended as a detailed reference for the precise behaviour of {onpatient FHIR API}. This API is built based on FHIR (DSTU2) (Fast Healthcare Interoperability Resources), which is a standard for exchanging healthcare information electronically. If this is your first time using the API, start with our tutorial.
- Requests
- Responses
- Documentation Structure
- Data Types
- Verbose Parameter
- Rate Limits
- Stability Policy
Requests¶
There are two different kinds of requests, authentication requests and data query requests.
Both kind of requests must be made using onpatient URL https://onpatient.com
We only support GET method for now, and we are actively working on exposing write access
on each endpoint. Also please note, not all endpoints support retrieving by id.
| Path | Method | Effects | Success Status | Failure Status | Response Content |
|---|---|---|---|---|---|
:endpoint |
GET |
None | 200 |
403 |
Paginated list of all endpoint resources that the requester can access |
:endpoint/:id |
GET |
None | 200 |
403 or 404 |
Object with requested id |
Requests should make sure not to send Accept: test/html in the header, as the
API only supports JSON responses.
Responses¶
All responses are in JSON format. Generally input may use the application/json+fhir, application/json, application/x-www-form-urlencoded or form/multipart content types.
The list of objects returned by a GET request to :endpoint is paginated, will follow FHIR bundle and has the following format:
{
"resourceType": "Bundle"',
"type": "searchset",
"total": integer, // total number of objects returned
"link": list of link objects, // links related to bundle
"entry": list of result objects
}
The page size is default to 50, and can be changed by setting the page-size query parameter.
Some endpoints may allow additional query parameters to filter the listed results.
Some endpoints may return a 302 redirect response. Most libraries handle this incorrectly by resending the response with different headers or a different HTTP method; you need to resend the original request with the right HTTP method and headers to the new Location specified by the 302 response.
Permissions¶
API access is managed using scopes and permissions. Scopes are granted to an API Application when a user authorizes. The scopes are granted during the OAuth process, whereas the permissions have to be granted from DrChrono web app. In order for an app to access information on behalf of a DrChrono user, the user must authorize the app for the required scopes, and the user must have the appropriate permissions set.
Documentation Structure¶
Each section consists of a list of endpoints, each of which is accompanied by the following data:
- A brief description of the objects accessed through the endpoint,
- The scopes required to access the endpoint,
- The request types supported by the endpoint (
GET), - Any query parameters which can be used to filter results,
- A table of key-value pairs present in the JSON response from the endpoint.
Key-value pairs are presented as tables containing the key, the type of the object, and a description of its function if it is not obvious from context. Also the documentation will explicitly indicate whether a field is guaranteed to be present.
Data Types¶
Basic data types referred to in the documentation, for both requests and responses, are listed below.
| Type | Category | Example |
|---|---|---|
| boolean | Primitive | true |
| integer | Primitive | 123 |
| decimal | Primitive | 123.45 |
| string | Primitive | "Hello, world!" |
| URL | Primitive | "http://example.com/index.html" |
| date | Primitive | "2017-05-31" |
| datetime | Primitive | "2017-05-31T12:34:56" |
Rate Limits¶
Applications are subject to an hourly rate limit, which reset at the top of each hour.
Requests over this limit will receive a response with status code 429.
By default, applications are limited to 500 calls per hour.
Contact sales@drchrono.com or your account representative to request an increased rate limit.
Stability Policy¶
Changes to this API version will be limited to adding endpoints, or adding fields to existing endpoints, or adding optional query parameters. Any new fields which are not read-only will be optional.
OAuth¶
These endpoints are used to obtain access tokens, which are necessary for all other API calls.
https://onpatient.com. The POST OAuth endpoint URLs require the trailing slash. Also, they accept x-www-urlencoded parameters, not application/json.
Endpoints¶
/o/authorize/¶
Unlike the other endpoints in this document, API applications do not contact /o/authorize/ directly.
Instead, users of the application should be redirected to /o/authorize/. The user will be prompted to authorize the application,
they are redirected to redirect_uri with the query parameter code, which will be used by the
application to query the /o/token/ endpoint. Note that the code parameter expires after 1 minute.
Allowed requests: GET
Request parameters:
| Key | Type | Required | Notes |
|---|---|---|---|
client_id |
string | Yes | The Client ID identifying your application, which can be found on the API management page. |
redirect_uri |
URL | Yes | The URL to which the user is redirected after authorizing your application. Must be one of the redirect URIs registered with your application on the API management page. |
scope |
string | Yes | See here for a detailed explanation. |
response_type |
string | Yes | Use code |
/o/token/¶
Allows applications to exchange the code parameter from the previous endpoint
for access and refresh tokens.
Allowed requests: POST
Request parameters:
| Key | Type | Required | Notes |
|---|---|---|---|
grant_type |
string | Yes | Either "authorization_code" or "refresh_token" |
client_id |
string | Yes | The Client ID identifying your application, which can be found on the API management page. |
client_secret |
string | Yes | Also on the API management page |
redirect_uri |
string | Yes | The URL to which the user was redirected after granting authorization |
code |
string | No* (see note) | Passed to the redirect URI when the user chooses to authorize an application. Required if grant_type is "authorization_code". |
refresh_token |
string | No* (see note) | Used to refresh an expired authorization token. Required if grant_type is "refresh_token". |
Response parameters:
| Key | Type | Notes |
|---|---|---|
access_token |
string | Requests to the other endpoints must include the Authorization header with value Bearer :access_token |
refresh_token |
string | Used to get a new access and refresh token after the access token expires |
expires_in |
integer | Number of seconds until expiry, which is always 172800 (48 hours) |
token_type |
string | It is always Bearer |
scope |
string | Space separated scopes authorized for the corresponding token |
/o/revoke_token/¶
Allows applications to revoke an access token before it expires. This is useful for testing purposes.
Request parameters:
| Key | Type | Required | Notes |
|---|---|---|---|
client_id |
string | Yes | The Client ID identifying your application, which can be found on the API management page |
client_secret |
string | Yes | Also on the API management page |
token |
string | Yes | The access token to revoke |
Main API¶
These are the main endpoints which are accessible to every application.
https://onpatient.com.
Endpoints¶
/api/fhir/AllergyIntolerance/api/fhir/Condition/api/fhir/DiagnosticReport/api/fhir/Immunization/api/fhir/Medication/api/fhir/MedicationOrder/api/fhir/MedicationStatement/api/fhir/Observation/api/fhir/Patient/api/fhir/Procesure
/api/fhir/AllergyIntolerance¶
This endpoint contains information about a record of a clinical assessment of an allergy or intolerance. For more information, please see FHIR AllergyIntolerance
Required scopes: patient/*.read
Supported requests: GET
Filtering parameters:
| Key | Type | Description |
|---|---|---|
patient |
integer | Only retrieve objects of the given patient |
_lastUpdated |
timestamp | Only retrieve objects updated after the given timestamp |
Object key/values:
| Key | Type | Always present | Notes |
|---|---|---|---|
id |
integer | Yes | |
patient |
FHIR Reference | Yes | Reference to patient |
substance |
FHIR CodeableConcept | Yes | Substance considered to be responsible for risk |
status |
FHIR code | Yes | Allergy status. One of active or inactive |
/api/fhir/Condition¶
This endpoint contains information about conditions, problems and diagnoses recognized by a clinician. For more information, please see FHIR Condition
Required scopes: patient/*.read
Supported requests: GET
Filtering parameters:
| Key | Type | Description |
|---|---|---|
patient |
integer | Only retrieve objects of the given patient |
_lastUpdated |
timestamp | Only retrieve objects updated after the given timestamp |
Object key/values:
| Key | Type | Always present | Notes |
|---|---|---|---|
id |
integer | Yes | |
patient |
FHIR Reference | Yes | Reference to patient |
code |
FHIR CodeableConcept | Yes | Identification of the condition, problem or diagnosis |
clinicalStatus |
FHIR code | Yes | Clinical status value set FHIR Condition clinical status |
onsetDateTime |
FHIR dateTime | Yes | Onset datetime on record. |
/api/fhir/DiagnosticReport¶
This endpoint contains information about findings and interpretation of diagnostic tests performed on patients
Required scopes: patient/*.read
Supported requests: GET
Filtering parameters:
| Key | Type | Description |
|---|---|---|
patient |
integer | Only retrieve objects of the given patient |
_lastUpdated |
timestamp | Only retrieve objects updated after the given timestamp |
Object key/values:
| Key | Type | Always present | Notes |
|---|---|---|---|
id |
integer | Yes | |
code |
FHIR CodeableConcept | Yes | Name/Code for this diagnostic report |
status |
FHIR code | Yes | diagnostic report status value set |
subject |
FHIR Reference | Yes | |
effectiveDateTime |
FHIR dateTime | Clinically Relevant time/time-period for report | |
issued |
FHIR instant | Yes | DateTime this version was released |
performer |
FHIR Reference | Yes | Responsible Diagnostic Service |
result |
FHIR Reference | Yes | Observations - simple, or complex nested groups |
/api/fhir/Immunization¶
This endpoint contains information about the event of a patient being administered a vaccination or a record of a vaccination as reported by a patient, a clinician or another party. For more information, please see FHIR Immunization
Required scopes: patient/*.read
Supported requests: GET
Filtering parameters:
| Key | Type | Description |
|---|---|---|
patient |
integer | Only retrieve objects of the given patient |
_lastUpdated |
timestamp | Only retrieve objects updated after the given timestamp |
Object key/values:
| Key | Type | Always present | Notes |
|---|---|---|---|
id |
integer | Yes | |
patient |
FHIR Reference | Yes | Reference to patient |
status |
FHIR code | Yes | Status of medication administration. Immunization Status value set |
date |
FHIR dateTime | Yes | Vaccination administration date |
vaccineCode |
FHIR CodeableConcept | Yes | Vaccine product administered |
wasNotGiven |
boolean | Yes | Flag for whether immunization was given |
reported |
boolean | Yes | Indicates a self reported record |
/api/fhir/Medication¶
This resource is primarily used for the identification and definition of a medication. It covers the ingredients and the packaging for a medication.
Required scopes: patient/*.read
Supported requests: GET
Filtering parameters:
| Key | Type | Description |
|---|---|---|
code |
string | Only retrieve objects related with given RxNorm code |
Object key/values:
| Key | Type | Always present | Notes |
|---|---|---|---|
id |
integer | Yes | |
code |
FHIR CodeableConcept | Yes |
/api/fhir/MedicationOrder¶
An order for both supply of the medication and the instructions for administration of the medication to a patient.
Required scopes: patient/*.read
Supported requests: GET
Filtering parameters:
| Key | Type | Description |
|---|---|---|
patient |
integer | Only retrieve objects of the given patient |
_lastUpdated |
timestamp | Only retrieve objects updated after the given timestamp |
Object key/values:
| Key | Type | Always present | Notes |
|---|---|---|---|
id |
integer | Yes | |
dateWritten |
FHIR dateTime | Yes | When prescription was authorized |
patient |
FHIR Reference | Yes | |
medicationCodeableConcept |
FHIR CodeableConcept | Yes | Medication to be taken |
note |
string | Yes | Information about the prescription |
/api/fhir/MedicationStatement¶
A record of a medication that is being consumed by a patient.
Required scoeps: patient/*.read
Supported requests: GET
Filtering parameters:
Key | Type | Description
----|------|------------
patient | integer | Only retrieve objects of the given patient
_lastUpdated | timestamp | Only retrieve objects updated after the given timestamp
Object key/values:
| Key | Type | Always present | Notes |
|---|---|---|---|
id |
integer | Yes | |
medicationCodeableConcept |
FHIR CodeableConcept | Yes | What medication was taken |
patient |
FHIR Reference | Yes | |
status |
FHIR code | Yes | Medication statement status value set |
/api/fhir/Observation¶
Measurements and simple assertions made about a patient, device or other subject. For more information, please see FHIR Observation
Required scopes: patient/*.read
Supported requests: GET
Filtering parameters:
| Key | Type | Description |
|---|---|---|
patient |
integer | Only retrieve observation of the given patient |
_lastUpdated |
timestamp | Only retrieve objects updated after the given timestamp |
Object key/values:
| Key | Type | Always present | Notes |
|---|---|---|---|
id |
string | Yes | |
status |
FHIR code | Yes | Observation status value set |
category |
FHIR CodeableConcept | Yes | Observation category value set |
code |
FHIR CodeableConcept | Yes | Type of observation |
subject |
FHIR Reference | Yes | |
effectiveDateTime |
FHIR dateTime | Yes | Clinically relevant time for observation |
referenceRange |
See here for more details | No | Most of the time, this field will exist when the object's category is laboratory |
interpretation |
FHIR CodeableConcept | No | Most of the time, this field will exist when the object's category is laboratory and its result is numerical value. |
valueString |
string | No | This field will exist when the object's result value is non-numerical |
valueQuantity |
FHIR Quantity | No | This field will exist when the object's result value is numerical |
dataAbsentReason |
FHIR CodeableConcept | No | This field will exist when the object's result is missing |
/api/fhir/Patient¶
This endpoint contains demographic information about individual receiving health care services. For more information, please see FHIR Patient.
Required scopes: patient/*.read
Supported requests: GET
Filtering parameters:
| Key | Type | Description |
|---|---|---|
_id |
integer | Only retrieve object with the given patient id |
_lastUpdated |
timestamp | Only retrieve objects updated after the given timestamp |
Object key/values:
| Key | Type | Always present | Notes |
|---|---|---|---|
id |
integer | Yes | Unique identifier for patient |
birthDate |
date | Yes | The date of birth of the individual |
gender |
FHIR code | Yes | Patient gender value set |
name |
FHIR HumanName | Yes | A name associated with the patient |
/api/fhir/Procedure¶
An action that is or was performed on a patient.
Required scopes: patient/*.read
Supported requests: GET
Filtering parameters:
| Key | Type | Description |
|---|---|---|
patient |
integer | Only retrieve observation of the given patient |
_lastUpdated |
timestamp | Only retrieve objects updated after the given timestamp |
Object key/values:
| Key | Type | Always present | Notes |
|---|---|---|---|
id |
integer | Yes | |
status |
FHIR code | Yes | Procedure status value set |
subject |
FHIR Reference | Yes | |
code |
FHIR CodeableConcept | Yes | Identification of the procedure |
performedDateTime |
FHIR dateTime | Yes | Date the procedure was performed |