Bar

Application Testing


For integration testing, you can use the sandbox FHIR R4 endpoints provided in this page.

Specific Client Auth Settings for your FHIR Application

  • OAuth Client ID/OAuth Client Secret: You receive this when you register your FHIR application. Follow the instructions in Process Overview to complete your application registration.
  • OAuth Redirect URL: This is specified when you register your application. If you are unsure, use "http://localhost/callback".
  • Provider/patient Credentials: For the shared provider or patient credentials used for authentication, please create an API request via the Support Widget. Please provide your client ID and indicate which Sandbox you're testing with.

TouchWorks EHR Sandbox

R4 Provider or System Access

R4 Patient Access

Sunrise EHR Sandbox

R4 Provider or System Access

R4 Patient Access

More Information about Testing

You can also use the Postman to test with sandboxes.

Patient and User Applications

Patient and User type FHIR applications authenticate by entering user credentials for the Altera EHR or patient portal (such as AHC or FollowMyHealth). Postman can send requests to these systems to obtain these tokens.

Before attempting to send FHIR requests to the Altera EHR, it is helpful to create an environment file with the following variables.

  • FhirURL: FHIR server URL.
  • AuthURL: FHIR authorization server URL. This often ends in …/authorize. The authorization server validates that the application has been authorized, and then validates the user’s credentials. You can obtain the AuthURL by calling the Capability Statement.
  • CallbackURL: Callback URL. This is where the authorization sends a temporary token to application. For example, http://localhost/callback.
  • TokenURL: FHIR Token server URL. This often ends in …/token. The application sends the temporary to the TokenURL and a regular token is returned. You can obtain the TokenURL by calling the Capability Statement.
  • ClientID: FHIR application Client ID. This is found on the FHIR App page in the Altera Connect portal.
  • ClientSecret: FHIR application Client Secret. This is found on the FHIR App page in the Altera Connect portal.
  • Scope: FHIR application scope. This is requested by the FHIR application developer on the FHIR App page in the Altera Connect portal.

To create an environment in Postman:

  1. Create or go to your workspace.
  2. Click Environments, and then click New.
  3. On the Create New screen, click Environment.
  4. Enter the variables, and then click Save.

Next, create a request.

  1. Click New.
  2. On the Create New screen, click HTTP Request.

Next, obtain a token.

  1. On the request’s tab, click the Authorization tab.
  2. In Type, select OAuth 2.0.
  3. In Header Prefix, select Bearer.
  4. Under Configure New Token, refer to the variables you created in your Environment file by using the {{variable name}}. For example, for Auth URL, enter {{AuthURL}}.
  5. Click Get New Access Token.
  6. For a User application, the Altera EHR login screen displays. Enter the EHR credentials. For a Patient application, enter the patient’s portal credentials.
  7. Postman displays the token. Click Use Token.

You can now enter an HTTP request and click Send.

Note: Tokens expire after a set amount of time configured by the client. You will need to generate new tokens periodically.

For more information on Postman, see the Postman Support Center or Learning Center.

System Applications

Instead of entering product credentials to obtain a token, System applications make a direct call to the Token URL. The body of the request must include the following:

  • client_assertion: Indicates a token generated using a private key. The key must be signed by a certificate authority. There is no way to generate this token in Postman, and thus it must be generated by another utility. Sample code for creating your own utility follows.
  • client_assertion_type: urn:ietf;params;oauth:client-assertion-type:jwt-bearer
  • grant_type: client_credentials
  • scope: system/*.read (SMART v1) or system/*rs (SMART v2)

C# Sample Code for Generating Access Token with System Application

private async Task GetBearerToken()

{

    string accessToken = null;

    string tokenURL = "[token URL of FHIR auth server]";

    string clientID = "[your FHIR app client ID]";

    var tokenCode = GenerateJWT(tokenURL, clientID);

    var address = new Uri(tokenURL);

    using (var handler = new HttpClientHandler())

    {

        handler.UseCookies = false;

        using (var client = new HttpClient(handler))

        {

            var message = new HttpRequestMessage(HttpMethod.Post, address);

            var content = new FormUrlEncodedContent(new[]

            {

                    new KeyValuePair("scope", "system/*.read"),

                    new KeyValuePair("grant_type", "client_credentials"),

                    new KeyValuePair("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"),

                    new KeyValuePair("client_assertion", tokenCode),

                });

       &n

  • LinkedIn
  • Twitter
  • YouTube
  • Facebook
  • Instagram

© 2025 Altera Digital Health Inc. and / or its affiliates. All rights reserved.

This site uses only essential cookies required for login, security, and core functionality.