Overview
This page shows the endpoints and example procedures to integrate with Form-Lab.
Common Endpoints
(Replace placeholders with your environment values)
-
Authorize endpoint (OAuth2 authorize)
https://<AUTH_HOST>/authorize -
Token endpoint
https://<AUTH_HOST>/token -
FHIR base
https://<FHIR_HOST>/fhir
Example Flows
1. Authorization Code Exchange (cURL)
# Exchange authorization code for tokens
curl -X POST https://<AUTH_HOST>/token \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=authorization_code' \
-d 'code=<AUTH_CODE>' \
-d 'redirect_uri=<REDIRECT_URI>' \
-d 'client_id=<CLIENT_ID>' \
-d 'client_secret=<CLIENT_SECRET>'
2. Call the FHIR API Using the Access Token
3. Launch Link Example (SMART Launch URL)
A typical launch link looks like:
https://<APP_HOST>/launch?iss=https://<EHR_HOST>&launch=<LAUNCH_CONTEXT>
Mini Code Snippets
- Node.js (fetch) – Call FHIR Patient Read
await fetch(`${FHIR_BASE}/Patient/${patientId}`, {
headers: { Authorization: `Bearer ${accessToken}` }
});
Basic Error Handling
- Check HTTP status codes:
401→ Refresh token / re-authenticate403→ Insufficient scopes
- Log token expiry and handle refresh proactively.
Notes
- Replace placeholder hosts and secrets with your environment values.
- For local development, see:
developer/04-local-development.md. - Validate token claims to confirm patient context and scopes before performing writes.