You can use this API action to authorize and authenticate an SSO request in order to launch apps within an EHR system. Typically, you can use this for:
- allowing a provider or patient to access your app directly from their system;
- enabling SSO for you to make FHIR® API requests to your connection’s system; or
- allowing Redox to automatically refresh access tokens for your system.
Redox handles the SSO request with OAuth 2.0. We store the access tokens for you and automatically refresh the tokens as needed.
This API action allows you to quickly and efficiently integrate with a new connection’s system by using an existing configuration with minimal code changes.
You can use this API action with the Redox FHIR® API. For SSO, you can use SAML, SMART, or other SSO schemes. Redox is compatible with any OAuth or OpenID Connect provider. When using SMART, you must register your app with a provider that supports SMART.
Your connection must have their own FHIR® API in order to launch apps from their system using a Redox launch URL.
- 1Launch app within an EHR systemrequired
- 2Make FHIR requests to Redoxrequired
As a reminder, a patient or provider initiates a SMART App Launch by clicking a button in the EHR system's UI. The launch URL is a Redox URL, but when you're configuring your app in the EHR system, you must enter https://launch.redoxengine.com/redirect as the redirect URL when this action happens.
Redox then looks up the relevant Redox organization record, and redirect the request to the authorization server. The patient or provider is prompted to authorize your application—not Redox—to access the relevant data, then the EHR system is redirected back to Redox.
Redox requests an access token on behalf of your app and stores it securely, then we send the SSO data model with a Meta.SessionId and Meta.SessionBaseURL within the payload.
You can see an example of the SSO payload below, but you can also refer to the resource schema for more details.
After enabling SSO, you must include these query parameters in the URL when making subsequent API requests:
Redox provides a unique SessionID that you must include in the _redox_session query parameter of the URL to make subsequent FHIR® requests.
This is a FHIR® base URL that can be used to make subsequent FHIR® requests. |
Typically, you receive back the provider user ID and name in the response. Most often, you also receive the patient ID, but not always. We recommend pairing your query with a patient search or other enrollment method to guarantee receiving the patient ID or other patient details.