You can use this API action to authorize and authenticate a single sign-on (SSO) request to launch apps within an EHR system.
Redox handles SSO requests with OAuth 2.0. We store the access tokens for you and automatically refresh the tokens as needed.
This API action allows you to quickly and efficiently integrate with a new connection’s system by using an existing configuration with minimal code changes.
This API action may be a good fit for your organization if you perform any of these use cases:
- Allow a provider or patient to access your app directly from their system.
- Enable SSO for you to make FHIR® API requests to your connection’s system.
- Allow Redox to automatically refresh access tokens for your system.
You can use this API action with the Redox FHIR® API. For SSO, you can use SAML, SMART, or other SSO schemes. Redox is compatible with any OAuth or OpenID Connect provider. When using SMART, you must register your app with a provider that supports SMART.
Your connection must have their own FHIR® API to launch apps from their system using a Redox launch URL.
As a reminder, a patient or provider initiates a SMART App Launch by clicking a button in the EHR system's UI. The launch URL is a Redox URL, but when you're configuring your app in the EHR system, you must enter https://launch.redoxengine.com/redirect as the redirect URL when this action happens.
Redox looks up the relevant Redox organization record and redirects the request to the authorization server. The patient or provider is prompted to authorize your application—not Redox—to access the relevant data, then the EHR system is redirected back to Redox.
Redox requests an access token for your app and stores it securely. Then we send the SSO data model with a Meta.SessionId and Meta.SessionBaseURL within the payload.
You can see an example of the SSO payload below, but you can also refer to the resource schema for more details.
After enabling SSO, you must include these query parameters in the URL when making additional API requests:
Redox provides a unique SessionID that you must include in the _redox_session query parameter of the URL to make additional FHIR® requests.
This is a FHIR® base URL that can be used to make additional FHIR® requests. |
Typically, you receive the provider's user ID and name in the response. Most often, you also receive the patient ID, but not always. We recommend pairing your query with a patient search or other enrollment method to guarantee receiving the patient ID or other patient details.