EMHA API uses OAuth 2 for security. Third party apps must secure and protect the privacy of patients and their data. The third party app making calls to any EMHA API resource must include the access token in the Authorization header of the HTTPS request as a bearer token as illustrated in RFC 6749. The bearer token must be obtained by calling the authorization server that can be accessed through an https connection. The application end point is: The 3rd party app must be authorized by the patient’s practice that has received patient consent for the application to access patient PHI. Patients can activate or deactivate the 3rd party application access of their PHI at any time via their Enablemyhealth account.

HL7 Official Documentation of SMART with FHIR can be found here OAuth2

Test patient is Alice Newman 5/1/1970