Authentication

INTERLINK uses the OAuth 2.0 client credentials flow. All FHIR API requests must include a valid Bearer token.

When your integration is enabled, you will be provided with:

A token endpoint URL
A client ID
A client secret

Obtaining a token

Exchange your client credentials for an access token:

POST {tokenEndpointUrl}
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials&client_id={clientId}&client_secret={clientSecret}

The response will include an access_token and an expires_in value (in seconds). Tokens should be cached and refreshed before expiry rather than requested on every API call.

{
  "access_token": "eyJ...",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Using the token

Include the token in the Authorization header on every FHIR request:

Authorization: Bearer {access_token}

Scopes

Your token will include SMART on FHIR scopes that control which resources and operations are permitted:

Scope	Access
`system/Task.r`	Read Tasks
`system/Task.u`	Update Tasks
`system/ServiceRequest.r`	Read ServiceRequests
`system/Patient.r`	Read Patients

The scopes granted to your integration will be configured by INTERLINK. Contact support if you require access beyond what has been granted.

Obtaining a token​

Using the token​

Scopes​

Obtaining a token

Using the token

Scopes