Complete documentation for OpenEMR's REST API, FHIR API, and SMART on FHIR integration.
| Document | Description |
|---|---|
| AUTHENTICATION.md | OAuth2 flows, client registration, token management, and introspection |
| AUTHORIZATION.md | Scopes, permissions, and granular access control |
| STANDARD_API.md | OpenEMR REST API (/api/ endpoints) |
| FHIR_API.md | FHIR R4 API (/fhir/ endpoints) |
| SMART_ON_FHIR.md | SMART app integration and launch flows |
| DEVELOPER_GUIDE.md | Internal usage, multisite, security, and development |
- SSL/TLS configured (required)
- Base URL set: Administration → Config → Connectors → Site Address
- Example:
https://your-openemr-installorhttps://your-openemr-install/openemr(note this should be the root of your openemr installation without a trailing slash)
- Example:
- APIs enabled:
- Standard API: Administration → Config → Connectors → Enable OpenEMR Standard REST API
- FHIR API: Administration → Config → Connectors → Enable OpenEMR Standard FHIR REST API
→ Start with FHIR API
→ Start with SMART on FHIR
→ Start with Standard API
→ Start with Developer Guide
https://localhost:9300/apis/default/api
https://localhost:9300/apis/default/fhir
https://localhost:9300/apis/default/portal
- FHIR R4 - HL7 FHIR Release 4
- US Core 8.0 IG - US Core Implementation Guide
- SMART on FHIR v2.2.0 - App launch framework
- OAuth 2.0 - Authorization framework
- OpenID Connect - Authentication layer
- ONC Cures Update - Information blocking compliance
sequenceDiagram
participant App
participant OpenEMR
participant User
App->>OpenEMR: 1. Register Client
OpenEMR->>App: Client ID & Secret
App->>OpenEMR: 2. Authorization Request
OpenEMR->>User: 3. Login & Consent
User->>OpenEMR: 4. Approve
OpenEMR->>App: 5. Authorization Code
App->>OpenEMR: 6. Exchange Code for Token
OpenEMR->>App: 7. Access Token + Refresh Token
App->>OpenEMR: 8. API Requests with Token
Detailed Authentication Guide →
Define what data your application can access. Learn more →
patient/Patient.rs
user/Observation.rs
system/Patient.$export
Different authentication flows for different use cases:
- Authorization Code - Standard flow for web apps
- Client Credentials - System-to-system (bulk export)
- EHR Launch - Context-aware SMART apps
- Standalone Launch - Patient-facing apps
Include site name in endpoint:
/apis/{site}/fhir/Patient
/apis/{site}/api/patient
- ✨ New Scope Syntax -
.crudssyntax with backwards compatibility for.read/.write - ✨ Granular Scopes - Fine-grained restrictions permissions with
?category=and?type= - ✨ POST-Based Authorization - More secure authorization flow
- ✨ EHR Launch - Context-aware app launches with encounter context
- ✨ Asymmetric Authentication - JWKS support for authorization_code grant
- ✨ Token Introspection - Validate token status
- ✨ SMART Configuration -
.well-known/smart-configurationdiscovery
- ServiceRequest - Lab and procedure orders
- Specimen - Laboratory specimens
- MedicationDispense - Pharmacy dispensing
- RelatedPerson - Patient relationships
- Resource updates for US Core 8.0 IG - New profiles and extensions
- Interactive Testing: https://your-openemr-install/swagger/
- Online Demos: https://www.open-emr.org/wiki/index.php/Development_Demo
- Community Forum: https://community.open-emr.org/
- Issue Tracker: https://github.com/openemr/openemr/issues
- SSL/TLS required for all API endpoints
- Never expose client secrets in public apps
- Use PKCE for native applications
- Implement proper token storage
- Validate tokens before use
API integrations must comply with your jurisdiction's applicable healthcare regulations such as HIPAA in the USA. Ensure proper handling of Protected Health Information (PHI) and follow best practices for data security and patient privacy.
For US healthcare providers see ONC EHR Certification Requiremens
This documentation represents the collective knowledge and contributions of the OpenEMR open-source community. The content is based on:
- Original documentation by OpenEMR developers and contributors
- Technical specifications from the OpenEMR codebase
- Community feedback and real-world implementation experience
The organization, structure, and presentation of this documentation was enhanced using Claude AI (Anthropic) to:
- Reorganize content into a more accessible modular structure
- Add comprehensive examples and use cases
- Improve navigation and cross-referencing
- Enhance clarity and consistency across documents
All technical accuracy is maintained from the original community-authored documentation.
OpenEMR is an open-source project. To contribute to this documentation:
- Report Issues: GitHub Issues
- Discuss: Community Forum
- Submit Changes: Pull Requests
Last Updated: November 2025 License: GPL v3
For complete documentation, see Documentation/api/