Products
Solutions
Services
Docs & Resources
Company
Pricing
Sign up for free
Subscribe
Articles
/
FHIR

Patient data access API

Rostislav Antonov
April 11, 2025
4 min

Patient data API

We often need to access data for a specific patient while ensuring that access is limited to them. This can be done by adding a patient reference search parameter to each request, but Aidbox FHIR server takes another approach: it uses SMART on FHIR scopes and patient context in the authorization token to restrict access to resources associated with the patient.

Patient access api

To restrict access to a specific patient's data in Aidbox, the request must meet the following conditions:

  • Authorization token must be valid JWT;
  • This token must contain only patient-level scopes in “scope” claim;
  • JWT token must contain patient ID in “context.patient” claim.

With this approach, you can be confident that you will not be able to retrieve data using the FHIR API for patients other than those specified in the context. An example of JWT token claims:

{
...
  "atv": 2,
  "scope": "launch/patient openid fhirUser offline_access patient/*.cruds",
  "context": {
    "patient": "patient-id"
  }
...
}
How did you like the article?
Ivan Bagrov
April 18, 2025
Ivan Bagrov
April 17, 2025
Ivan Bagrov
April 10, 2025
Be the first to know!
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Run Aidbox locally 
in 90 seconds

Follow these steps to launch Aidbox locally using Docker

1. Create a directory

mkdir aidbox && cd aidbox

Copy
2. Run Aidbox on Docker

curl -JO https://aidbox.app/runme && docker compose up

Copy

3. Access Aidbox

Open in browser http://localhost:8080/

4. Activate your Aidbox instance

Using AidboxID or Aidbox license

Congrats! You are set up to explore Aidbox features

If you still have questions about set up process  read the documentation

contact us

Get in touch with us today!

By submitting the form you agree to Privacy Policy and Cookie Policy.
Thank you!
We’ll be in touch soon.

In the meantime, you can:
Read our Case Studies and see some of the work we’ve done for our clients. 

Learn how Aidbox can help you handle all your healthcare data the right way. 

Visit our Blog for the latest FHIR and digital health stories and resources.
Oops! Something went wrong while submitting the form.

Never miss a thing
Subscribe for more content!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
By clicking “Subscribe” you agree to Health Samurai Privacy Policy and consent to Health Samurai using your contact data for newsletter purposes
Health SamuraiAbout UsCareersNewsBlogContact Us
FHIR ServerFhirbaseFor DevelopersFor Health PlansCase StudiesOpen SourceMeetups
Privacy PolicyCookie Policy
1891 N Gaffey St Ste O,
San Pedro, CA 90731
+1 (818) 731-1279
hello@health-samurai.io
Health Samurai Company Logo

By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

PreferencesDenyAccept All

By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

PreferencesDenyAccept All