Audit Events Implementation Guide
0.1.0 - draft
Audit Events Implementation Guide
0.1.0 - draft
Audit Events Implementation Guide - Local Development build (v0.1.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions
The AuditEvents API is secured using the oAuth2.0 client_credentials grant type with SMART on FHIR system to system scopes for the AuditEvent resource.
A valid oAuth2.0 access_token MUST be provided in the HTTP Authorization header as a Bearer token. This must be signed by the expected token issuer. This token can be obtained by providing valid client_credentials in a request to the token issuer’s /token endpoint.
Example:
curl --location '{token endpoint}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=id' \
--data-urlencode 'client_secret=secret' \
--data-urlencode 'scope=system/AuditEvent.rs'
The scope claim within the provided access_token MUST contain:
system/AuditEvent.c - to permit the create operation on an AuditEvent resourcesystem/AuditEvent.rs - to permit both read and search-type operation on the AuditEvent resource