App Registration

Register a SMART on FHIR application to obtain client credentials for authorization and API access.

Application Type

Confidential clients must be able to securely safeguard a secret. If your application cannot keep a secret (such as an application that runs in a web browser) you should use the public application type.

Application Context

Choose how this application will access patient data. This filters the scopes available below.

system, user, and offline_access scopes require confidential app permissions.

Confidential apps are applications that are able to safely and securely store a secret. Browser based and many mobile applications do not satisfy this security constraint

App Details

Provide the application identity and callback URIs used during the OAuth flow.

Scopes Requested

Select the SMART scopes your application needs. Unavailable scopes are hidden based on type and context.

System Scope Credentials

The following items are required for System Scopes.

A hosted JWKS URI is preferred.
Inline JWKS may be removed in future SMART versions; prefer a hosted URI.