Sample Postman Environments and Collections
Overview
A client application can access the Azure API for FHIR through a REST API. To send requests, view responses, and debug your application as it is being built, use an API testing tool of your choice. This repo provides examples and samples necessary for accessing the Azure FHIR server using Postman.
A Tutorial with Postman is available on docs.microsoft.com
These environments and collections are designed to work with and have been tested with Postman v8 (online and desktop client).
Prerequisites
A FHIR endpoint in Azure. To deploy the Azure API for FHIR (a managed service), you can use the Azure portal, PowerShell, or Azure CLI.
A registered client application to access the FHIR service.
NOTES
- Recommendation is to use either a Service Client or Confidential Client application
- Ensure your client application has a registered reply URL of https://www.getpostman.com/oauth2/callback
You have granted permissions to the client application and your user account, for example, "FHIR Data Contributor", to access the FHIR service. For more information, see Configure Azure RBAC for FHIR.
Auth - AAD and Tokens
The FHIR service is secured by Azure AD. The default authentication can't be disabled. To access the FHIR service, you must get an Azure AD access token first. For more information, see Microsoft identity platform access tokens.
The POST request AuthorizeGetToken has the following:
URL: https://login.microsoftonline.com/{{tenantid}}/oauth2/token
Body tab set to x-www-form-urlencoded and key value pairs:
- grant_type: Client_Credentials
- client_id: {{clientid}}
- client_secret: {{clientsecret}}
- resource: {{fhirurl}}
Test to set the bearerToken variable
var jsonData = JSON.parse(responseBody);
postman.setEnvironmentVariable("bearerToken", jsonData.access_token);On clicking Send you should see a response with the Azure AD access token, which is saved to the variable accessToken automatically. You can then use it in all FHIR service API requests.
See FHIR-CALLS for additional information avaliable in this Postman collection.
API for FHIR access
To access the FHIR service, we'll need to create or update the following variables.
- fhirurl – The FHIR service full URL. For example, https://xxx.azurehealthcareapis.com. It's located from the FHIR service overview menu option.
- bearerToken – The variable to store the Azure Active Directory (Azure AD) access token in the script. Leave it blank.
- FHIR server URL, for example, https://MYACCOUNT.azurehealthcareapis.com
- Identity provider Authority for your FHIR server, for example, https://login.microsoftonline.com/{TENANT-ID}
- Audience that is usually the URL of the FHIR server, for example, https://.azurehealthcareapis.com or https://azurehealthcareapis.com.
- client_id or application ID of the confidential client application used for accessing the FHIR service.
- client_secret or application secret of the confidential client application.
| Postman Env variable | Azure Setting | Variable Type |
|---|---|---|
| tenantId | Azure AD Tenant ID | GUID |
| clientId | Azure AD Client ID | GUID |
| clientSecret | Azure AD Client Secret | Secret |
| bearerToken | Auto-Populated | Token |
| fhirurl | FHIR Endpoint | URL |
| resource | FHIR Endpoint | URL |
API for FHIR access via Microsoft FHIR-Proxy
Creating Postman collections for Microsoft's FHIR-Proxy and its various components can be daunting when starting from nothing. The fhir-proxy directory in this repo contains a sample Postman Environment to help users get started.
the
NOTE All FHIR-Proxy Postman congiruations can be found in the Keyvault installed during setup
| Postman Env variable | Azure Setting | Variable Type |
|---|---|---|
| tenantId | Azure AD Tenant ID | GUID |
| clientId | Azure AD Client ID | GUID |
| clientSecret | Azure AD Client Secret | Secret |
| bearerToken | Auto-Populated | Token |
| fhirurl | FHIR Endpoint | URL |
| resource | FHIR Endpoint | URL |
Testing Setup
Testing the setup begins simply by adding values to the Environment variables.
-
Download the sampes environments in either API-FHIR or FHIR-Proxy
-
Open Postman (web or client), Import the Environment (ie api-for-fhir-postman_environment.json) and the Collections (FHIR-CALLS.postman_collection.json)
-
Go to Environments, select the Environment (api-fhir or fhir-proxy) and enter in the variable information (skip the bearer token) from your Client Application and the FHIR Service
The completed Environment should look something like this
Environment variables 
Remember to set your "active" environment before going to the next step 
- Go to Collections, select the FHIR Calls collection to open it then select List Metadata, it should look like this example
FHIR Calls 
- Click Send (see above) to test the FHIR URL setup and the basic functions of your FHIR Service. This command does not use Auth (by design) and it returns your FHIR Service Capability Statement.
FHIR Calls 
- Next Select AuthorizeGetToken. Note there are values in the call tabs, Authorization, Headers, Body and Tests. In short this call will call the Azure AD Tenant with your ClientID, ClientSecret and Resource in the Body to obtain a Token. On receipt of that Token, it is parsed into the bearerToken value. The result should look like this
FHIR Calls 
The rest of the Calls use the Token from the step above to Authenticate requests to the FHIR Service.
Resources
Access the FHIR service using Postman tutorial
FAQ's / Issues
403 - Unauthorized: Check the Azure RBAC for FHIR service link