Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Guide on using FHIR Genomics' reference server.

How to setup the reference API server.

  • First, clone the server with
$ git clone
  • Load sample data into the server and run it.
$ cd fhir_genomics
$ cp
$ python reload
$ python

The server will be running at localhost at port 5000. The reload option clears the database and loads sample data. So do not use reload if you have something that you want to keep in the database.

  • Go to http://localhost:5000 in your browser, register an account. Once register, you will have an App id and an App secret (They correspond to client_id and client_secret in OAuth2) on your app dashboard, where you can setup your app's redirect uri and name.

How to get access to the API using OAuth2

  • redirect your user to the authorization page with following parameters (in this example, you are asking for permission to read all of the user's Patient and Sequence resources),
  client_id: [your client id]
  response_type: "code"
  scope: "user/ user/" // space-delimited list of scope
  redirect_uri: [redirect uri you put on your app dashboard]
  state: [optional, i.e. you whatever you want here]

In the case of using the local API server, the url of the authorization page is http://localhost:5000/auth/authorize.

  • If everything goes well, the user will be redirected to your redirect uri with following parameters:
  code: [authorization code you will be using to exchange for access token]
  state: [this will be the `state` you put in last step]
  • Now you can exchange your code with a access token, which you can use to access the API.
  • Simply make a POST request to the server, with following data,
  grant_type: "authorization_code",
  client_id: [client id],
  client_secret: [client secret],
  redirect_uri: [redirect uri],
  code: [code you obatined in last step]

In the case of using the local API server, the url is http://localhost:5000/auth/token

  • You will then get this JSON as a response:
  'access_token': [access token],
  'expires_in': 3600,
  'token_type': 'bearer'
  • Now that you have access token, you can make an authorized request to the API by using this header in your HTTP request.
Authorization: Bearer [your accesstoken]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment