FHIR Server & FHIR Auth Configuration for Secure API Access

Industry

Healthcare IT

Service

FHIR Server Deployment & Secure API Integration 

Company Size & Location

Medium-sized organization

Our Client’s Vision

Technologies

Firely Server (FHIR-compliant API), Firely Auth (OAuth2/OpenID Connect), Microsoft SQL Server (MSSQL), FHIR-compliant JSON, Postman

Integrations

Secure API Access

Team

3 - (Project Manager, DevOps, QA)

Timeline

1 - Month Engagement Project

Challenge

Modern healthcare applications must handle sensitive clinical and administrative data in a secure and standards-compliant way but achieving this is challenging. Connecting and managing multiple systems while ensuring data accuracy is complex. Misconfigurations in authentication, authorization, or data mapping can lead to unauthorized access, inconsistent records, and potential compliance violations. Additionally, validating API operations and maintaining the integrity of healthcare resources across different platforms is time consuming and prone to errors, making it difficult to deploy reliable and secure applications.

Cabot’s Solution

Cabot implemented a FHIR-compliant server connected to an MSSQL database, with Firely Auth configured for secure access using OAuth2/OpenID Connect. This setup ensured that only authorized applications and users could access sensitive clinical and administrative data.

API operations were tested using Postman to simulate real-world scenarios, validating that read and write requests worked correctly while unauthorized access attempts were blocked. The integration also confirmed that FHIR resources were accurately mapped to the database, maintaining data integrity and schema compatibility.

Through this approach, Cabot demonstrated a secure, standards-compliant framework for healthcare data exchange, enabling reliable access to clinical and operational information while protecting patient privacy.

Integrations

  • Microsoft SQL Server (MSSQL) – For storing and retrieving FHIR resources
  • Firely Auth – For secure authentication and authorization using OAuth2/OpenID Connect
  • Postman – For API testing, token validation, and simulating client requests

Process

Cabot implemented the solution in a phased approach, focusing on security and reliability at each stage.

  • FHIR Server & Database Setup – Installed and configured the FHIR server, then connected it to an MSSQL database to manage healthcare data storage and retrieval.
  • Secure Access Configuration – Integrated Firely Auth with the server to enable OAuth2-based authentication, ensuring only authorized applications and users could access data.
  • Client & User Setup – Registered client applications and created patient and practitioner accounts, with verification completed through activation emails.
  • API Testing – Used Postman to simulate API requests, confirming proper data access, consistent storage, and rejection of unauthorized attempts.

Key Features

  • FHIR-Compliant Data Exchange – Standardized API access to clinical and administrative healthcare resources.
  • Secure Authentication & Authorization – Firely Auth with OAuth2/OpenID Connect to protect sensitive data.
  • Database Integration – MSSQL backend for accurate storage and retrieval of FHIR resources.
  • Client & User Management – Registration and activation workflows for applications, patients, and practitioners.
  • API Testing & Validation – Postman integration to verify secure access, authorized operations, and data consistency.

Challenges Faced and Solutions Provided

Challenge: Ensuring secure and standards-compliant access to healthcare data was complex, as the FHIR server needed to reliably manage sensitive information while preventing unauthorized access and maintaining data integrity.

Solution: Cabot configured Firely Auth for secure authentication, connected the server to the MSSQL database, and tested API operations with Postman. This ensured reliable, compliant, and controlled access to clinical and administrative data.

Impact

Secure and Reliable Data Access
Connecting Firely Server with MSSQL and Firely Auth ensured that only authorized applications and users could safely access healthcare data.

Seamless Data Operations
API tests confirmed that data could be stored, retrieved, and used correctly across the system.

Smooth Client and User Management
Client applications and user accounts for patients and practitioners were successfully registered and activated, making it easy to access healthcare resources.

Better Prepared for Future Projects
The team learned how to handle integration challenges, use documentation effectively, and troubleshoot issues quickly, improving readiness for future healthcare applications.

Conclusion

By connecting Firely Server to MSSQL and integrating Firely Auth for secure access, Cabot ensured reliable, standards-compliant management of healthcare data. Client applications and user accounts for patients and practitioners were successfully registered and activated, and Postman testing confirmed secure and accurate API operations.

The project demonstrated Cabot’s ability to implement secure and interoperable healthcare systems efficiently while maintaining data integrity. Moving forward, implementing the full SMART on FHIR OAuth2 flow, integrating frontend applications, and documenting the setup will further enhance usability and scalability, creating a robust foundation for production-ready healthcare solutions.

Contact Cabot today for a consultation!

Want to enhance patient outcomes with a customizedhealthcare solution?

¡Hablemos!