Requirements for Client Registration

To register a client application for use with EMR Direct Interoperability Engine FHIR endpoints, see section 2.c of the Open API documentation which references RFC 7591 for Dynamic Client Registration, found at HealthToGo App Studio.

Whether registering via Dynamic Client Registration, UDAP Dynamic Client Registration, or through manual registration on our website, the following data elements listed in RFC 7591 are required, at a minimum, to obtain a client certificate for use with UDAP workflows or a client ID and client secret from EMR Direct:

redirect_uris: one or more URI strings*
client_uri: web page providing information about the client application and the organization operating it
logo_uri: URI for an image corresponding to the client application*
contacts: a valid email address containing a top level domain that matches one of the domains in the redirect_uris or client_uri
tos_uri: URI that points to the app's terms of service
policy_uri: Valid URL that points to the app's privacy policy
client_name: name of the client application

If verified app status on the App Studio site is requested, note that the data elements listed above must be consistent with the verified domain of the developer's email address.

*Please also note the following:

- The logo_uri, redirect_uris, and client_uri must point to actively-hosted public URLs (without redirecting to different URLs).
- The redirect_uri and logo_uri must be hosted securely (i.e. served over an HTTPS connection).
- The Dynamic Client Registration workflow supported by EMR Direct Interoperability Engine does not accept custom URL schemes (eg. x-argonaut-app). For applications that use custom/private-use URI schemes, loopback interface redirection, client credentials grant, or if the client does not support Dynamic Client Registration, register the client application manually instead at the EMR Direct website.
- To register for client credentials grant, contact the healthcare organization directly; this registration type is independently controlled by the healthcare organization.
- For scalable registration, choose the EMR Direct Developer Registration option that for a FHIR client, follow the instructions to obtain a UDAP certificate, implement UDAP Dynamic Client Registration and UDAP JWT-Based Client Authentication, and reach out to the healthcare organization or their Health IT vendor directly with any questions about authorization.

Did this article answer your question? If not, please contact us.