Authorization
In order to be authorized to use the service in production the client must first be authenticated using HelseID
The service in the DEV environment is without authentication. See environments for an overview
HelseID
A DPoP token from HelseID is required for authorization of organization and health care personell. Bearer tokens will not be allowed.
Note that the EPJ system must provide the org. nr. of the actual work place (point of care) of the health care personell when requesting the access token. This will make sure that the request is connected to the correct organization.
Claims - required in access token to the API
The client must do a token refresh/exchange with HelseID to set correct audience and scope for this service.
| Claim | Description |
|---|---|
| scope | nhn:papla/api |
| aud | nhn:papla |
| helseid://claims/client/claims/orgnr_parent | Org. nr. at the top level (legal entity). Required for all. |
| helseid://claims/client/claims/orgnr_child | Org. nr. at the lower level (point of care). For some organizations the same as orgnr_parent. Required for all. |
Claims documentation for HelseID can be found here.
Documentation on how to set organization nrs. as claims for a multi-tenant client can be found here.
Documentation to set single audience can be found here
Headers
| Name | Description | Required |
|---|---|---|
| Authorization: DPoP |
HelseID DPoP access token. | Yes |
| DPoP | DPoP proof. | Yes |