HelseID Authorization
In order to be authorized to use the Pasientens Rekvisisjoner API, the client must first be authenticated using HelseID. For more information on how to register a client for HelseID, see Selvbetjening.
A DPoP token from HelseID is required for authorization of organization and health care personnel. Documentation on DPoP tokens can be found here.
Claims
| Name | Value/Description | Type |
|---|---|---|
Audience |
nhn:parek |
|
Scope |
nhn:parek/rekvisisjon |
|
orgnr_parent |
Organisation number of the main unit. | Client claim |
orgnr_child |
Organisation number of requesting unit under the main unit. | Client claim |
client_name |
Name of the connecting client. | Client claim |
pid |
National identity number (birth number) of the requester. | User claim |
hpr_number |
Health personnel number according to NHN’s coding standard. | User claim |
security_level |
Security level of the given user (level 4 is required for this service). |
User claim |
For more information about HelseID claims can be found here
Headers
| Name | Value/Description | Required |
|---|---|---|
Authorization |
DPoP <helseid-dpop-token> |
Yes |
DPoP |
HelseID DPoP proof. | Yes |
nhn-event-id |
Correlation ID. | Yes |
nhn-source-system |
Source of the request, for diagnostic purposes. | No |