Examples of requests to the Pasientens måledata (PMD) API (TEST environment)

This page shows examples of API calls to Pasientens måledata (PMD). Please note that PMD is under development and the examples may not be up-to-date.

NOTE: This is a selection of example queries to support developers in the startup phase.

See PMD's FHIR profile (VitalSigns Observation) on Simplifier.net.

Last updated 2025-09-04

Overview

Base URLs

PMD exposes two URLs for testing so that it is possible to start working with the API without a HelseID DPoP client.

NOTE: This possibility will be removed in the future

The production API requires HelseID with DPoP, so it's recommended to start work on that as soon as possible. See: https://utviklerportal.nhn.no/informasjonstjenester/helseid

  • Endpoint for bypassing HelseID authentication: https://pmd.test.nhn.no/bypass_security/
  • Regular, secure endpoint: https://pmd.test.nhn.no/

Headers for the bypass_security endpoints

NOTE: Headers do not apply to /metadata.

  • x-pmd-patient with the patient's fnr
  • x-pmd-requester with the requester's fnr/hpr
  • x-pmd-requestertype with the requester's type
  • x-pmd-organisation with the organization id from which the requester operates
  • x-pmd-reason with consent code - default 0
  • x-pmd-correlation-id with correlation id for the request

Headers for the regular endpoints

  • person-id with the patient's fnr
  • correlation-id with correlation id for the request

Request body

When not empty, the request body should be x-www-form-urlencoded and declared as such using the Content-Type header.

Metadata

GET BaseURL/metadata

  • body empty

POST baseUrl/resourceType/\_search

Note: A "resource" is a generic term for searching resources in FHIR. The only relevant "resource" in this API is Observation, which is reflected in the actual examples.

Examples

  1. All resources of a type

  2. All resources of a type in a date range

  3. Resources filtered on code values

A. Get all resources of a type

A.1. Format

POST baseUrl/resourceType/_search

  • body empty

A.1.1. Get all Observations for patient (bypassing authentication)

POST https://pmd.test.nhn.no/bypass_security/Observation/_search

  • header x-pmd-patient: 28727510259
  • header x-pmd-requester: 41281
  • body empty
curl -X POST "https://pmd.test.nhn.no/bypass_security/Observation/_search" \
    -H "x-pmd-patient: 28727510259" -H "x-pmd-requester: 41281"

A.1.2. Get all Observations for patient

POST https://pmd.test.nhn.no/Observation/_search

  • header Person-Id: 28727510259
  • header Authorization: DPoP Auth token
  • header DPoP: DPoP token
  • body empty

B. All resources of a type in a date range

B.1. Format

POST baseUrl/resourceType/_search

  • body
    • date=ge[From]
    • date=le[To]

The search criteria can be specified with comparators such as lt, le, eq etc., and the date format is yyyy-mm-dd, e.g. ge2023-01-01.

The examples uses two dates, giving e double-sided range. Single dates or single sided ranges can be used.

B.1.1. Get all Observations for patient in a time span (bypassing authentication)

POST https://pmd.test.nhn.no/bypass_security/Observation/_search

  • header x-pmd-patient: 28727510259
  • header x-pmd-requester: 4128168
  • header Content-Type: application/x-www-form-urlencoded
  • body
    • date=ge2022-06-01
    • date=le2025-09-28
curl -X POST "https://pmd.test.nhn.no/bypass_security/Observation/_search" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -H "x-pmd-patient: 28727510259" -H "x-pmd-requester: 4128168" \
    --data-urlencode "date=ge2022-06-01" \
    --data-urlencode "date=le2025-09-28"

B.1.2. Get all Observations for patient in a time span

POST https://pmd.test.nhn.no/Observation/_search

  • header Person-Id: 28727510259
  • header Authorization: DPoP Auth token
  • header DPoP: DPoP token
  • header Content-Type: application/x-www-form-urlencoded
  • body
    • date=ge2022-06-01
    • date=le2025-09-28

C. Resources filtered on code value

C.1. Format

POST baseUrl/resourceType/_search

  • body
    • code=string

C.1.1. Get all Observations of type heart rate (bypassing authentication)

POST https://pmd.test.nhn.no/bypass_security/Observation/_search

  • header x-pmd-patient: 28727510259
  • header x-pmd-requester: 4128168
  • header Content-Type: application/x-www-form-urlencoded
  • body
    • code=8867-4
curl -X POST "https://pmd.test.nhn.no/bypass_security/Observation/_search" \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -H "x-pmd-patient: 28727510259" -H "x-pmd-requester: 4128168" \
    --data-urlencode "code=8867-4"

C.1.2. Eksempel Endepunkt 2 - Specific Observation for Gry Telokk via proxy

POST https://pmd.test.nhn.no/Observation/_search

  • header Person-Id: 28727510259
  • header Authorization: DPoP Auth token
  • header DPoP: DPoP token
  • header Content-Type: application/x-www-form-urlencoded
  • body
    • code=8867-4