Ever wondered what an API is? Or OAuth2? Or SMART? We got you covered.

What’s an API?

An API is an Advanced Programming Interface ... which tells you next to nothing about what it does

Basically APIs make an app able to talk to something other than themselves (like a database) in a standard, agreed upon way.

Pew has a great post about APIs being like wait staff, you should check it out.


OAuth2 is a way for App Developers to allow patients to access their medical records without having the developers touch their username/password.

Have you ever signed into something not-Google with your Google account and had a screen popup from Google asking for your password? That was OAuth2 at work.

What's the big deal with OAuth2? Well, it modern software development in Health IT, which is usually anything but modern.

FHIR or Fire?

FHIR is a standard for exchanging healthcare information electronically. Thought we already had that with HL7 version 2? Yes and no. FHIR is an open specification, ie anyone can view it and use it for free.

Adding more confusion to it, FHIR is put out by HL7.

What’s a Resource?

Good eye! FHIR stand for "Fast Healthcare Interoperability Resources," but what is a Resource?

Per HL7 "All exchangeable content is defined as a resource."

Not Martin Heidegger?

It's more helpful to think of resources as what they provide. Common Resources include the "Observation" resource that contains observations like heart rate, temperature, lab results, and the like.

For an ok list of common resources check out open.epic.com.

JWT me? JWT you!

JWT stands for "JSON Web Tokens." According to jwt.io they are "an open, industry standard RFC 7519 method for representing claims securely between two parties."

If you take the "authorization token" from OAuth2 calls and "decode" it, you can find out all kinds of cool stuff about which encounter the token is referring to, who the user is, and such. See this screenshot from jwt.io.

from jwt.io