Find an API

Search public APIs with auth details & Postman guides

← All APIs

Epic FHIR API

epic.com · Company

Company OAuth2 Free Tier Healthcare Life Sciences Healthcare FHIR EHR

FHIR R4 API for Epic — the most widely deployed EHR system in the US, used by 38% of hospitals. Access patient demographics, clinical data, appointments, medications, and lab results. Sandbox available for development. Production requires Epic App Orchard approval.

Authentication

OAuth2 OAuth2 with SMART on FHIR. Sandbox uses a public client. Production requires registering in Epic App Orchard and customer site go-live.

Sample Requests

GET Get patient demographics

Returns FHIR Patient resource with demographics. In sandbox, use patient ID from Epic test data.

https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient/{patientId}

Hover any highlighted part to learn what it does

Headers — extra info sent with the request
Authorization Bearer YOUR_ACCESS_TOKEN
curl -X GET "https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient/{patientId}" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
import requests
headers = {
    "Authorization": "Bearer YOUR_ACCESS_TOKEN"
}
response = requests.get(
    "https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient/{patientId}",
    headers=headers,
)
print(response.json())
const url = 'https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient/{patientId}';

const response = await fetch(url, {
  headers: {
    'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
  },
}); 
const data = await response.json();
console.log(data);
package main

import (
	"fmt"
	"io"
	"net/http"
)

func main() {
	targetURL := "https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient/{patientId}"
	req, _ := http.NewRequest("GET", targetURL, nil)
	req.Header.Set("Authorization", "Bearer YOUR_ACCESS_TOKEN")

	client := &http.Client{}
	resp, _ := client.Do(req)
	defer resp.Body.Close()
	body, _ := io.ReadAll(resp.Body)
	fmt.Println(string(body))
}
require "net/http"
require "json"

uri = URI("https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient/{patientId}")

http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = uri.scheme == "https"

req = Net::HTTP::Get.new(uri)
req["Authorization"] = "Bearer YOUR_ACCESS_TOKEN"

res = http.request(req)
puts JSON.parse(res.body)
<?php
$url = "https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient/{patientId}";
$opts = ["http" => [
    "method" => "GET",
    "header" => implode("\r\n", [
        "Authorization: Bearer YOUR_ACCESS_TOKEN"
    ]),
]];
$ctx = stream_context_create($opts);
$res = file_get_contents($url, false, $ctx);
print_r(json_decode($res, true));
GET Get medications for a patient

Returns active medication requests for a patient.

https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/MedicationRequest?status=active&patient={patientId}

Hover any highlighted part to learn what it does

Headers — extra info sent with the request
Authorization Bearer YOUR_ACCESS_TOKEN
curl -X GET "https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/MedicationRequest?status=active&patient=%7BpatientId%7D" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
import requests
params = {
    "status": "active",
    "patient": "{patientId}"
}
headers = {
    "Authorization": "Bearer YOUR_ACCESS_TOKEN"
}
response = requests.get(
    "https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/MedicationRequest",
    params=params,
    headers=headers,
)
print(response.json())
const url = new URL('https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/MedicationRequest');
url.searchParams.set('status', 'active');
url.searchParams.set('patient', '{patientId}');

const response = await fetch(url, {
  headers: {
    'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
  },
}); 
const data = await response.json();
console.log(data);
package main

import (
	"fmt"
	"io"
	"net/http"
	"net/url"
)

func main() {
	baseURL, _ := url.Parse("https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/MedicationRequest")
	q := baseURL.Query()
	q.Set("status", "active")
	q.Set("patient", "{patientId}")
	baseURL.RawQuery = q.Encode()
	targetURL := baseURL.String()
	req, _ := http.NewRequest("GET", targetURL, nil)
	req.Header.Set("Authorization", "Bearer YOUR_ACCESS_TOKEN")

	client := &http.Client{}
	resp, _ := client.Do(req)
	defer resp.Body.Close()
	body, _ := io.ReadAll(resp.Body)
	fmt.Println(string(body))
}
require "net/http"
require "json"

uri = URI("https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/MedicationRequest")
uri.query = URI.encode_www_form({
  "status" => "active",
  "patient" => "{patientId}"
})

http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = uri.scheme == "https"

req = Net::HTTP::Get.new(uri)
req["Authorization"] = "Bearer YOUR_ACCESS_TOKEN"

res = http.request(req)
puts JSON.parse(res.body)
<?php
$url = "https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/MedicationRequest?" . http_build_query([
    "status" => "active",
    "patient" => "{patientId}"
]);
$opts = ["http" => [
    "method" => "GET",
    "header" => implode("\r\n", [
        "Authorization: Bearer YOUR_ACCESS_TOKEN"
    ]),
]];
$ctx = stream_context_create($opts);
$res = file_get_contents($url, false, $ctx);
print_r(json_decode($res, true));

Postman Setup Guide

Get Postman ↗
  1. Register a sandbox app at https://fhir.epic.com — free, instant access
  2. Use the Epic sandbox SMART on FHIR launch to get a test access token
  3. Sandbox base URL: https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4
  4. Test patient IDs are available in the Epic sandbox documentation
  5. For production: submit app to Epic App Orchard at https://apporchard.epic.com
  6. Supported FHIR resources: Patient, Encounter, Condition, MedicationRequest, Observation, etc.
  7. Each Epic customer site has its own FHIR base URL in production

What can you build with Epic FHIR API?

Epic FHIR API is a Company API. Developers commonly use company APIs for:

  • enriching CRM records with company firmographics
  • building lead-generation and prospecting tools
  • verifying business identity and registration details
  • monitoring competitors and market intelligence
  • powering B2B data enrichment pipelines

OAuth 2.0. OAuth lets your app act on behalf of a user. You redirect them to authorise access, receive a token, then use that token in requests. Best for accessing user-owned data. Epic FHIR API is free to use up to a usage limit, making it a low-risk choice to experiment with.

New to APIs? Read our beginner's guide · Learn about API keys · What is REST?

Open documentation ↗