Epic FHIR API
epic.com · Company
FHIR R4 API for Epic — the most widely deployed EHR system in the US, used by 38% of hospitals. Access patient demographics, clinical data, appointments, medications, and lab results. Sandbox available for development. Production requires Epic App Orchard approval.
Authentication
Sample Requests
Returns FHIR Patient resource with demographics. In sandbox, use patient ID from Epic test data.
Hover any highlighted part to learn what it does
| Authorization | Bearer YOUR_ACCESS_TOKEN |
curl -X GET "https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient/{patientId}" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"import requests
headers = {
"Authorization": "Bearer YOUR_ACCESS_TOKEN"
}
response = requests.get(
"https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient/{patientId}",
headers=headers,
)
print(response.json())const url = 'https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient/{patientId}';
const response = await fetch(url, {
headers: {
'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
},
});
const data = await response.json();
console.log(data);package main
import (
"fmt"
"io"
"net/http"
)
func main() {
targetURL := "https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient/{patientId}"
req, _ := http.NewRequest("GET", targetURL, nil)
req.Header.Set("Authorization", "Bearer YOUR_ACCESS_TOKEN")
client := &http.Client{}
resp, _ := client.Do(req)
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body))
}require "net/http"
require "json"
uri = URI("https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient/{patientId}")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = uri.scheme == "https"
req = Net::HTTP::Get.new(uri)
req["Authorization"] = "Bearer YOUR_ACCESS_TOKEN"
res = http.request(req)
puts JSON.parse(res.body)<?php
$url = "https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/Patient/{patientId}";
$opts = ["http" => [
"method" => "GET",
"header" => implode("\r\n", [
"Authorization: Bearer YOUR_ACCESS_TOKEN"
]),
]];
$ctx = stream_context_create($opts);
$res = file_get_contents($url, false, $ctx);
print_r(json_decode($res, true));Returns active medication requests for a patient.
Hover any highlighted part to learn what it does
| Authorization | Bearer YOUR_ACCESS_TOKEN |
curl -X GET "https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/MedicationRequest?status=active&patient=%7BpatientId%7D" \ -H "Authorization: Bearer YOUR_ACCESS_TOKEN"
import requests
params = {
"status": "active",
"patient": "{patientId}"
}
headers = {
"Authorization": "Bearer YOUR_ACCESS_TOKEN"
}
response = requests.get(
"https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/MedicationRequest",
params=params,
headers=headers,
)
print(response.json())const url = new URL('https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/MedicationRequest');
url.searchParams.set('status', 'active');
url.searchParams.set('patient', '{patientId}');
const response = await fetch(url, {
headers: {
'Authorization': 'Bearer YOUR_ACCESS_TOKEN'
},
});
const data = await response.json();
console.log(data);package main
import (
"fmt"
"io"
"net/http"
"net/url"
)
func main() {
baseURL, _ := url.Parse("https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/MedicationRequest")
q := baseURL.Query()
q.Set("status", "active")
q.Set("patient", "{patientId}")
baseURL.RawQuery = q.Encode()
targetURL := baseURL.String()
req, _ := http.NewRequest("GET", targetURL, nil)
req.Header.Set("Authorization", "Bearer YOUR_ACCESS_TOKEN")
client := &http.Client{}
resp, _ := client.Do(req)
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body))
}require "net/http"
require "json"
uri = URI("https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/MedicationRequest")
uri.query = URI.encode_www_form({
"status" => "active",
"patient" => "{patientId}"
})
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = uri.scheme == "https"
req = Net::HTTP::Get.new(uri)
req["Authorization"] = "Bearer YOUR_ACCESS_TOKEN"
res = http.request(req)
puts JSON.parse(res.body)<?php
$url = "https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4/MedicationRequest?" . http_build_query([
"status" => "active",
"patient" => "{patientId}"
]);
$opts = ["http" => [
"method" => "GET",
"header" => implode("\r\n", [
"Authorization: Bearer YOUR_ACCESS_TOKEN"
]),
]];
$ctx = stream_context_create($opts);
$res = file_get_contents($url, false, $ctx);
print_r(json_decode($res, true));Postman Setup Guide
- Register a sandbox app at https://fhir.epic.com — free, instant access
- Use the Epic sandbox SMART on FHIR launch to get a test access token
- Sandbox base URL: https://fhir.epic.com/interconnect-fhir-oauth/api/FHIR/R4
- Test patient IDs are available in the Epic sandbox documentation
- For production: submit app to Epic App Orchard at https://apporchard.epic.com
- Supported FHIR resources: Patient, Encounter, Condition, MedicationRequest, Observation, etc.
- Each Epic customer site has its own FHIR base URL in production
What can you build with Epic FHIR API?
Epic FHIR API is a Company API. Developers commonly use company APIs for:
- enriching CRM records with company firmographics
- building lead-generation and prospecting tools
- verifying business identity and registration details
- monitoring competitors and market intelligence
- powering B2B data enrichment pipelines
OAuth 2.0. OAuth lets your app act on behalf of a user. You redirect them to authorise access, receive a token, then use that token in requests. Best for accessing user-owned data. Epic FHIR API is free to use up to a usage limit, making it a low-risk choice to experiment with.
New to APIs? Read our beginner's guide · Learn about API keys · What is REST?