1.0.0 - release
CambioOpenServicesIG - Local Development build (v1.0.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions
The information owner of the system is responsible to ensure that the consumption of information produced are only disclosed to consumers approved by the information owner. Compliance to local regulations must be evaluated when developing applications using the Cambio Open Services (COS) APIs.
The communication between client and COS service is encrypted with the protocol TLS v1.2.
COS supports OAuth 2.0 client credentials flow, which means each and every COS client/integration will receive a client_id and a secret which can be used to obtain an access-token and that access-token can be used to invoke COS APIs. COS validates the access token against the issuer, thereby completing the authentication of the client. It will return 401/HTTP response code when the authentication fails.
Each integration needs to be configured in the COS identity provider with relevant access scopes based on the APIs to be accessed. COS supports SMART on FHIR(V1.1.0) notation when defining access scopes and will return 403 HTTP response code if the authorization fails.