Introduction to the FHIR API
What is the FHIR API?
FHIR (Fast Healthcare Interoperability Resources) is more than just a data standard. It defines how healthcare information is structured and also how that information is exchanged through a standardized RESTful API.
This makes FHIR both:
- A data model that defines consistent formats for healthcare data such as patients, encounters, and observations.
- An API specification that defines how those data structures are accessed and managed through the web.
Together, these allow different healthcare systems such as EHRs, labs, and billing platforms to communicate securely, predictably, and in real time.
By understanding how the FHIR API works, you gain insight into the foundation of modern healthcare interoperability.
API Fundamentals
An API (Application Programming Interface) defines how two systems communicate. It provides a set of rules for sending requests, receiving responses, and authenticating users or applications.
In healthcare, APIs allow one system to request data from another. For example, when a clinician's app retrieves lab results from a hospital's EHR, it does so through an API request.
Every API request follows a similar structure:
| Concept |
Description |
Example |
| Endpoint |
The URL where a request is sent |
/Patient/123 |
| Request |
The action being performed (for example, read or update) |
GET /Patient/123 |
| Payload |
The data being sent or received |
JSON or XML body |
| Authentication |
How access is verified |
OAuth2 token or API key |
APIs make it possible for systems to communicate in predictable, standardized ways, even if they are built on completely different technologies.
Understanding REST and CRUD Operations
Most modern APIs, including FHIR, use a design style called REST (Representational State Transfer). REST provides a simple, web based approach for managing and exchanging data between systems.
Key REST Principles
- Stateless: Each request includes all the information needed to process it. The server does not retain session data between requests.
- Resource based: Data is represented as individual resources (for example, Patient or Observation), each identified by a unique URL.
- Uniform methods: Standard HTTP operations GET, POST, PUT, and DELETE define how resources are created, retrieved, updated, or removed.
These operations are known as CRUD actions: Create, Read, Update, and Delete.
| Operation |
HTTP Method |
Description |
| Create |
POST |
Add a new resource |
| Read |
GET |
Retrieve an existing resource |
| Update |
PUT or PATCH |
Modify an existing resource |
| Delete |
DELETE |
Remove a resource |
Example:
GET https://example.fhirserver.com/Patient/12345
This request retrieves the patient record with the ID 12345. If successful, the server responds with the patient data in a structured format.
How the FHIR API Builds on REST
FHIR applies REST principles directly to healthcare data. Each healthcare entity, such as a patient, observation, or encounter, is represented as a FHIR resource with a unique URL and a standardized structure. These resources are created, retrieved, updated, or deleted using the same HTTP methods defined by REST. Requests and responses are typically formatted in JSON or XML.
Example request:
GET https://example.fhirserver.com/Patient/12345
Example response:
{
"resourceType": "Patient",
"id": "12345",
"name": [
{
"use": "official",
"family": "Brown",
"given": ["Sarah"]
}
],
"gender": "female",
"birthDate": "1990-03-15"
}
By applying REST's simplicity to a standardized healthcare data model, FHIR provides a predictable, interoperable way for systems to exchange information using familiar web technologies.
Common FHIR Resources
FHIR organizes healthcare information into standardized resources, each representing a specific concept. Common examples include:
- Patient - Demographics and identifiers
- Observation - Measurements and test results
- Encounter - Clinical visits or events
- MedicationRequest - Prescriptions or medication orders
These resources are the building blocks for FHIR based integrations and are explored in more detail here.
HTTP Status Codes and Headers
When one system sends an API request to another, the response includes status codes and headers that describe what happened.
| Code |
Meaning |
| 200 |
OK - Request succeeded |
| 201 |
Created - Resource added |
| 400 |
Bad Request - Invalid input |
| 401 |
Unauthorized - Authentication required |
| 404 |
Not Found - Resource missing |
| 500 |
Server Error - Problem on the server |
Common headers
Content-Type - Indicates data format, for example application/fhir+jsonAuthorization - Includes credentials or access tokensETag - Identifies a specific version of a resourceLast-Modified - Timestamp of last update
Example response:
HTTP/1.1 200 OK
Content-Type: application/fhir+json
ETag: W/"1"
Summary
FHIR combines a standardized data model with RESTful API design to define both the structure of healthcare data and how it moves securely between systems. By following consistent methods for requests, responses, and authentication, FHIR enables reliable and scalable healthcare interoperability.
Understanding these fundamentals is the first step toward building real world FHIR integrations, such as retrieving, updating, or creating clinical data through APIs.
Next: Using FHIR APIs in Practice
Now that you understand how the FHIR API works, the next step is to see it in action. Learn how to connect to FHIR servers, perform CRUD operations, and handle real data exchange scenarios.
Continue reading: Using FHIR APIs in Practice →
