This tutorial will walk you through creating an app in Cerner’s SMART on FHIR ecosystem.

After completing this tutorial you will know how to:


Project Setup

First, you’ll want to fork this tutorial from smart-on-fhir-tutorial to your GitHub account.

The smart-on-fhir-tutorial/source/example-smart-app folder contains the example SMART app which you’ll be using throughout this tutorial. Let’s take a look at some of the notable files contained within:


Located in the lib folder, this is a version of fhir-client.js which is an open source library designed to assist with calling a FHIR API and handling the SMART on FHIR authorization workflow. This tutorial uses this library when walking you through building your first SMART app.

Additional documentation on fhir-client.js can be found here.


launch.html is the SMART app’s initial entry point and in a real production environment, would be invoked by the application launching your SMART app (for instance, the EHR or patient portal). In the SMART documentation, this is your app’s “launch URL”. In this tutorial, this page will be invoked when you launch your app from Cerner’s code Console.

As the entry point into your SMART app, this page will kick-off the SMART authorization workflow.


This page will be invoked via redirect from the Authorization server at the conclusion of the SMART authorization workflow. When this page is invoked, your SMART app will have everything it needs to run and access the FHIR API.

The other content you see in the source folder is the site for this tutorial. We used Slate to create the documentation for this tutorial.

GitHub Pages


<!DOCTYPE html>
    <meta http-equiv='X-UA-Compatible' content='IE=edge' />
    <meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
    <title>[YOUR-USERNAME] Example-SMART-App</title>

Go to your GitHub account, select Repositories tab and select smart-on-fhir-tutorial repo. Select Branch button and switch to gh-pages branch. Directly edit /example-smart-app/index.html by clicking on the pencil icon. Once done with the change, commit directly to gh-pages branch.

The SMART app will be available at:


Health check


For the purposes of this tutorial we will be hosting our SMART app through GitHub Pages. GitHub Pages is a convenient way to host static or client rendered web sites.

Setting up GitHub pages is easy, so easy in fact that it’s already done for you. GitHub pages works by hosting content from a gh-pages branch. Since you forked the tutorial, the gh-pages branch has already been created, however GitHub won’t publish your site until you make a change to the gh-pages branch, so let’s make a change. Modify the index.html page to include your GitHub user-name in the title, and commit directly to gh-pages branch.

Use GitHub UI to directly edit index.html. Simply switch the branch to gh-pages, navigate to /example-smart-app/index.html and click the pencil icon. Commit your changes to deploy.

Once the app has been redeployed go to https://<your-username> to ensure your app is available.


Now that we have a deployed SMART app, let’s register it to access Cerner’s FHIR resources. We have created a self registration console to allow any developer to be able run a SMART app against our development environment. Navigate to our code console, if you don’t have a Cerner Care Account, go ahead and sign up for one (it’s free!). Once logged into the console, click on the “+ New App” button in the top right toolbar and fill in the following details:

Field Description
App Name My amazing SMART app Any name will do.
SMART Launch URI https://<your-username>
Redirect URI https://<your-username>
App Type Provider
FHIR Spec dstu2_provider The latest spec version supported by Cerner.
Authorized Yes Authorized App will go through secured OAuth 2 login.
Standard Scopes These scopes are required to launch the SMART app.
User Scopes None
Patient Scopes Select the Patient and Observation scopes

Click “Register” to complete the process. This will add the app to your account and create a client id for app authorization.

The new OAuth 2 client id will be displayed in a banner at the top of the page and can be viewed at any time by clicking on the application icon to view more details.

App Launch

We have now created our own SMART app and registered that app with Cerner to access the FHIR resources. Before we continue on with the next steps, let’s take a moment to talk about the flow of a SMART app launch.

The SMART app launch flow begins with the EHR. Through some method, a user has indicated that they wish to launch a smart application. The EHR redirects to the SMART Launch URI that was registered above.

In this example Launch URI is launch.html. launch.html redirects to the FHIR authorization server which in-turn redirects to the Redirect URI, index.html, upon a successful authentication.

Post-authentication, index.html exchanges the returned authorization token for an access token and is then able to request resources from the FHIR server. Let’s take a deeper look at launch.html and get it ready for authentication. For more information about the SMART app launching vist the SMART Health IT site.

alt text

Request Authorization


<!DOCTYPE html>
<html lang="en">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge" />
    <script src='./lib/fhir-client-v0.1.11.js'></script>
    <!-- Prevent session bleed caused by single threaded embedded browser and sessionStorage API -->
    <!-- -->
    <script src='./lib/fhir-client-cerner-additions-1.0.0.js'></script>
        'client_id': '<enter your client id here>',
        'scope':  'patient/ patient/ launch online_access openid profile'

Make sure to replace CLIENT_ID with the client id provided in code console and redeploy your site.

The responsibility of launch.html is to redirect to the appropriate FHIR authorization server. As you can see in the code, fhir-client makes our job pretty easy. All we have to do is call FHIR.oauth2.authorize and supply the client_id generated by the code console during registration and the scopes we registered.

The client_id is found in the app details page that can be accessed by clicking on the application icon in the code console. Copy the client_id into the authorize call in launch.html, commit the changes back to your repo and redeploy your site.

For the purposed of this tutorial you don’t need to modify the scopes. This list should match the scopes that you registered the application with.

Below is some additional information about the scopes we’ve selected for our app.

Scope Grants
patient/ Permission to read Patient resource for the current patient.
patient/ Permission to read Observation resource for the current patient.
openid, profile Permission to retrieve information about the current logged-in user. Required for EHR launch.
launch Permission to obtain launch context when app is launched from an EHR. Required for EHR launch.
launch/patient When launching outside the EHR, ask for a patient to be selected at launch time. Required for stand-alone launch.
online_access Request a refresh_token that can be used to obtain a new access token to replace an expired one, and that will be usable for as long as the end-user remains online. Required for EHR launch.

For our app we will use, We will always include launch, online_access, openid & profile scopes to our app.

So just what exactly is the FHIR.oauth2.authorize method doing?

Through an EHR launch, launch.html will be supplied with two query params iss and launch

iss is the EHR’s FHIR end point and launch is an identifier that will be passed along to the authorization server.

FHIR.oauth2.authorize queries the FHIR endpoint to find the URI for authorization. It then simply redirects to that endpoint, filling out the required API which includes the supplied client_id, scopes and the launch parameter passed in from the EHR. (There are a few more params that can be read about here). Additionally the function generates an appropriate state parameter that will then be checked after redirecting to the index page.

Following the FHIR.oauth2.authorize, the app will redirect to the authorization server, which, on a successful authorization, will redirect back to the Redirect URI, in this case, index.html

Access Token Retrieval


<script src='./lib/es6-shim-0.35.1.min.js'></script>
<script src='./src/js/example-smart-app.js'></script>
<script src='./lib/fhir-client-v0.1.11.js'></script>

<!-- Prevent session bleed caused by single threaded embedded browser and sessionStorage API -->
<!-- -->
<script src='./lib/fhir-client-cerner-additions-1.0.0.js'></script>
<script src=""></script>
    //Display Patient Demographics and Observations if extractData was success
    function(p) {

    //Display 'Failed to call FHIR Service' if extractData failed
    function() {
      $('#errors').html('<p> Failed to call FHIR Service </p>');

example-smart-app.js - extractData

window.extractData = function() {
    var ret = $.Deferred();
    FHIR.oauth2.ready(onReady, onError);
    return ret.promise();

Now that the app has successfully been authenticated, it’s time to call a FHIR resource, but first we need to obtain an OAuth2 access token. We have an authorization code that was passed as a query param to the redirect URI (index.html) by the authorization server. The authorization code is exchanged for an access token through POST to the authorization server. Again, fhir-client.js makes this easy for us.

The index.html file includes a script which calls into the extractData function in example-smart-app.js.

extractData uses the FHIR.oauth2.ready() function to exchange the authorization code for the access token and stores it in session storage for later use.

Access FHIR Resource

example-smart-app.js - onReady

function onReady(smart)  {
  if (smart.hasOwnProperty('patient')) {
    var patient = smart.patient;
    var pt =;
    var obv = smart.patient.api.fetchAll({
                  type: 'Observation',
                  query: {
                    code: {
                      $or: ['|8302-2', '|8462-4',
                            '|8480-6', '|2085-9',
                            '|2089-1', '|55284-4']

    $.when(pt, obv).fail(onError);

    $.when(pt, obv).done(function(patient, obv) {
      var byCodes = smart.byCodes(obv, 'code');
      var gender = patient.gender;
      var dob = new Date(patient.birthDate);
      var day = dob.getDate();
      var monthIndex = dob.getMonth() + 1;
      var year = dob.getFullYear();

      var dobStr = monthIndex + '/' + day + '/' + year;
      var fname = '';
      var lname = '';

      if(typeof[0] !== 'undefined') {
        fname =[0].given.join(' ');
        lname =[0].family.join(' ');

      var height = byCodes('8302-2');
      var systolicbp = getBloodPressureValue(byCodes('55284-4'),'8480-6');
      var diastolicbp = getBloodPressureValue(byCodes('55284-4'),'8462-4');
      var hdl = byCodes('2085-9');
      var ldl = byCodes('2089-1');

      var p = defaultPatient();
      p.birthdate = dobStr;
      p.gender = gender;
      p.fname = fname;
      p.lname = lname;
      p.age = parseInt(calculateAge(dob));

      if(typeof height[0] != 'undefined' && typeof height[0].valueQuantity.value != 'undefined' && typeof height[0].valueQuantity.unit != 'undefined') {
        p.height = height[0].valueQuantity.value + ' ' + height[0].valueQuantity.unit;

      if(typeof systolicbp != 'undefined')  {
        p.systolicbp = systolicbp;

      if(typeof diastolicbp != 'undefined') {
        p.diastolicbp = diastolicbp;

      if(typeof hdl[0] != 'undefined' && typeof hdl[0].valueQuantity.value != 'undefined' && typeof hdl[0].valueQuantity.unit != 'undefined') {
        p.hdl = hdl[0].valueQuantity.value + ' ' + hdl[0].valueQuantity.unit;

      if(typeof ldl[0] != 'undefined' && typeof ldl[0].valueQuantity.value != 'undefined' && typeof ldl[0].valueQuantity.unit != 'undefined') {
        p.ldl = ldl[0].valueQuantity.value + ' ' + ldl[0].valueQuantity.unit;
  } else {

With access token in hand we’re ready to request a FHIR resource and again, we will be using fhir-client.js.

For the purposes of this tutorial we’ll be retrieving basic information about the patient and a couple of basic observations to display.

The fhir-client.js library defines several useful API’s we can use to retrieve this information.

Both of these functions will return a jQuery deferred object which we unpack on success.

Unpacking is fairly straight forward. We’re taking the response from the patient and observation resources and placing it into a “patient” data structure.

The last function from fhir-client.js is the byCodes utility function that returns a function to search a given resource for specific codes returned from that response.

The fhir-client.js library defines several more API’s that will come in handy while developing smart app. Read about them here.

Displaying the Resource


<h2>SMART on FHIR Starter App</h2>
<div id='errors'>
<div id="loading">Loading...</div>
<div id='holder' >
  <h2>Patient Resource</h2>
      <th>First Name:</th>
      <td id='fname'></td>
      <th>Last Name:</th>
      <td id='lname'></td>
      <td id='gender'></td>
      <th>Date of Birth:</th>
      <td id='birthdate'></td>
      <td id='age'></td>
  <h2>Observation Resource</h2>
      <td id='height'></td>
      <th>Systolic Blood Pressure:</th>
      <td id='systolicbp'></td>
      <th>Diastolic Blood Pressure:</th>
      <td id='diastolicbp'></td>
      <td id='ldl'></td>
      <td id='hdl'></td>

example-smart-app.js - drawVisualization

window.drawVisualization = function(p) {

The last remaining task for our application is displaying the resource information we’ve retrieved. In index.html we define a table with several id place holders. On a success from extractData we’ll call drawVisualization which will show the table div as well as filling out the relevant sections.

Test your App

To re-deploy the GitHub Pages site, commit your changes and make sure your gh-pages branch is up to date.

Now that we have a snazzy SMART app, it’s time to test it.

Next log back into the code console and click on the app you’ve registered (My amazing SMART app). To launch your app through the code console click the “Begin Testing” button. The console will ask if the app you’re launching requires a patient in context. Our app requires a patient, so select yes and choose a patient. Please note the millennium username and password, you’ll need this credential when prompted. Finally, click launch and the console will redirect to your application.

Run your app against SMART Health IT Sandbox

One of the reasons why SMART on FHIR is awesome is because of the interoperability factor! If an EHR follows the SMART and FHIR specifications, your application will work with that EHR’s SMART on FHIR implemenmtation. Let’s see if the app that you’ve built will work with SMART Health IT Sandbox. The following steps will walk you through setting up your app at SMART Health IT Sandbox.

Update client ID in launch.html

    'scope':  'patient/ patient/ launch online_access openid profile'

Next Steps

Through this tutorial we have:

We’ve created a very basic application that meets the base requirements of being a SMART app. This application would require a fair amount of polish before being ready to be deployed in a production environment. A couple of next steps you could look at are:

We’re excited to see what you’ll build next!