Register a resource application in Microsoft Entra ID for Azure API for FHIR

Important

Azure API for FHIR will be retired on September 30, 2026. Follow the migration strategies to transition to Azure Health Data Services FHIR® service by that date. Due to the retirement of Azure API for FHIR, new deployments won't be allowed beginning April 1, 2025. Azure Health Data Services FHIR service is the evolved version of Azure API for FHIR that enables customers to manage FHIR, DICOM, and MedTech services with integrations into other Azure services.

In this article, you learn how to register a resource (or API) application in Microsoft Entra ID. A resource application is a Microsoft Entra representation of the FHIR® server API itself, and client applications can request access to the resource when authenticating. The resource application is also known as the audience in OAuth parlance.

Azure API for FHIR

If you're using the Azure API for FHIR, a resource application is automatically created when you deploy the service. As long as you're using the Azure API for FHIR in the same Microsoft Entra tenant as you're deploying your application, you can skip this how-to-guide and instead deploy your Azure API for FHIR to get started.

If you're using a different Microsoft Entra tenant (not associated with your subscription), you can use PowerShell to import the Azure API for FHIR resource application into your tenant.

New-AzADServicePrincipal -ApplicationId 4f6778d8-5aef-43dc-a1ff-b073724b9495 -Role Contributor

Or you can use Azure CLI.

az ad sp create --id 4f6778d8-5aef-43dc-a1ff-b073724b9495

FHIR Server for Azure

If you're using the open source FHIR Server for Azure, follow the steps on the GitHub repo to register a resource application.

Next steps

In this article, you learned how to register a resource application in Microsoft Entra ID. Next, register your confidential client application.

Note

FHIR® is a registered trademark of HL7 and is used with the permission of HL7.