Edit

Share via

Register a service client application in Microsoft Entra ID for Azure API for FHIR

  • Article

Important

Azure API for FHIR will be retired on September 30, 2026. Follow the migration strategies to transition to Azure Health Data Services FHIR® service by that date. Due to the retirement of Azure API for FHIR, new deployments won't be allowed beginning April 1, 2025. Azure Health Data Services FHIR service is the evolved version of Azure API for FHIR that enables customers to manage FHIR, DICOM, and MedTech services with integrations into other Azure services.

In this article, you learn how to register a service client application in Microsoft Entra ID. Client application registrations are Microsoft Entra representations of applications that can be used to authenticate and obtain tokens. A service client is intended to be used by an application to obtain an access token without interactive authentication of a user. It has certain application permissions and can use an application secret (password) when obtaining access tokens.

Follow these steps to create a new service client.

App registrations in Azure portal

  1. In the Azure portal, navigate to Microsoft Entra ID.

  2. Select App registrations.

    Azure portal. New App Registration.

  3. Select New registration.

  4. Give the service client a display name. Service client applications typically don't use a reply URL.

    Azure portal. New Service Client App Registration.

  5. Select Register.

API permissions

Permissions for Azure API for FHIR are managed through role-based access control (RBAC). For more details, visit Configure Azure RBAC for FHIR.

Note

Use a grant_type of client_credentials when trying to otain an access token for Azure API for FHIR using tools such as Postman. For more details, visit Testing the FHIR API on Azure API for FHIR.

Application secret

The service client needs a secret (password) to obtain a token.

  1. Select Certificates & secrets.

  2. Select New client secret.

    Azure portal. Service Client Secret

  3. Provide a description and duration of the secret (either one year, two years or never).

  4. Once the secret is generated, it will only be displayed once in the portal. Make a note of it and store it in a secure location.

Next steps

In this article, you learned how to register a service client application in Microsoft Entra ID. Next, test access to your FHIR server using Postman.

Access the FHIR service using Postman

Note

FHIR® is a registered trademark of HL7 and is used with the permission of HL7.