Microsoft.HealthcareApis workspaces/fhirservices

• Latest
• 2025-04-01-preview
• 2025-03-01-preview
• 2024-03-31
• 2024-03-01
• 2023-12-01
• 2023-11-01
• 2023-09-06
• 2023-02-28
• 2022-12-01
• 2022-10-01-preview
• 2022-06-01
• 2022-05-15
• 2022-01-31-preview
• 2021-11-01
• 2021-06-01-preview

Bicep resource definition

The workspaces/fhirservices resource type can be deployed with operations that target:

• Resource groups - See resource group deployment commands

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.HealthcareApis/workspaces/fhirservices resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.HealthcareApis/workspaces/fhirservices@2025-04-01-preview' = {
  parent: resourceSymbolicName
  etag: 'string'
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  kind: 'string'
  location: 'string'
  name: 'string'
  properties: {
    acrConfiguration: {
      loginServers: [
        'string'
      ]
      ociArtifacts: [
        {
          digest: 'string'
          imageName: 'string'
          loginServer: 'string'
        }
      ]
    }
    authenticationConfiguration: {
      audience: 'string'
      authority: 'string'
      smartIdentityProviders: [
        {
          applications: [
            {
              allowedDataActions: [
                'string'
              ]
              audience: 'string'
              clientId: 'string'
            }
          ]
          authority: 'string'
        }
      ]
      smartProxyEnabled: bool
    }
    corsConfiguration: {
      allowCredentials: bool
      headers: [
        'string'
      ]
      maxAge: int
      methods: [
        'string'
      ]
      origins: [
        'string'
      ]
    }
    encryption: {
      customerManagedKeyEncryption: {
        keyEncryptionKeyUrl: 'string'
      }
    }
    exportConfiguration: {
      storageAccountName: 'string'
    }
    implementationGuidesConfiguration: {
      usCoreMissingData: bool
    }
    importConfiguration: {
      enabled: bool
      initialImportMode: bool
      integrationDataStore: 'string'
    }
    publicNetworkAccess: 'string'
    resourceVersionPolicyConfiguration: {
      default: 'string'
      resourceTypeOverrides: {
        {customized property}: 'string'
      }
    }
  }
  tags: {
    {customized property}: 'string'
  }
}

Property Values

Microsoft.HealthcareApis/workspaces/fhirservices

Name	Description	Value
etag	An etag associated with the resource, used for optimistic concurrency when editing it.	string
identity	Setting indicating whether the service has a managed identity associated with it.	ServiceManagedIdentityIdentity
kind	The kind of the service.	'fhir-R4' 'fhir-Stu3'
location	The resource location.	string
name	The resource name	string Constraints: Min length = 3 Max length = 24 (required)
parent	In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource.	Symbolic name for resource of type: workspaces
properties	Fhir Service configuration.	FhirServiceProperties
tags	Resource tags	Dictionary of tag names and values. See Tags in templates

Encryption

Name	Description	Value
customerManagedKeyEncryption	The encryption settings for the customer-managed key	EncryptionCustomerManagedKeyEncryption

EncryptionCustomerManagedKeyEncryption

Name	Description	Value
keyEncryptionKeyUrl	The URL of the key to use for encryption	string

FhirServiceAcrConfiguration

Name	Description	Value
loginServers	The list of the Azure container registry login servers.	string[]
ociArtifacts	The list of Open Container Initiative (OCI) artifacts.	ServiceOciArtifactEntry[]

FhirServiceAuthenticationConfiguration

Name	Description	Value
audience	The audience url for the service	string
authority	The authority url for the service	string
smartIdentityProviders	The array of identity provider configurations for SMART on FHIR authentication.	SmartIdentityProviderConfiguration[]
smartProxyEnabled	If the SMART on FHIR proxy is enabled	bool

FhirServiceCorsConfiguration

Name	Description	Value
allowCredentials	If credentials are allowed via CORS.	bool
headers	The headers to be allowed via CORS.	string[]
maxAge	The max age to be allowed via CORS.	int Constraints: Min value = 0 Max value = 99999
methods	The methods to be allowed via CORS.	string[]
origins	The origins to be allowed via CORS.	string Constraints: Pattern = ^(?:(?:(?:[hH][tT][tT][pP](?:[sS]|))\:\/\/(?:[a-zA-Z0-9-]+[.]?)+(?:\:[0-9]{1,5})?|[*]))$[]

FhirServiceExportConfiguration

Name	Description	Value
storageAccountName	The name of the default export storage account.	string

FhirServiceImportConfiguration

Name	Description	Value
enabled	If the import operation is enabled.	bool
initialImportMode	If the FHIR service is in InitialImportMode.	bool
integrationDataStore	The name of the default integration storage account.	string

FhirServiceProperties

Name	Description	Value
acrConfiguration	Fhir Service Azure container registry configuration.	FhirServiceAcrConfiguration
authenticationConfiguration	Fhir Service authentication configuration.	FhirServiceAuthenticationConfiguration
corsConfiguration	Fhir Service Cors configuration.	FhirServiceCorsConfiguration
encryption	The encryption settings of the FHIR service	Encryption
exportConfiguration	Fhir Service export configuration.	FhirServiceExportConfiguration
implementationGuidesConfiguration	Implementation Guides configuration.	ImplementationGuidesConfiguration
importConfiguration	Fhir Service import configuration.	FhirServiceImportConfiguration
publicNetworkAccess	Control permission for data plane traffic coming from public networks while private endpoint is enabled.	'Disabled' 'Enabled'
resourceVersionPolicyConfiguration	Determines tracking of history for resources.	ResourceVersionPolicyConfiguration

ImplementationGuidesConfiguration

Name	Description	Value
usCoreMissingData	If US Core Missing Data requirement is enabled.	bool

ResourceTags

Name	Description	Value

ResourceVersionPolicyConfiguration

Name	Description	Value
default	The default value for tracking history across all resources.	'no-version' 'versioned' 'versioned-update'
resourceTypeOverrides	A list of FHIR Resources and their version policy overrides.	ResourceVersionPolicyConfigurationResourceTypeOverrides

ResourceVersionPolicyConfigurationResourceTypeOverrides

Name	Description	Value

ServiceManagedIdentityIdentity

Name	Description	Value
type	Type of identity being specified, currently SystemAssigned and None are allowed.	'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required)
userAssignedIdentities	The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests.	UserAssignedIdentities

ServiceOciArtifactEntry

Name	Description	Value
digest	The artifact digest.	string
imageName	The artifact name.	string
loginServer	The Azure Container Registry login server.	string

SmartIdentityProviderApplication

Name	Description	Value
allowedDataActions	The actions that are permitted to be performed on FHIR resources for the application.	String array containing any of: 'Read'
audience	The audience that will be used to validate bearer tokens against the given authority.	string
clientId	The application client id defined in the identity provider. This value will be used to validate bearer tokens against the given authority.	string

SmartIdentityProviderConfiguration

Name	Description	Value
applications	The array of identity provider applications for SMART on FHIR authentication.	SmartIdentityProviderApplication[]
authority	The identity provider token authority also known as the token issuing authority.	string

UserAssignedIdentities

Name	Description	Value

UserAssignedIdentity

Name	Description	Value

Usage Examples

Azure Quickstart Samples

The following Azure Quickstart templates contain Bicep samples for deploying this resource type.

Bicep File	Description
Configure FHIR service to enable $import	This template provisions FHIR service to enable $import for initial data loading
Deploy the MedTech service	The MedTech service is one of the Azure Health Data Services designed to ingest device data from multiple devices, transform the device data into FHIR Observations, which are then persisted in the Azure Health Data Services FHIR service.
Deploy the MedTech service including an Azure IoT Hub	The MedTech service is one of the Azure Health Data Services designed to ingest device data from multiple devices, transform the device data into FHIR Observations, which are then persisted in the Azure Health Data Services FHIR service.

ARM template resource definition

The workspaces/fhirservices resource type can be deployed with operations that target:

• Resource groups - See resource group deployment commands

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.HealthcareApis/workspaces/fhirservices resource, add the following JSON to your template.

{
  "type": "Microsoft.HealthcareApis/workspaces/fhirservices",
  "apiVersion": "2025-04-01-preview",
  "name": "string",
  "etag": "string",
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "kind": "string",
  "location": "string",
  "properties": {
    "acrConfiguration": {
      "loginServers": [ "string" ],
      "ociArtifacts": [
        {
          "digest": "string",
          "imageName": "string",
          "loginServer": "string"
        }
      ]
    },
    "authenticationConfiguration": {
      "audience": "string",
      "authority": "string",
      "smartIdentityProviders": [
        {
          "applications": [
            {
              "allowedDataActions": [ "string" ],
              "audience": "string",
              "clientId": "string"
            }
          ],
          "authority": "string"
        }
      ],
      "smartProxyEnabled": "bool"
    },
    "corsConfiguration": {
      "allowCredentials": "bool",
      "headers": [ "string" ],
      "maxAge": "int",
      "methods": [ "string" ],
      "origins": [ "string" ]
    },
    "encryption": {
      "customerManagedKeyEncryption": {
        "keyEncryptionKeyUrl": "string"
      }
    },
    "exportConfiguration": {
      "storageAccountName": "string"
    },
    "implementationGuidesConfiguration": {
      "usCoreMissingData": "bool"
    },
    "importConfiguration": {
      "enabled": "bool",
      "initialImportMode": "bool",
      "integrationDataStore": "string"
    },
    "publicNetworkAccess": "string",
    "resourceVersionPolicyConfiguration": {
      "default": "string",
      "resourceTypeOverrides": {
        "{customized property}": "string"
      }
    }
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property Values

Microsoft.HealthcareApis/workspaces/fhirservices

Name	Description	Value
apiVersion	The api version	'2025-04-01-preview'
etag	An etag associated with the resource, used for optimistic concurrency when editing it.	string
identity	Setting indicating whether the service has a managed identity associated with it.	ServiceManagedIdentityIdentity
kind	The kind of the service.	'fhir-R4' 'fhir-Stu3'
location	The resource location.	string
name	The resource name	string Constraints: Min length = 3 Max length = 24 (required)
properties	Fhir Service configuration.	FhirServiceProperties
tags	Resource tags	Dictionary of tag names and values. See Tags in templates
type	The resource type	'Microsoft.HealthcareApis/workspaces/fhirservices'

Encryption

Name	Description	Value
customerManagedKeyEncryption	The encryption settings for the customer-managed key	EncryptionCustomerManagedKeyEncryption

EncryptionCustomerManagedKeyEncryption

Name	Description	Value
keyEncryptionKeyUrl	The URL of the key to use for encryption	string

FhirServiceAcrConfiguration

Name	Description	Value
loginServers	The list of the Azure container registry login servers.	string[]
ociArtifacts	The list of Open Container Initiative (OCI) artifacts.	ServiceOciArtifactEntry[]

FhirServiceAuthenticationConfiguration

Name	Description	Value
audience	The audience url for the service	string
authority	The authority url for the service	string
smartIdentityProviders	The array of identity provider configurations for SMART on FHIR authentication.	SmartIdentityProviderConfiguration[]
smartProxyEnabled	If the SMART on FHIR proxy is enabled	bool

FhirServiceCorsConfiguration

Name	Description	Value
allowCredentials	If credentials are allowed via CORS.	bool
headers	The headers to be allowed via CORS.	string[]
maxAge	The max age to be allowed via CORS.	int Constraints: Min value = 0 Max value = 99999
methods	The methods to be allowed via CORS.	string[]
origins	The origins to be allowed via CORS.	string Constraints: Pattern = ^(?:(?:(?:[hH][tT][tT][pP](?:[sS]|))\:\/\/(?:[a-zA-Z0-9-]+[.]?)+(?:\:[0-9]{1,5})?|[*]))$[]

FhirServiceExportConfiguration

Name	Description	Value
storageAccountName	The name of the default export storage account.	string

FhirServiceImportConfiguration

Name	Description	Value
enabled	If the import operation is enabled.	bool
initialImportMode	If the FHIR service is in InitialImportMode.	bool
integrationDataStore	The name of the default integration storage account.	string

FhirServiceProperties

Name	Description	Value
acrConfiguration	Fhir Service Azure container registry configuration.	FhirServiceAcrConfiguration
authenticationConfiguration	Fhir Service authentication configuration.	FhirServiceAuthenticationConfiguration
corsConfiguration	Fhir Service Cors configuration.	FhirServiceCorsConfiguration
encryption	The encryption settings of the FHIR service	Encryption
exportConfiguration	Fhir Service export configuration.	FhirServiceExportConfiguration
implementationGuidesConfiguration	Implementation Guides configuration.	ImplementationGuidesConfiguration
importConfiguration	Fhir Service import configuration.	FhirServiceImportConfiguration
publicNetworkAccess	Control permission for data plane traffic coming from public networks while private endpoint is enabled.	'Disabled' 'Enabled'
resourceVersionPolicyConfiguration	Determines tracking of history for resources.	ResourceVersionPolicyConfiguration

ImplementationGuidesConfiguration

Name	Description	Value
usCoreMissingData	If US Core Missing Data requirement is enabled.	bool

ResourceTags

Name	Description	Value

ResourceVersionPolicyConfiguration

Name	Description	Value
default	The default value for tracking history across all resources.	'no-version' 'versioned' 'versioned-update'
resourceTypeOverrides	A list of FHIR Resources and their version policy overrides.	ResourceVersionPolicyConfigurationResourceTypeOverrides

ResourceVersionPolicyConfigurationResourceTypeOverrides

Name	Description	Value

ServiceManagedIdentityIdentity

Name	Description	Value
type	Type of identity being specified, currently SystemAssigned and None are allowed.	'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required)
userAssignedIdentities	The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests.	UserAssignedIdentities

ServiceOciArtifactEntry

Name	Description	Value
digest	The artifact digest.	string
imageName	The artifact name.	string
loginServer	The Azure Container Registry login server.	string

SmartIdentityProviderApplication

Name	Description	Value
allowedDataActions	The actions that are permitted to be performed on FHIR resources for the application.	String array containing any of: 'Read'
audience	The audience that will be used to validate bearer tokens against the given authority.	string
clientId	The application client id defined in the identity provider. This value will be used to validate bearer tokens against the given authority.	string

SmartIdentityProviderConfiguration

Name	Description	Value
applications	The array of identity provider applications for SMART on FHIR authentication.	SmartIdentityProviderApplication[]
authority	The identity provider token authority also known as the token issuing authority.	string

UserAssignedIdentities

Name	Description	Value

UserAssignedIdentity

Name	Description	Value

Usage Examples

Azure Quickstart Templates

The following Azure Quickstart templates deploy this resource type.

Template	Description
Configure FHIR service to enable $import	This template provisions FHIR service to enable $import for initial data loading
Deploy the MedTech service	The MedTech service is one of the Azure Health Data Services designed to ingest device data from multiple devices, transform the device data into FHIR Observations, which are then persisted in the Azure Health Data Services FHIR service.
Deploy the MedTech service including an Azure IoT Hub	The MedTech service is one of the Azure Health Data Services designed to ingest device data from multiple devices, transform the device data into FHIR Observations, which are then persisted in the Azure Health Data Services FHIR service.

Terraform (AzAPI provider) resource definition

The workspaces/fhirservices resource type can be deployed with operations that target:

• Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.HealthcareApis/workspaces/fhirservices resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.HealthcareApis/workspaces/fhirservices@2025-04-01-preview"
  name = "string"
  parent_id = "string"
  identity {
    type = "string"
    identity_ids = [
      "string"
    ]
  }
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    etag = "string"
    kind = "string"
    properties = {
      acrConfiguration = {
        loginServers = [
          "string"
        ]
        ociArtifacts = [
          {
            digest = "string"
            imageName = "string"
            loginServer = "string"
          }
        ]
      }
      authenticationConfiguration = {
        audience = "string"
        authority = "string"
        smartIdentityProviders = [
          {
            applications = [
              {
                allowedDataActions = [
                  "string"
                ]
                audience = "string"
                clientId = "string"
              }
            ]
            authority = "string"
          }
        ]
        smartProxyEnabled = bool
      }
      corsConfiguration = {
        allowCredentials = bool
        headers = [
          "string"
        ]
        maxAge = int
        methods = [
          "string"
        ]
        origins = [
          "string"
        ]
      }
      encryption = {
        customerManagedKeyEncryption = {
          keyEncryptionKeyUrl = "string"
        }
      }
      exportConfiguration = {
        storageAccountName = "string"
      }
      implementationGuidesConfiguration = {
        usCoreMissingData = bool
      }
      importConfiguration = {
        enabled = bool
        initialImportMode = bool
        integrationDataStore = "string"
      }
      publicNetworkAccess = "string"
      resourceVersionPolicyConfiguration = {
        default = "string"
        resourceTypeOverrides = {
          {customized property} = "string"
        }
      }
    }
  }
}

Property Values

Microsoft.HealthcareApis/workspaces/fhirservices

Name	Description	Value
etag	An etag associated with the resource, used for optimistic concurrency when editing it.	string
identity	Setting indicating whether the service has a managed identity associated with it.	ServiceManagedIdentityIdentity
kind	The kind of the service.	'fhir-R4' 'fhir-Stu3'
location	The resource location.	string
name	The resource name	string Constraints: Min length = 3 Max length = 24 (required)
parent_id	The ID of the resource that is the parent for this resource.	ID for resource of type: workspaces
properties	Fhir Service configuration.	FhirServiceProperties
tags	Resource tags	Dictionary of tag names and values.
type	The resource type	"Microsoft.HealthcareApis/workspaces/fhirservices@2025-04-01-preview"

Encryption

Name	Description	Value
customerManagedKeyEncryption	The encryption settings for the customer-managed key	EncryptionCustomerManagedKeyEncryption

EncryptionCustomerManagedKeyEncryption

Name	Description	Value
keyEncryptionKeyUrl	The URL of the key to use for encryption	string

FhirServiceAcrConfiguration

Name	Description	Value
loginServers	The list of the Azure container registry login servers.	string[]
ociArtifacts	The list of Open Container Initiative (OCI) artifacts.	ServiceOciArtifactEntry[]

FhirServiceAuthenticationConfiguration

Name	Description	Value
audience	The audience url for the service	string
authority	The authority url for the service	string
smartIdentityProviders	The array of identity provider configurations for SMART on FHIR authentication.	SmartIdentityProviderConfiguration[]
smartProxyEnabled	If the SMART on FHIR proxy is enabled	bool

FhirServiceCorsConfiguration

Name	Description	Value
allowCredentials	If credentials are allowed via CORS.	bool
headers	The headers to be allowed via CORS.	string[]
maxAge	The max age to be allowed via CORS.	int Constraints: Min value = 0 Max value = 99999
methods	The methods to be allowed via CORS.	string[]
origins	The origins to be allowed via CORS.	string Constraints: Pattern = ^(?:(?:(?:[hH][tT][tT][pP](?:[sS]|))\:\/\/(?:[a-zA-Z0-9-]+[.]?)+(?:\:[0-9]{1,5})?|[*]))$[]

FhirServiceExportConfiguration

Name	Description	Value
storageAccountName	The name of the default export storage account.	string

FhirServiceImportConfiguration

Name	Description	Value
enabled	If the import operation is enabled.	bool
initialImportMode	If the FHIR service is in InitialImportMode.	bool
integrationDataStore	The name of the default integration storage account.	string

FhirServiceProperties

Name	Description	Value
acrConfiguration	Fhir Service Azure container registry configuration.	FhirServiceAcrConfiguration
authenticationConfiguration	Fhir Service authentication configuration.	FhirServiceAuthenticationConfiguration
corsConfiguration	Fhir Service Cors configuration.	FhirServiceCorsConfiguration
encryption	The encryption settings of the FHIR service	Encryption
exportConfiguration	Fhir Service export configuration.	FhirServiceExportConfiguration
implementationGuidesConfiguration	Implementation Guides configuration.	ImplementationGuidesConfiguration
importConfiguration	Fhir Service import configuration.	FhirServiceImportConfiguration
publicNetworkAccess	Control permission for data plane traffic coming from public networks while private endpoint is enabled.	'Disabled' 'Enabled'
resourceVersionPolicyConfiguration	Determines tracking of history for resources.	ResourceVersionPolicyConfiguration

ImplementationGuidesConfiguration

Name	Description	Value
usCoreMissingData	If US Core Missing Data requirement is enabled.	bool

ResourceTags

Name	Description	Value

ResourceVersionPolicyConfiguration

Name	Description	Value
default	The default value for tracking history across all resources.	'no-version' 'versioned' 'versioned-update'
resourceTypeOverrides	A list of FHIR Resources and their version policy overrides.	ResourceVersionPolicyConfigurationResourceTypeOverrides

ResourceVersionPolicyConfigurationResourceTypeOverrides

Name	Description	Value

ServiceManagedIdentityIdentity

Name	Description	Value
type	Type of identity being specified, currently SystemAssigned and None are allowed.	'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required)
userAssignedIdentities	The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests.	UserAssignedIdentities

ServiceOciArtifactEntry

Name	Description	Value
digest	The artifact digest.	string
imageName	The artifact name.	string
loginServer	The Azure Container Registry login server.	string

SmartIdentityProviderApplication

Name	Description	Value
allowedDataActions	The actions that are permitted to be performed on FHIR resources for the application.	String array containing any of: 'Read'
audience	The audience that will be used to validate bearer tokens against the given authority.	string
clientId	The application client id defined in the identity provider. This value will be used to validate bearer tokens against the given authority.	string

SmartIdentityProviderConfiguration

Name	Description	Value
applications	The array of identity provider applications for SMART on FHIR authentication.	SmartIdentityProviderApplication[]
authority	The identity provider token authority also known as the token issuing authority.	string

UserAssignedIdentities

Name	Description	Value

UserAssignedIdentity

Name	Description	Value