Get started with Azure API for FHIR
Important
Azure API for FHIR will be retired on September 30, 2026. Follow the migration strategies to transition to Azure Health Data Services FHIR® service by that date. Due to the retirement of Azure API for FHIR, new deployments won't be allowed beginning April 1, 2025. Azure Health Data Services FHIR service is the evolved version of Azure API for FHIR that enables customers to manage FHIR, DICOM, and MedTech services with integrations into other Azure services.
This article outlines the basic steps to get started with Azure API for FHIR®. Azure API for FHIR is a managed, standards-based, compliant API for clinical health data that enables solutions for actionable analytics and machine learning.
As a prerequisite, you need an Azure subscription and have been granted proper permissions to create Azure resource groups and deploy Azure resources. If you don't have an Azure subscription, create a free account before you begin.
Create Azure resource
To get started with Azure API for FHIR, you must create a resource in the Azure portal. Enter Azure API for FHIR in the Search services and marketplace box.
After you locate the Azure API for FHIR resource, select Create.
Deploy Azure API for FHIR
Refer to the steps in the Quickstart guide for deploying an instance of Azure API for FHIR using the Azure portal. You can also deploy an instance of Azure API for FHIR using PowerShell, CLI, and an ARM template.
Accessing Azure API for FHIR
When you're working with healthcare data, it's important to ensure that the data is secure, and can't be accessed by unauthorized users or applications. FHIR servers use OAuth 2.0 to ensure this data security. Azure API for FHIR is secured using Microsoft Entra ID, which is an example of an OAuth 2.0 identity provider. Microsoft Entra identity configuration for Azure API for FHIR provides an overview of FHIR server authorization, and the steps needed to obtain a token to access a FHIR server. While these steps apply to any FHIR server and any identity provider, this article covers Azure API for FHIR as the FHIR server, and Microsoft Entra ID as our identity provider. For more information about accessing Azure API for FHIR, see Access control overview.
Access token validation
How Azure API for FHIR validates the access token depends on the implementation and configuration. The article Azure API for FHIR access token validation guides you through the validation steps, which can be helpful when troubleshooting access issues.
Register a client application
For an application to interact with Microsoft Entra ID, it needs to be registered. In the context of the FHIR server, there are two kinds of application registrations:
- Resource application registrations,
- Client application registrations.
For more information about the two kinds of application registrations, see Register the Microsoft Entra apps for Azure API for FHIR.
Configure Azure RBAC for FHIR
The article Configure Azure RBAC for FHIR, describes how to use Azure role-based access control (Azure RBAC) to assign access to the Azure API for FHIR data plane. Azure RBAC is the preferred method for assigning data plane access when data plane users are managed in the Microsoft Entra tenant associated with your Azure subscription. If you're using an external Microsoft Entra tenant, refer to the local RBAC assignment reference.
Next steps
This article described the basic steps to get started using Azure API for FHIR. For more information about Azure API for FHIR, see
Note
FHIR® is a registered trademark of HL7 and is used with the permission of HL7.