Finnish Implementation Guide for SMART App Launch
1.0.1-cibuild - ci-build Finland flag

Finnish Implementation Guide for SMART App Launch, published by HL7 Finland ry. This guide is not an authorized publication; it is the continuous build for version 1.0.1-cibuild built by the FHIR (HL7® FHIR® Standard) CI Build. This version is based on the current content of https://github.com/fhir-fi/finnish-smart/ and changes regularly. See the Directory of published versions

CapabilityStatement: Finnish SMART Server Capability Statement

Official URL: https://hl7.fi/fhir/finnish-smart/CapabilityStatement/fi-smart-server Version: 1.0.1-cibuild
Active as of 2023-11-09 Computable Name: FiSmartServer

This CapabilityStatement describes the basic rules for a server actor providing SMART App Launch in Finland.

Raw OpenAPI-Swagger Definition file | Download

Generated Narrative: CapabilityStatement fi-smart-server

Finnish SMART Server Capability Statement

  • Implementation Guide Version: 1.0.1-cibuild
  • FHIR Version: 4.0.1
  • Supported Formats: SHALL support json, SHOULD support xml
  • Supported Patch Formats: SHOULD support application/json-patch+json
  • Published on: 2023-11-09
  • Published by: HL7 Finland ry

Note to Implementers: FHIR Capabilities

Any FHIR capability may be 'allowed' by the system unless explicitly marked as 'SHALL NOT'. A few items are marked as MAY in the Implementation Guide to highlight their potential relevance to the use case.

SHALL Support the Following Implementation Guides

SHOULD Support the Following Implementation Guides

FHIR RESTful Capabilities

Mode: server

The server SHALL:

  1. Implement the RESTful behavior according to the FHIR specification.
  2. Support JSON source formats for all interactions.
  3. Declare a CapabilityStatement identifying the list of profiles, operations, and search parameters supported.

The server SHOULD:

  1. Support XML source formats for all interactions.
  2. Implement the International Patient Access (IPA) specification.
Security

This implementation guide relies heavily on the widely adopted SMART App Launch mechanism. This implementation guide does not define any new security mechanisms. Please familiarize yourself with the securty concepts infroduced in the SMART App Launch specification, and the underlying OpenID Connect and OAuth2 specifications the SMART App Launch specification build on.

  1. See the Best Practices outlined in the SMART App Launch specification.
  2. See the FHIR Security section of the FHIR specification for requirements and recommendations.
  3. A server SHALL reject any unauthorized requests by returning an HTTP 401 Unauthorized, 403 Forbidden, or 404 Not Found response code.
Summary of System-wide Interactions