Service Account issues

[Christalf1970]

We have been going around and around with third party vendors that support one of our provider offices about getting our FHIR APIs configured. We finally got our token call working after finding that our service account was not properly syncing with AAD. Now, we are getting a "forbidden" error when attempting any patient or observation calls. Looking at Service Application Credentials · Issue #177 · athenahealth/apiserver-athenaFlex · GitHub, we got the token call working by following the directions in the attached document. What else is needed to get the actual patient data needed? I asked if they had put the service account in the API Server User Role and this was the vendor's response: _

They do not us the api server user group. That user is part of the following groups Goup-smhca, group-smhca-allusers, group-smhca-clincallevel1, group-smhca-clincallevel2 and group-smhca-smmg-moss. Those groups do grant it access to cps.

_

Is the API Server User Role what is missing here? Also, the Native Auth instructions did not include any inclusion of our Client ID or Secret for our registered App. Does that need to be included?

Notes.on.athenaPractice.Native.User.Auth.Flow.docx

[Torin-Shepard-athena]

@Christalf1970 Apologies for not mentioning API Server User Group/Role in the earlier document.

Please review the newer document posted in this Issue 177 comment.

Token GET is deprecated. Please transition to using token POST for stronger security with both client id+secret and username+password as described in athenaPractice V22 and forward Native User token POST Auth Flow.