I am building a smart on FHIR application connecting different EHR systems like Cerner, and EPIC and I have built an external API to run an algorithm on this data. I call the APIs inside the SOF app after getting data from FHIR servers, however, I am confused about how to authenticate the APIs.
Since the SOF apps are going to be inside the EPIC and Cerner UI, I really cannot have a username and password login with the register option as they are already authenticated.
Would like to hear thoughts on how to authenticate the APIs?
It sounds like your app is launched from the EHR. In this case the authentication is handled through single sign-on, with the EHR as the identity provider, since the user is already logged into the EHR. You would need to make the necessary calls to obtain and authorization code and exchange that for an access token. The specific details will vary per EHR you are integrating with; the SMART App Launch standard is here and a general overview from Cerner is here.