Skip to Main Content
Forums

Clinical APIs (EHR)

Announcement

For information related to the Oracle Partner Network (OPN) Industry Healthcare Track please visit our OPN Industry Healthcare Program page.

For specific questions related to Oracle Partner Network (OPN), please contact Partner Assistance.

Millennium FHIR and non-FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com
Soarian FHIR API Specifications and Supporting Documents can be found HERE on docs.oracle.com.

How to use Health EHR APIs

Background Information:

Are you an OPN Member? No
Have you signed up to be in the Healthcare Developer Track? No
Are you a registered Code Program member? No
Does your App have a presence on the Oracle Healthcare App Marketplace? No

Are you developing on behalf of an Oracle Health client?
If so, which client:

CHOC

Hello, im following steps from these docs to implement EHR APIs :
- https://docs.oracle.com/en/industries/health/millennium-platform-apis/mcfap/intro.html
- https://docs.oracle.com/en/industries/health/millennium-platform-apis/millennium-authorization-framework/#authorization

I already have an app with the product and scope in code Console.

But im not sure if im doing the right flow, im testing with Postman in sandbox env
first im hitting this endpoint to get the auth token:
https://authorization.sandboxcerner.com/tenants/{tenantID}/hosts/api.cernermillennium.com/protocols/oauth2/profiles/smart-v1/token

for the token, im using my clientID as username and my client secret as password to generate the Base64 encoded string and send as ‘Authorization: Basic {Base64 string}’ in the headers

cURL:
curl --location 'https://authorization.sandboxcerner.com/tenants/{tenantID}/hosts/api.cernermillennium.com/protocols/oauth2/profiles/smart-v1/token' \
--header 'Accept: application/json' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'cache-control: no-cache' \
--header 'Authorization: Basic {Base64 string}' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=oraclehealth:millennium:message'

I get the token as response and then, i try to use that token in some of the message apis:

https://api.cernermillennium.com/{tenantId}/message/20241001/patientMessages/inboxItems?patientId={somePatientId}

cURL:
curl --location 'https://api.cernermillennium.com/{tenantId}/message/20241001/patientMessages/inboxItems?patientId={somePatientId}' \
--header 'Accept: application/json' \
--header 'Content-Type: application/ehr+json' \
--header 'Authorization: Bearer {token}'

But i get a 401 Unauthorized as response
{"message": "code=\"urn:cerner:error:oauth2:resource-access:signature-verification-failed\", error=\"invalid_token\", subcode=\"unknown_kid\", kid=\"2025-09-09T02:40:05.718.ec.es256\"","code": 401}

My questions are:
- Am i using the right URLs? if not, which URLs are used for sandbox and which for prod?
- Am i doing a correct flow?

Thanks in advance.
This post has been answered by Kol Kheang-Oracle on Sep 10 2025
Jump to Answer
Comments
Post Details
Added on Sep 9 2025
#authorization, #millennium, #troubleshooting
2 comments
67 views
2 mentions