Postman Shared Environment Setup for CareConnect FHIR APIs

This guide provides standardized environment variable names and setup instructions that work across all CareConnect FHIR API tutorials.

Standard Environment Variables

Use these consistent variable names across all your CareConnect Postman environments:

Base Configuration

Variable Name	Description	Example Value
`domain`	CareConnect domain	`fhirtest.netsmartcloud.com`
`tenant_id`	Your CareConnect tenant ID	`your-tenant-id`

Authentication URLs

Variable Name	Description	Example Value
`auth_url`	OAuth authorization endpoint	`https://fhirtest.netsmartcloud.com/auth/your-tenant-id/oauth2/v1/authorize`
`token_url`	OAuth token endpoint	`https://fhirtest.netsmartcloud.com/auth/your-tenant-id/oauth2/v1/token`

Note: Replace your-tenant-id with your actual tenant ID and update domain for Production environment.

API Base URLs

Variable Name	Description	Example Value
`patient_access_base_url`	Patient Access API base	`https://fhirtest.netsmartcloud.com/provider/patient-access/v2/your-tenant-id`
`practitioner_access_base_url`	Practitioner Access API base	`https://fhirtest.netsmartcloud.com/provider/patient-access/v2/your-tenant-id`
`system_access_base_url`	System Access API base	`https://fhirtest.netsmartcloud.com/provider/system-access/v2/your-tenant-id`
`provider_directory_base_url`	Provider Directory API base	`https://fhirtest.netsmartcloud.com/payer/provider-directory/v2/your-tenant-id`

Note: Postman doesn't support variable references within environment variable values, so these must be complete URLs.

OAuth Configuration

Variable Name	Description	Example Value
`client_id`	Your OAuth client ID	`your-client-id`
`client_secret`	Your OAuth client secret (secret type)	`your-client-secret`
`redirect_uri`	OAuth redirect URI	`https://oauth.pstmn.io/v1/callback`

Scopes by API Type

Variable Name	Description
`patient_scope`	Patient Access scopes
`practitioner_scope`	Practitioner Access scopes
`system_scope`	System Access scopes

Runtime Variables

Variable Name	Description
`access_token`	Current OAuth access token
`patient_id`	Current patient ID for testing
`organization_id`	Current organization ID for testing

Environment Templates

Multi-API Environment

Create one environment that supports all API types:

Environment Name: CareConnect Preview - Multi-API

This approach allows you to switch between different API types by changing the fhir_base_url variable to point to the appropriate base URL.

API-Specific Environments

Alternatively, create separate environments for each API type:

CareConnect Preview - Patient Access
CareConnect Preview - Practitioner Access
CareConnect Preview - System Access
CareConnect Preview - Provider Directory
CareConnect Preview - Service Discovery

Authorization Configuration by Folder

When sharing collections across different API types, move authorization from collection level to folder level:

Collection Structure (Alphabetically Ordered):

CareConnect Multi-API Collection
├── Discovery APIs (No Auth)
│   ├── Provider Directory
│   │   ├── HealthcareService
│   │   ├── InsurancePlan
│   │   ├── Location
│   │   ├── Organization
│   │   ├── Practitioner
│   │   └── PractitionerRole
│   ├── Service Base URLs
│   └── User Access Brands
├── Patient Access (OAuth - Patient Scopes)
│   ├── Care Management
│   │   ├── CarePlan
│   │   ├── CareTeam
│   │   ├── Encounter
│   │   └── Goal
│   ├── Clinical Data
│   │   ├── AllergyIntolerance
│   │   ├── Condition
│   │   ├── DiagnosticReport
│   │   ├── Immunization
│   │   ├── MedicationRequest
│   │   └── Observation
│   ├── Patient
│   │   ├── Patient Read
│   │   └── Patient Search
│   └── Setup & Configuration
│       ├── CapabilityStatement
│       └── SMART Configuration
├── Practitioner Access (OAuth - User Scopes)
│   ├── Clinical Resources
│   │   ├── Condition
│   │   ├── DiagnosticReport
│   │   ├── MedicationRequest
│   │   └── Observation
│   ├── Patient Management
│   │   ├── Patient Read
│   │   └── Patient Search
│   ├── Provider Resources
│   │   ├── Organization
│   │   ├── Practitioner
│   │   └── PractitionerRole
│   └── Setup & Configuration
│       ├── CapabilityStatement
│       └── SMART Configuration
└── System Access (OAuth - System Scopes)
    ├── Administrative
    │   ├── Coverage
    │   ├── Location
    │   ├── Organization
    │   └── Practitioner
    ├── Bulk Operations
    │   ├── Group Export
    │   ├── Patient Export
    │   └── System Export
    ├── Clinical Data
    │   ├── Condition
    │   ├── DiagnosticReport
    │   ├── MedicationRequest
    │   └── Observation
    ├── Patient Resources
    │   ├── Patient Read
    │   └── Patient Search
    └── Setup & Configuration
        ├── CapabilityStatement
        └── SMART Configuration

Authorization Setup:

Collection Level: Set to "No Auth"
API Type Folder Level: Configure OAuth 2.0 for each API type:
- Discovery APIs Folder: No Auth
- Patient Access Folder: OAuth 2.0 with {{patient_scope}}
- Practitioner Access Folder: OAuth 2.0 with {{practitioner_scope}}
- System Access Folder: OAuth 2.0 Client Credentials with {{system_scope}}
Resource Sub-Folder Level: "Inherit auth from parent"
Request Level: "Inherit auth from parent"

Resource Organization Principles:

Alphabetical Ordering: All resources within folders are ordered alphabetically for easy navigation
Setup & Configuration: Non-authenticated endpoints (metadata, SMART config)
Patient/Patient Management: Core patient resource operations
Clinical Data: Patient-specific clinical information (observations, conditions, medications)
Care Management: Care coordination resources (care plans, teams, goals)
Provider Resources: Practitioner and organization information
Administrative: Coverage, locations, and administrative data
Bulk Operations: System-level export operations

Naming Convention for Requests:

Use consistent naming: [Resource] - [Operation] (e.g., "Patient - Search", "Patient - Read")
For search operations: [Resource] - Search (GET), [Resource] - Search (POST)
For specific operations: [Resource] - Read by ID, [Resource] - Create, [Resource] - Update

Scope Variables by API Type

Add these scope variables to your shared environment:

patient_scope = launch/patient openid fhirUser offline_access patient/Patient.rs patient/Observation.rs...
practitioner_scope = launch openid fhirUser offline_access user/Patient.rs user/Observation.rs...
system_scope = system/Patient.rs system/Observation.rs system/Organization.rs...

Benefits of Standardization

Reusable Collections - Import requests between different API collections
Consistent Naming - Easier to remember and maintain
Cross-Tutorial Compatibility - Variables work across multiple tutorials
Reduced Setup Time - Copy environment templates instead of recreating
Flexible Authorization - Different auth per folder within same collection
Logical Resource Grouping - Related resources grouped for easier navigation
Scalable Structure - Easy to add new resources to appropriate sub-folders

Standard Environment Variables​

Base Configuration​

Authentication URLs​

API Base URLs​

OAuth Configuration​

Scopes by API Type​

Runtime Variables​

Environment Templates​

Multi-API Environment​

API-Specific Environments​

Collection Sharing Strategy​

Authorization Configuration by Folder​

Scope Variables by API Type​

Benefits of Standardization​