SMART App on FHIR

Live

SMART ON FHIR

HEALTHCARE

AI

SMART App on FHIR is a healthcare interoperability provider that enables secure access to electronic health records and clinical data using the SMART on...

  • Acts as the user: Every tool call runs as the authorizing user. Access and audit trail stay intact.
  • Credentials stay vaulted: AES-256 encrypted, resolved at request time, never stored in LLM context.
  • Scoped before every call: Per-user permissions enforced automatically. 90-day audit trail included.
SMART App on FHIR
agent · Acme Q3
Run
Allergy Intolerance Create in SMART App on FHIR
S
customsmartfhir_allergy_intolerance_create
85ms
SMART App on FHIR agent
Create a new fhir allergyintolerance resource recording a patient's allergy or intolerance to a substance..
Sources: SMART App on FHIR
customsmartfhirmcp
1 tool call
18:29
Message Claude...

SMART App on FHIR tools for AI agents

CALL ANY TOOL
12 tools covering allergy.
customsmartfhir_allergy_intolerance_create
Create a new fhir allergyintolerance resource recording a pa
Create a new fhir allergyintolerance resource recording a patient's allergy or intolerance to a substance.
Parameters
Name
Type
Required
Description
code
string
Required
Code identifying the substance (RxNorm, SNOMED, or NDF-RT)
code_system
string
Required
Code system URI for the substance code
patient_id
string
Required
FHIR logical ID of the patient
category
string
Optional
Category: food, medication, environment, biologic
clinical_status
string
Optional
Clinical status: active, inactive, resolved
code_display
string
Optional
Human-readable display for the substance
customsmartfhir_allergy_intolerance_delete
Delete a fhir allergyintolerance resource by its logical id.
customsmartfhir_allergy_intolerance_read
Retrieve a single fhir allergyintolerance resource by its lo
customsmartfhir_allergy_intolerance_search
Search for fhir allergyintolerance resources using parameter
customsmartfhir_allergy_intolerance_update
Update an existing fhir allergyintolerance resource by its i
customsmartfhir_appointment_create
Create a new fhir appointment resource to book a patient vis
customsmartfhir_appointment_delete
Delete a fhir appointment resource by its logical id.
customsmartfhir_appointment_read
Retrieve a single fhir appointment resource by its logical i
customsmartfhir_appointment_search
Search for fhir appointment resources using parameters like
customsmartfhir_appointment_update
Update an existing fhir appointment resource by its id, e.g.
customsmartfhir_condition_create
Create a new fhir condition resource representing a diagnosi
customsmartfhir_condition_delete
Delete a fhir condition resource by its logical id.
Build your Agent
Same auth pattern across every framework.
Python · LlamaIndex
from langchain_mcp_adapters.client import MultiServerMCPClient
from scalekit import ScalekitClient

client = ScalekitClient(env_url=ENV_URL, client_id=CLIENT_ID, client_secret=SECRET)
token = client.agent.get_token(user_id="user_id", connector="customsmartfhir")

mcp = MultiServerMCPClient({
"customsmartfhir": {
"url": "https://mcp.scalekit.com/customsmartfhir",
"headers": {"Authorization": "Bearer " + token}
}
})
tools = await mcp.get_tools()
import OpenAI from "openai";
import { ScalekitClient } from "@scalekit-sdk/node";

const client = new ScalekitClient({ envUrl, clientId, clientSecret });
const token = await client.agent.getToken({ userId: "user_id", connector: "customsmartfhir" });

const openai = new OpenAI();
// Connect to MCP at https://mcp.scalekit.com/customsmartfhir
// Pass: Authorization: Bearer + token
import Anthropic from "@anthropic-ai/sdk";
import { ScalekitClient } from "@scalekit-sdk/node";

const client = new ScalekitClient({ envUrl, clientId, clientSecret });
const token = await client.agent.getToken({ userId: "user_id", connector: "customsmartfhir" });

const anthropic = new Anthropic();
// Connect to MCP at https://mcp.scalekit.com/customsmartfhir
// Pass: Authorization: Bearer + token
from google.adk.agents import LlmAgent
from scalekit import ScalekitClient

client = ScalekitClient(env_url=ENV_URL, client_id=CLIENT_ID, client_secret=SECRET)
token = client.agent.get_token(user_id="user_id", connector="customsmartfhir")
# Connect to MCP at https://mcp.scalekit.com/customsmartfhir
# Pass: Authorization: Bearer + token
Try these prompts
Paste any prompt into your agent to get started.
Get started
Copy the prompt
Copied
Create a new FHIR AllergyIntolerance resource recording a patient’s allergy or intolerance to a substance?
Copy the prompt
Copied
Delete a FHIR AllergyIntolerance resource by its logical ID?
Advanced
Copy the prompt
Copied
Retrieve a single FHIR AllergyIntolerance resource by its logical ID?
Copy the prompt
Copied
Search for FHIR AllergyIntolerance resources using parameters like patient, clinical status, type, category, and critica?
SEE HOW AUTH WORKS
User authorises once. Every agent call after uses their token with scope enforcement.
1
Authorize
Your user connects
SMART App on FHIR
once. We tie it to their identity and the meetings they approved — no shared bot account, no org-wide access
Who:
user ‘A’
when:
Once per user
access:
Limited to user
2
Store
Their
SMART App on FHIR
token lives in a vault scoped to them. User A's meetings are never reachable by an agent acting for user B, even on the same connection
vault:
encrypted
scope:
per-user
tokens:
auto-refreshed
3
Resolve
When your agent calls a
SMART App on FHIR
tool, we fetch the right token server-side. It never touches your agent, never appears in the LLM context, never shows up in your logs
speed:
~40ms
check:
before every call
seen by:
nobody
4
Audit
Every
SMART App on FHIR
tool call is logged — who triggered it, which meeting was fetched, what came back. 90 days of history, tied to the user who authorized it
history:
90 days
export:
SIEM-ready
logged:
every call
Test other agents
See the same per-user auth pattern across other connectors.
No items found.
Why Scalekit
Secure your agent's access. Connectors ship in minutes
Other connector libraries treat auth as a demo afterthought.
01.
Shared tokens break per-user analytics
A shared token looks fine in a demo. In production every call looks like a service account. Scalekit resolves the real user credential.
// shared token
audit → bot_service_account

// scalekit
audit → user_abc ✓
02.
Authentication is not authorization
03.
Multi-tenancy is architectural
04.
One connector today. Ten tomorrow.
“Our agents act across Salesforce, Gong, Google Drive, and more, on behalf of every customer. Scalekit behind the scenes meant we can keep adding tools without ever rebuilding how credentials or tool calling work.”
Venu Madhav Kattagoni
Head of Engineering / Von
FAQs
Frequently Asked Questions

Does the agent access SMART App on FHIR as the user or as a shared key?
As the user. Each workspace member authorizes once and Scalekit resolves their credential at request time. Audit logs attribute every action to that user, not a shared service account.

Where is the SMART App on FHIR token stored?
In Scalekit's managed AES-256 token vault, namespaced per tenant. Refresh is automatic. Revocation is a single dashboard action. Tokens never appear in prompts, logs, or LLM context.

Can I limit what the agent is allowed to do in SMART App on FHIR?
Yes. Pass a tool name filter to listScopedTools so the AI agent only sees the subset you authorize. Pre-API-call scope checks block out-of-policy actions before the request reaches SMART App on FHIR.

What happens when a user revokes SMART App on FHIR access?
The connection is invalidated on the next tool call. Subsequent requests for that user fail closed with a clear error. Other users in the tenant remain unaffected. The event is logged for audit.

How is patient data protected under SMART on FHIR?
Every FHIR read and write runs inside the authorizing clinician's SMART scopes, so EHR access rules apply per call. Scalekit vaults the token, enforces scopes pre-call, and logs each access for compliance review.

Start in your coding agent
Up and running in one command
Install the Scalekit skill in your editor of choice. Connector, auth, tools, prompt, all wired up
Claude Code REPL
/plugin marketplace add scalekit-inc/claude-code-authstack
/plugin install agentkit@scalekit-auth-stack
Cursor Code REPL
# ~/.cursor/mcp.json
{
""mcpServers"": {
""customsmartfhir"": {
""url"": ""https://mcp.scalekit.com/customsmartfhir"",
""headers"": { ""Authorization"": ""Bearer $SCALEKIT_TOKEN"" }
}
}
}
Codex Code REPL
# ~/.codex/config.toml
[mcp_servers.customsmartfhir]
url = ""https://mcp.scalekit.com/customsmartfhir""
auth_env = ""SCALEKIT_TOKEN""
Copilot Code REPL
# .vscode/mcp.json
{
""servers"": {
""customsmartfhir"": {
""url"": ""https://mcp.scalekit.com/customsmartfhir"",
""type"": ""http""
}
}
}