Get started with Azure API for FHIR

Important

Azure API for FHIR will be retired on September 30, 2026. Follow the migration strategies to transition to Azure Health Data Services FHIR service by that date. Due to the retirement of Azure API for FHIR, new deployments won't be allowed beginning April 1, 2025. Azure Health Data Services FHIR service is the evolved version of Azure API for FHIR that enables customers to manage FHIR, DICOM, and MedTech services with integrations into other Azure services.

This article outlines the basic steps to get started with Azure API for FHIR. Azure API for FHIR is a managed, standards-based, compliant API for clinical health data that enables solutions for actionable analytics and machine learning.

As a prerequisite, you'll need an Azure subscription and have been granted proper permissions to create Azure resource groups and deploy Azure resources. If you don't have an Azure subscription, create a free account before you begin.

Screenshot of Azure API for FHIR flow diagram.

Create Azure resource

To get started with Azure API for FHIR, you must create a resource in the Azure portal. Enter Azure API for FHIR in the Search services and marketplace box.

Screenshot of the Azure search services and marketplace text box.

After you’ve located the Azure API for FHIR resource, select Create.

Screenshot of the create Azure API for FHIR resource button.

Deploy Azure API for FHIR

Refer to the steps in the Quickstart guide for deploying an instance of Azure API for FHIR using the Azure portal. You can also deploy an instance of Azure API for FHIR using PowerShell, CLI, and an ARM template.

Accessing Azure API for FHIR

When you're working with healthcare data, it's important to ensure that the data is secure, and it can't be accessed by unauthorized users or applications. FHIR servers use OAuth 2.0 to ensure this data security. Azure API for FHIR is secured using Microsoft Entra ID, which is an example of an OAuth 2.0 identity provider. Microsoft Entra identity configuration for Azure API for FHIR provides an overview of FHIR server authorization, and the steps needed to obtain a token to access a FHIR server. While these steps apply to any FHIR server and any identity provider, this article will walk you through Azure API for FHIR as the FHIR server and Microsoft Entra ID as our identity provider. For more information about accessing Azure API for FHIR, see Access control overview.

Access token validation

How Azure API for FHIR validates the access token will depend on implementation and configuration. The article Azure API for FHIR access token validation will guide you through the validation steps, which can be helpful when troubleshooting access issues.

Register a client application

For an application to interact with Microsoft Entra ID, it needs to be registered. In the context of the FHIR server, there are two kinds of application registrations:

  • Resource application registrations
  • Client application registrations

For more information about the two kinds of application registrations, see Register the Microsoft Entra apps for Azure API for FHIR.

Configure Azure RBAC for FHIR

The article Configure Azure RBAC for FHIR, describes how to use Azure role-based access control (Azure RBAC) to assign access to the Azure API for FHIR data plane. Azure RBAC is the preferred method for assigning data plane access when data plane users are managed in the Microsoft Entra tenant associated with your Azure subscription. If you're using an external Microsoft Entra tenant, refer to the local RBAC assignment reference.

Next steps

This article described the basic steps to get started using Azure API for FHIR. For more information about Azure API for FHIR, see

FHIR® is a registered trademark of HL7 and is used with the permission of HL7.