Set up Aidbox with Postman

This tutorial will guide you through the process of setting up and using Postman with Aidbox for API testing and development.

Prerequisites

Aidbox instance up and running. You can run Aidbox locally or in the Health Samurai sandbox.
Postman installed on your computer
Basic understanding of REST APIs and FHIR

Step 1: Create a Client in Aidbox

First, you need to create a client in Aidbox that will be used for authentication. You can do this through the Aidbox UI or by making a direct API call.

 {
  "resourceType": "Client",
  "id": "postman",
  "secret": "secret",
  "grant_types": ["basic"]
}

Step 2: Create Access Policy

Create an access policy to define what operations your Postman client can perform. While Aidbox supports multiple engines (matcho, json-schema, and others), we'll use the simplest allow engine.

{
 "resourceType": "AccessPolicy",
 "engine": "allow",
 "id": "postman-access-policy",
 "link": [
   {
     "id": "postman",
     "resourceType": "Client"
   }
 ]
}

POST /fhir/AccessPolicy
Content-Type: application/json

{
 "resourceType": "AccessPolicy", 
 "engine": "allow",
 "id": "postman-access-policy",
 "link": [
   {
     "id": "postman",
     "resourceType": "Client"
   }
 ]
}

Step 3: Set up Postman

1.
Open Postman and create a new request
2.
Configure Authorization using
1. 1.
  Select Auth Type Basic Auth
2. 2.
  Specify Username as postman and Password as secret \
  Postman
3.
Set the request method to GET
4.
Set the URL to {{base_url}}/fhir/Patient
5.
Add the following header:
- Content-Type: application/json
6.
Run query

Debugging Tips

1.
Check the response headers for additional information about the request processing
2.
If you get a 401 Unauthorized error:
- Verify your client credentials
- Check that your access policy is correctly configured

Additional Resources

Overview

Access Policies

AccessPolicy best practices

Last updated: 2025-12-05T13:53:00Z