Set up Aidbox with Postman
This tutorial will guide you through the process of setting up and using Postman with Aidbox for API testing and development.
Prerequisites
- Aidbox instance up and running. You can run Aidbox locally or in the Health Samurai sandbox.
- Postman installed on your computer
- Basic understanding of REST APIs and FHIR
Step 1: Create a Client in Aidbox
First, you need to create a client in Aidbox that will be used for authentication. You can do this through the Aidbox UI or by making a direct API call.
{
"resourceType": "Client",
"id": "postman",
"secret": "secret",
"grant_types": ["basic"]
}
POST /fhir/Client
Content-Type: application/json
{
"resourceType": "Client",
"id": "postman",
"secret": "secret",
"grant_types": ["basic"]
}
Step 2: Create Access Policy
Create an access policy to define what operations your Postman client can perform. While Aidbox supports multiple engines (matcho, json-schema, and others), we'll use the simplest allow engine.
{
"resourceType": "AccessPolicy",
"engine": "allow",
"id": "postman-access-policy",
"link": [
{
"id": "postman",
"resourceType": "Client"
}
]
}
POST /fhir/AccessPolicy
Content-Type: application/json
{
"resourceType": "AccessPolicy",
"engine": "allow",
"id": "postman-access-policy",
"link": [
{
"id": "postman",
"resourceType": "Client"
}
]
}
Step 3: Set up Postman
- Open Postman and create a new request
- Configure Authorization using
-
Select Auth Type
Basic Auth -
Specify Username as
postmanand Password assecret\.avif)
Postman
-
- Set the request method to GET
- Set the URL to
{{base_url}}/fhir/Patient - Add the following header:
Content-Type: application/json
- Run query
Debugging Tips
- Check the response headers for additional information about the request processing
- If you get a 401 Unauthorized error:
- Verify your client credentials
- Check that your access policy is correctly configured