Common headers

These platform headers thread identity and EHR credentials through FHIR-touching calls, including tools, agents, the FHIR proxy, and the platform MCP endpoint.

Headers

Authorizationrequired

Bearer token from the auth endpoint. The SDKs attach and refresh it automatically.

X-Phenoml-On-Behalf-Ofoptional

Act in a user context: Patient/{uuid} or Practitioner/{uuid}. Required for patient-facing apps so requests are scoped accordingly.

X-Phenoml-Fhir-Provideroptional

Per-request FHIR provider credentials, formatted as {fhir_provider_id}:{oauth2_token}, for apps where users bring their own EHR tokens instead of stored provider credentials.

POSTHeaders in practice

curl -X POST "https://experiment.app.pheno.ml/tools/lang2fhir-and-search" \
  -H "Authorization: Bearer $PHENOML_TOKEN" \
  -H "X-Phenoml-On-Behalf-Of: Patient/550e8400-e29b-41d4-a716-446655440000" \
  -H "Content-Type: application/json" \
  -d '{ "text": "my appointments next week" }'