top of page


68457539_m CLEAN.jpg

As an application developer, you are required to be familiar with principles for responsible healthcare application development and usage. Consequently, you and all applications you submit must follow all of the developer guidelines listed below. If you or your applications fail to follow these guidelines, or misbehave in any other way, Sabiamed Corporation may revoke your security token and take further actions such as notifying users of your applications of non-compliance, or any other actions deemed necessary until the issue is resolved. If you have reason to believe your application is not fully compliant to these guidelines, have any questions, or need further clarification on any of these guidelines, you may contact us at or write to us at:

  1. Transparency - Your pricing and marketing materials must be clear and consistent. You and your application must provide to end-users clear and accurate financial and licensing terms that will apply to the use of your application. All information you provide about yourself and your application must be accurate and truthful.

  2. Safety - Your application must be designed and implemented to not put patients or application users at risk of harm. You may not use the ClinNext 10 API for any activities that could lead to death, personal injury, cause damage to property, or infringe any laws. Furthermore, your application must adhere to usability standards, specifically safety-enhanced design and accessibility-centered design.

  3. Security - Your application must not pose a direct risk or otherwise increase the risk of a security breach to take place in any system it connects to. Data exchange between your application and ClinNext 10 APIs and between your application and any other third-party system must be secured with industry standard encryption while in transit, and use authentication and authorization protocols. If your application stores data on an end-user’s device, the stored data must be encrypted. Your application must implement and enforce inactivity time-outs. You or your application must not introduce any code of a destructive nature (e.g., malware, viruses, etc.) into any system you or your application connects to. Your API client identifier is given for your exclusive use, and you agree to keep it confidential, and will not disclose it to any third party, or use it for any purpose other than it is intended to.

  4. Privacy - Your application must provide clear and understandable consent for use and give users the ability to decline consent. ClinNext 10 API exclusively relies on OAuth 2.0 and OpenID Connect as the mechanism for authenticating access to patient data through the ClinNext 10 API, and your application must not circumvent the display of any authentication or consent mechanisms from ClinNext 10. You will provide and follow a privacy policy for your application that clearly, accurately, and truthfully describes to your users what data your application collects, and how you intend to use and share this data. Your application must not use, access, or disclose protected health information (PHI) or other patient confidential information in violation of any law or in any manner other than that which the owner of the information has given its informed consent.

  5. Sharing - You may not share the data collected by your application with any third party without the explicit consent of the user of the application and the patient whose data is being shared.

  6. Reliability - Your application must be properly tested and must be stable, predictable, and not negatively impact clinical operations or patient safety for users. Development of your application must be documented and managed in a Quality Management System (QMS) and complaints and defects reported about your application must be managed in a defect tracking system. If you identify a patient-safety, security, data breach, or privacy issue with your application, you must follow your documented complaint process to notify all application users, and immediately contact Sabiamed Corporation to disable your application until you resolve the issue.

  7. Efficiency - Your application is not permitted to generate excessive load on a user’s systems or to cause other systems to behave inaccurately or unexpectedly.

  8. Data Integrity - You and your application must not corrupt or otherwise cause inconsistencies in any data used by your applications.

  9. Verifiability - Sabiamed Corporation may inspect or test your application to verify your compliance with these guidelines and the ClinNext 10 API Terms of Use.

  10. Reciprocity - You will provide API-based access to any data you and your application collect or derive to your users on the same terms as provided in these ClinNext 10 API Developer Guidelines.

Software Components and Configuration

Any entity or organization that is able to place requests using an http client will be able to connect to the ClinNext 10 API by constructing and sending requests as defined in this API documentation page, provided the vetting process has been successfully executed.  Possible responses can be found under the Responses section of each API method.  For information on how to complete the vetting process, please write to

Registration Requirements

Before trying to consume the ClinNext 10 API resources, all clients must have valid credentials which are supplied by the API support team. If the client does not have a valid credential within our Authentication Server, then an application can be submitted to start the review process of the registration. When the review process is finished and the registration is approved, the client will receive an email with the credentials (client identifier and client secret) along with the Authentication Server information and client scopes.

Once the credentials have been granted, the client should proceed with the following steps:

  1. Request access token using the provided credentials

An access token (bearer token) should be requested before trying to consume the API resources. To see the available endpoints you can use the discovery endpoint: https://[FhirServer]/.well-known/smart-configuration

 2. Make a request using the access token to consume an API

Once the access token is obtained, the client will be able to consume the resources of the API. Remember that the access token must be included as part of the header of the request to get a successful response. Otherwise, the API will return a 401 Unauthorized status code.


Note: In order to consume the ClinNext 10 API resources, the clients need to comply with OAuth 2.0 and OpenID Connect standards.

Terms of Use

Application registration is available to you to submit requests using patient-facing API-based applications for use at healthcare organizations using ClinNext 10 API. Approved applications will be able to connect to facilities using 2015 CURES Edition CEHRT certified ClinNext 10 Electronic Health Record (EHR), that have chosen to enable API access to their system. Applications that use other APIs, or that target a different user base (e.g., providers), will follow a different process and different terms may apply. You may use the ClinNext 10 API to develop applications and submit them for evaluation and approval, as long as you abide by the rules below:

  1. You agree to indemnify, hold harmless and defend Sabiamed Corporation, its subsidiaries, and their affiliates, and all of the employees, officers, directors, contractors and other personnel of any of them from and against any claim arising out of or relating to, directly or indirectly, you, any of your applications, or any use of any of your applications.

  2. A unique identifier in the form of a security token will be provided to keep track of which applications are accessing ClinNext 10 APIs. You will be able to connect to ClinNext 10 API using that security token. Sabiamed Corporation might need to suspend or revoke an access token if there are issues, concerns, or there are apparent problems with one of your applications. Should that happen, the broken application will not be able to communicate with ClinNext 10 systems until it is verified that the problem is resolved and verified. Contact ClinNext to work on resolving the problem that led to the revocation of your security token. Since it is possible that your application will be suspended, you will clearly inform users of your application that it might not always be available to them.

  3. Direct access to use ClinNext 10 software or systems is not required to develop or test your application. Development and testing can be accomplished via the API. Your receipt of the development materials and API access does grant you permission to directly access ClinNext 10 software, and systems. Direct access to ClinNext 10 software can only be granted by Sabiamed Corporation.

  4. Applications you submit for evaluation must follow the ClinNext 10 API Development Guidelines below, including documentation of compliance to applicable ONC Certification Criteria.

Developer Guidelines

bottom of page