FHIR Conformance Profile
CONTRACT tier required
The FHIR conformance profile is available on CONTRACT tier accounts only. This profile requires the fhir_conformance entitlement. Contact your account manager to enable it. See plan availability and pricing.
The FHIR (Fast Healthcare Interoperability Resources) conformance profile verifies that your FHIR R4/R4B API meets baseline security and schema requirements. APIContext runs conformance checks against your API responses on every monitor run.
What it checks
The FHIR profile verifies:
| Check | Description |
|---|---|
| TLS / SMART-on-FHIR transport | Requests must use HTTPS; SMART-on-FHIR OAuth flows are verified |
| Content-Type | Responses must return application/fhir+json or application/fhir+xml |
| Resource schema | Response body is a valid FHIR resource (validates resourceType, required fields) |
| OperationOutcome handling | Errors are returned as OperationOutcome resources, not generic HTTP error bodies |
| Security labels | Resources include required sensitivity labels where mandated by the profile |
Enabling the profile
- Go to Project Settings → Conformance.
- Under Security Profiles, select FHIR.
- Save changes. The profile applies to all monitors in the project on the next run.
Interpreting results
Conformance results appear in INVESTIGATE → Conformance. Each failed check shows:
- The specific rule that was not met
- The response value that failed the check
- A reference to the FHIR specification section
See also
- Conformance overview — how conformance monitoring works
- Security profiles overview — all available profiles
- UK Open Banking Conformance — related financial profile