Epic Sandbox

Epic provides a non-production FHIR sandbox at fhir.epic.com. A free developer account gives access to test patients, test practitioners, and the full Epic SMART handshake.

Setup

Register at fhir.epic.com → My Apps → Create app
Copy your client_id into application.yml
Set the redirect URI to http://localhost:8080/callback (non-production allows localhost)

Configure

smart:
  epic:
    client-id:    "your-epic-client-id"
    redirect-uri: "http://localhost:8080/callback"
    scopes:       "launch openid fhirUser patient/Patient.rs patient/Condition.rs patient/MedicationRequest.rs"

Run

mvn test -Pepic

EpicSandboxIT is a manual checklist test — it launches a browser to the Epic authorization page. Follow the prompts:

Log in with Epic sandbox credentials (from your developer account)
Select a test patient
Approve the requested scopes
Verify the dashboard renders with patient data

Test checklist

Launch from Epic sandbox triggers discovery
Authorization redirect includes aud=iss
Token response includes patient, encounter, need_patient_banner
id_token validates (RS256, iss, aud, nonce)
/api/patient returns FHIR Patient resource
/api/conditions returns Bundle of Conditions
Token refreshes before expiry (wait > 58 min or use short-lived test token)
Session expiry warning appears at 2 minutes remaining
Logout invalidates session

← SMART Sandbox

Epic Sandbox

Setup​

Configure​

Run​

Test checklist​

Setup

Configure

Run

Test checklist