Skip to main content
Use this retrieval method when the decoded SMART Health Link (SHLink) payload contains the U flag. In this mode, the receiving system retrieves the encrypted payload directly using an HTTP GET request. The retrieval URL is provided inside the decoded SHLink payload. The receiving system performs a GET request to that URL and must include the recipient query parameter identifying the requesting organization. This follows the SMART Health Link direct file retrieval protocol (U flag).

Endpoint

GET {SHLink URL}?recipient={organization-name}
The SHLink URL comes from the decoded SHLink payload’s url field. The receiving system appends the required recipient query parameter when making the request. After decoding the SHLink, the EHR receives a JSON payload containing the retrieval URL and encryption metadata. 
{
  "url": "https://haau3.com/api/shl/d/NkXSIk-jfAINlAP41k8LShDGcHd6dfLgXYZUj53Gkps",
  "flag": "U",
  "key": "rxTgYlOaKJPFtcEd0qcceN8wEU4p94SqAwIWQe6uX7Q",
  "label": "Health summary"
}
The EHR extracts the url value and performs a GET request to retrieve the encrypted payload.

Query parameters

recipient
string
required
Name of the healthcare organization requesting the payload. This value is recorded in the patient application’s audit log.

cURL example

curl \
  --request GET \
  --url "https://haau3.com/api/shl/d/NkXSIk-jfAINlAP41k8LShDGcHd6dfLgXYZUj53Gkps?recipient=Verona+Health+System" \
  --header "Accept: application/jose"

Responses

HTTP/1.1 200 OK
Content-Type: application/jose
Cache-Control: no-store

<encrypted JWE compact serialization>
The 200 response body is an encrypted JWE. Decrypt it with the key from the SHLink payload to obtain the FHIR bundle. See Bundle & artifact reference.