Exposing Available Operations for a Server

Our FHIR server has several different supported operations, but whether or not a client can invoke each operation is dependent the member’s insurance plan. As a result, a client may be able to only use some of the FHIR server’s operations but not all of them.

We would like to have a way for a client to know what operations they can execute. I have looked into creating a CapabilityStatement, but the purpose of a CapabilityStatement is to list all of the possible operations of a FHIR server, and also be publicly exposed. We would like to provide a specific list of operations that will work for the requesting client (and not a full list of operations that the server supports). Is there anything in the FHIR spec that would satisfy what we are looking for?

You can return a user specific CapabilityStatement when an authenticated request is made. Or else, I’ve seen users set up microservices - a service end point specific for a particular OAuth session, or some variant of that

1 Like

Thank you for this suggestion, Graham!