Interactive sandbox · No login required

The AJ FHIR Platform,
live in your browser.

Test consent enforcement, lab workflows, and referral lifecycles against real SMART on FHIR infrastructure. Toggle values, fire requests, watch the interceptors respond.

Start exploring Open API Console →
See the platform in action
Consent enforcement, lab workflow, referral lifecycle. Interactive. No technical knowledge required.
For evaluators & buyers
Explore the API
Build and fire FHIR requests. Scope enforcement runs before every call. JWT decoder included.
For integration developers
Walk through the protocol
All 34 steps of SMART App Launch v2.2 with annotated HTTP exchanges. For architects and onboarding.
For architects & teams
296+
Tests passing
v2.2
SMART App Launch
FHIR R4
Data standard
RS256
JWT signing
ATNA
IHE audit trail
MIT
Open source
Getting started

How to use this sandbox

Four steps. No account. No setup. Open a page and start.

1
Pick your entry point
Hospital evaluator? Start with Scenarios — it shows the platform's clinical capabilities with zero technical knowledge. Developer? Start with the API Console to fire live requests with scope enforcement.
2
Use the test credentials
Every page uses the same pre-seeded data. Clinician dr.smith, patient P. Kumar, SMART client akhester-smart-client. No registration required.
3
Change values and watch the platform react
In Scenarios: toggle consent from permit to deny, select a different FHIR resource, step through the referral lifecycle. In the Console: change the scope string and see what the interceptor blocks.
4
Check the audit trail
Every interaction writes a FHIR AuditEvent. The audit log at the bottom of the Scenarios page accumulates events for your session. Click any row to see the full IHE ATNA-compliant AuditEvent JSON.
Test credentials
Clinician
dr.smith / sandbox123
Practitioner/dr-smith · Cardiology app access
Patient
ePatient-8675309
P. Kumar · DOB 1985-03-12 · Active consent
SMART Client
akhester-smart-client
Registered · RS256 · Scopes: patient/*.rs
FHIR Base URL
fhir.sandbox.ajfhir.org
Auth: auth.sandbox.ajfhir.org
Encounter
eEnc-001
Cardiology · LDL elevated · Referral pending
These credentials work across all sandbox pages. The Auth Server, HAPI FHIR server, Consent Manager, Referral Module, and SMART Launcher all run on AWS. Every page uses the same seeded patient data.
Platform capabilities

Everything in one sandbox

The AJ FHIR Platform runs end-to-end — auth server, FHIR server, consent enforcement, lab workflow, referral lifecycle, and audit trail. All accessible from your browser.

Infrastructure — running on AWS
Spring Auth Server 1.3
PKCE S256 · RS256 JWT · SMART App Launch v2.2 · 90 tests passing
HAPI FHIR JPA R4
SmartScopeInterceptor · ConsentEnforcementInterceptor · DataInitializer · 206 tests
PostgreSQL + seeded patient data
P. Kumar · Observations · Encounter · Consent resource · ServiceRequest · Task
IHE ATNA audit trail
FHIR AuditEvent written async for every access · queryable via GET /fhir/AuditEvent
Clinical modules — live
Consent enforcement
Toggle permit/deny · block by resource class · live 403 OperationOutcome · GDPR Art.9 · DISHA
Lab workflow
ServiceRequest → Observation × 3 → DiagnosticReport · LOINC codes · dual interceptor checks
Referral lifecycle
Task requested → accepted → completed · JSON-Patch · cross-facility consent · output DiagnosticReport
SMART App Launcher
EHR launch + standalone · real PKCE OAuth flow · scope builder · launch URL constructor