Skip to main content

Documentation Index

Fetch the complete documentation index at: https://help.elationhealth.com/llms.txt

Use this file to discover all available pages before exploring further.

Beta Feature: User impersonation is currently in closed beta and available to select customers only.
User impersonation allows a service account to make API requests on behalf of a specific user within your practice. This is useful for integrations that need to perform actions — such as creating visit notes or orders — attributed to a particular physician or staff member rather than the service account itself.

How it works

Include the X-On-Behalf-Of header on any API request, set to the numeric id of the user you want to act as. The request will be processed as if that user made it. If the header is omitted, the request proceeds normally under the service account identity. 
POST /api/2.0/visit_notes/
Authorization: Bearer YOUR_ACCESS_TOKEN
X-On-Behalf-Of: 342

Requirements

  • Your token must include the act_as_user scope and at least one resource scope (e.g. apiv2 or system/visit_notes.write). The act_as_user scope enables impersonation but does not grant access to data on its own. See Token Scopes for details on requesting scopes.
  • The user specified must belong to a practice your token is authorized for.
  • The user must be active.

Finding a user’s ID

The X-On-Behalf-Of header accepts the numeric id from the Users API, which covers both user types (physicians and office staff): 
{
  "id": 342,
  "first_name": "Gary",
  "last_name": "Leung",
  "user_type": "physician",
  "is_active": true,
  ...
}
Note for physician lookups via the Physicians API: The physician object exposes two ID fields — id (a large physician record identifier) and user_id. If looking up providers via the Physicians API, use user_id, not id.

Errors

ConditionResponse
Token missing act_as_user scope401 Token does not have act_as_user scope
User not found or not in an authorized practice401 On-behalf-of user not found or not authorized