⌘K
Sign upSign in

SMART Health Cards & Links

VCI-compliant health credential verification, SMART Health Link generation, and secure sharing

SMART Health Cards (SHC)

Verifiable Clinical Information (VCI) compliant digital health credentials. Supports vaccination records, lab results, insurance cards, and clinical summaries.

Verification Pipeline

1

JWS Validation

Parse compact JWS, validate header (alg: ES256, zip: DEF)

2

Signature Verification

Fetch issuer JWKS, verify ES256 signature against public key

3

Issuer Whitelisting

Validate issuer against approved VCI Directory entries

4

Timing Validation

Check exp (expiration) and nbf (not-before) claims

5

Payload Extraction

Decompress DEFLATE payload, parse FHIR Bundle

6

Resource Validation

Validate FHIR resources against SHC profiles

7

Deterministic Storage

Store verification outcome with audit trail

SMART Health Links (SHL)

Shareable, privacy-preserving links to health credentials. Recipients can access shared health data via URL or QR code.

SHL Features

ExpirationConfigurable link expiration (ISO 8601)
Passcode ProtectionOptional passcode for access control
QR Code GenerationAutomatic shlink:/ QR code data
Single-UseOptional one-time access restriction

Create SMART Health Link

POST /api/smart-health-links/create
Authorization: Bearer {token}
Content-Type: application/json

{
  "verification_ids": ["shc_v_abc123"],
  "label": "My Vaccination Records",
  "expiration": "2026-12-31T23:59:59Z",
  "passcode_required": true,
  "single_use": false
}

Response

{
  "shl_id": "shl_xyz789",
  "url": "https://api.parkerapex.com/shl/xyz789",
  "qr_code_data": "shlink:/eyJhbGciOiJIUzI1...",
  "expires_at": "2026-12-31T23:59:59Z",
  "passcode_required": true,
  "single_use": false,
  "created_at": "2026-04-09T12:00:00Z"
}

Verification Modes

strictProduction

Production — Rejects all invalid/expired cards. Required for clinical use.

warn

Development — Accepts cards with warnings. Logs verification failures.

disabled

Testing — Skips all verification. For local development only.

SMART Health API Endpoints

All endpoints return 200 — production operational

POST
/api/smart-health-cards/ingestBearer

Verify & Ingest SMART Health Card

200ms/500ms30/min200
GET
/api/smart-health-cards/verificationBearer

Get Verification Status

45ms/120ms120/min200
POST
/api/smart-health-links/createBearer

Create SMART Health Link

150ms/400ms20/min201
GET
/api/smart-health-links/{shl_id}

Resolve SMART Health Link

100ms/280ms30/min200

Integration Example

Ingest & Verify SMART Health Card

// Submit a SMART Health Card for verification
const response = await fetch('https://api.parkerapex.com/api/smart-health-cards/ingest', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer ${token}'
  },
  body: JSON.stringify({
    jws: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiIs...',
    note: 'COVID-19 vaccination record'
  })
})

const result = await response.json()
// { accepted: true, status: "accepted", verification_id: "shc_v_abc123", ... }