OpenSeva · Stack API Console

Every endpoint, every role — testable, then MCP-ready

Log in per role, hit every service in the stack (Auth · FHIR DB · Payer · Payment Integrity · Dataset) and every EMR action available to each role (admin · doctor · receptionist · patient) — with the method, URL and JSON payload for each. The same catalog exports as an MCP tool set so Claude Desktop can drive the whole stack in natural language.

1 · Base URLs & login

No token — calls to open services (FHIR/Payer/Integrity) work without one; Auth-admin calls need login.

Dev note: HFS FHIR (8080) and the Payer/Integrity services accept requests without auth. Login matters for /auth/userinfo and /admin/*, and to see the role each account carries.

2 · Who does what (role → actions)

PersonaTypical actionsKey endpoints
PatientLog in, book appointment, view own chart/insurance POST /auth/api/login · POST /Appointment
ReceptionistRegister, verify insurance/eligibility, collect copay GET /Coverage?beneficiary= · POST /api/eligibility
DoctorEncounter, document, prescribe, code the visit POST /Encounter · POST /Observation · POST /MedicationRequest
Admin / BillerBuild + submit claim, read EOB, record copay, manage users POST /api/claims · GET /ClaimResponse/{id} · GET /admin/users
Payer (separate)Adjudicate, run integrity, write EOB POST /api/eligibility · POST /api/check

2b · Inside the EMR — screens & scope per role

The EMR (:3000) is a React app that calls the FHIR DB (:8080) directly with the logged-in user's Bearer token. So every EMR action is a FHIR call, and what the same call is allowed to do is decided by the OAuth scope the auth server mints for the role (auth-server/server.js · scopeForRole). Section 3 lists these per-role actions under the EMR · <role> groups.

RoleEMR menu / screensToken scope (what FHIR allows)
Admin Invoices · Services · Encounters · Patients · Book Appointment · Practitioners · Questionnaires · Forms · Revenue Cycle · Magic Search system/*.cruds — full read/write on everything
Doctor (practitioner) Encounters · Patients · Book Appointment · Questionnaires · Forms · Revenue Cycle (code/draft — cannot submit) user/*.cruds — read/write clinical resources
Receptionist Patients · Scheduling · Book Appointment · Invoices · Medications · Prescriptions · Insurance tab (eligibility/copay). No Revenue Cycle back office. Patient.crus · Appointment.cruds · Practitioner/Schedule/Slot.rs
Patient My chart · Book Appointment · My Invoices (own data only) patient/*.rs — read/search own record only

Note: HFS (8080) runs with auth disabled in dev, so these calls succeed regardless of token — the scope column is what governs them once the Docker/Postgres stack enforces auth. Revenue-cycle fine-grained rights live in fhir-emr/src/services/revenue-cycle/permissions.ts (admin submits; doctor codes but doesn't submit; reception/patient excluded).

3 · Endpoint catalog (click to expand & test)

Tip: click any row to open it, edit the URL/body, and press Send — the response shows inline. Every POST is pre-filled with a runnable example (uses seeded patient-local / cov-patient-local).

4 · Export as MCP tools

This turns the catalog above into a tool manifest. Each endpoint becomes one MCP tool (name, description, HTTP method, URL template, example body). Drop it into a thin MCP server that forwards to these URLs, connect it in Claude Desktop, and you can say "check eligibility for patient-local" or "submit a claim for encounter X to BlueShield" and Claude drives the stack.