Skip to main content

Documentation Index

Fetch the complete documentation index at: https://developer.eka.care/llms.txt

Use this file to discover all available pages before exploring further.

Overview

The ABDM Records module is a plug-and-play UI widget that enables your application to request, track, and act on ABDM (Ayushman Bharat Digital Mission) health data consents on behalf of your patients. When a patient approves a consent request, the View button becomes available — your application is then responsible for fetching and rendering the records by calling Eka’s APIs.

How It Works

1

Embed the widget

Load the ABDM Records widget inside your application by rendering it in an <iframe> or a dedicated route, passing required URL parameters.
2

Request consent

On click of Request Consent inside the widget, selects the date range, expiry, purpose, and record types, then submits the form.
3

Patient approves

The patient receives a notification on their ABHA-linked app and either grants or denies the request.
4

Records arrive in your backend

When the patient grants consent, Eka’s ABDM gateway delivers the medical records to your registered callback/backend endpoint.
5

Your app shows the records

The consent row updates to Success. When View is clicked, the widget opens your consent-view URL — a records page you build and host — passing consent_id as a query param. That page calls the Consent Details API to get the approved care contexts, then calls the Retrieve Health Records API for each care context to fetch the FHIR bundles, and renders them.

Integration

Embedding the widget

Render the widget inside an <iframe> (or directly in a React shell) and pass the required query parameters in the src URL. Add the following HTML and script tags to your webpage:
For staging/dev environments, replace url with:
<iframe
  src="https://abdm.dev.eka.care/abdm-records/index.html?abha=USER_ABHA_ID&oid=PATIENT_OID&cid=CLINIC_ID&consent-view=https://yourapp.com/records&token=YOUR_GENERATED_ACCESS_TOKEN"
  width="100%"
  height="100%"
  frameborder="0"
/>

URL parameters

ParameterRequiredDescription
abhaYesPatient’s ABHA address (e.g. user@abdm)
oidYesPatient’s internal OID in your system
cidYesYour clinic / HIU identifier registered with ABDM
consent-viewYesBase URL of your application’s records page. When View is clicked, the widget appends consent_id and abha as query params and opens this URL — your page then calls the Consent Details API and Retrieve Health Records API to fetch and display the records
tokenYesShort-lived Bearer token used to authenticate API calls to Eka’s backend. Pass the raw access token value — do not include the Bearer prefix
Tokens are short-lived. Generate a fresh token on each widget load from your backend and never expose long-lived credentials in the browser. Instead of route usage of iframe is preferred as it doesn’t expose the token in the URL bar and allows better control over token refresh and security.
Click the Request Consent button in the top-right corner of the widget header. A modal will open with the following fields:

Request modal fields

FieldDescriptionDefault
Request ToPatient’s ABHA address (pre-filled, read-only)From abha param
Records FromDate range of records to fetch — choose a preset (Last 3 / 6 / 12 months) or set a custom rangeLast 6 months to today
Shared Records Will Expire InHow long the granted consent stays valid6 months
Purpose (Advanced)Reason for requesting recordsCare management
Medical Record Type (Advanced)Types of records to includeAll types

Available record types

  • OPConsultation
  • Prescription
  • DischargeSummary
  • DiagnosticReport
  • ImmunizationRecord
  • HealthDocumentRecord
  • WellnessRecord

Available purposes

  • Care management
  • Public Health
  • Disease Specific Health Research
After filling in the details, click Request Medical Records. A confirmation screen appears:
“Your request for medical records has been sent. You can see the medical records once the patient approves your request.”
Click Check Request Status to return to the consent history table.
The widget’s main screen shows a table of all consent requests for the patient. Each row represents one consent and includes:
ColumnDescription
Consent IDUnique identifier for the consent
Requested OnDate the consent was requested
Last UpdatedDate the consent status last changed
Shared ForDate range of records covered by the consent
Expires InDays remaining before the consent expires
StatusCurrent state of the consent (see below)
ActionView button — only visible when status is Success
Each consent request transitions through a lifecycle. The table shows a color-coded status badge for each row.

Status reference

Status badgeInternal valueMeaning
🟢 SuccessGRANTEDThe patient approved the consent. The View action is now available — use it to fetch and display the records via the Consent Details API and Retrieve Health Records API.
🟡 PendingREQUESTEDThe consent request has been sent to the patient and is awaiting their decision.
🔴 DeniedDENIEDThe patient explicitly rejected the consent request.
🔴 RevokedREVOKEDThe patient previously granted consent but has since revoked it.
🔴 ExpiredEXPIREDThe consent was granted but the expiry period has passed.
Only Success consents have records associated with them. For all other statuses, no records will be available in your backend.

Viewing Records (Your Responsibility)

The widget manages the consent lifecycle only — it does not fetch or render medical record content. When a consent reaches Success state, a View button appears. Clicking it hands control over to a records page that you build, host, and deploy. The consent-view parameter you pass when embedding the widget is the URL of your own hosted records page. When View is clicked, the widget opens that URL in a new tab and appends consent_id and abha as query parameters: 
{consent-view}?consent_id={consentId}&abha={abhaAddress}
Example: 
https://yourapp.com/records?consent_id=abc-123-xyz&abha=user@abdm
The widget opens this URL in a new tab. If the browser blocks the popup, it falls back to navigating the current tab.

What your records page must do

Once your page receives the consent_id, follow this flow:
1

Call the Consent Details API

Use the consent_id to call the Consent Details API. The response returns the list of approved facilities and their associated care_context entries.
2

Fetch records for each care context

For each care_context returned, call the Retrieve Health Records API. This returns a raw FHIR bundle containing the patient’s health records for that care context.
3

Render the FHIR bundles

Display the FHIR data in your application’s UI. See the rendering options below.

Building your FHIR renderer

You have two options for rendering the FHIR bundles: Option 1 — Build your own renderer Parse and display the FHIR resources directly in your existing application UI. This gives you full control over the layout and presentation. Option 2 — Use FHIR Prism (recommended) FHIR Prism is an open-source FHIR rendering codebase maintained by Eka Care. It is not a hosted service — it is a codebase you clone, customise if needed, and deploy as your own web application. Once deployed, that URL becomes your consent-view value. To get started with FHIR Prism:
  1. Clone github.com/eka-care/fhir-prism
  2. Customise the rendering as needed for your application
  3. Deploy it to your own infrastructure
  4. Pass the deployed URL as the consent-view parameter when embedding the widget
The consent-view URL must be a page you own and host — the widget simply redirects to it. Fetching records via the Consent Details API and Retrieve Health Records API, and rendering the FHIR data, is entirely your responsibility.

API Reference

The widget communicates with Eka’s backend using the following endpoints. All requests include your token as a Bearer token in the Authorization header.
MethodEndpointPurpose
POST/abdm/v1/consents/listFetch the consent history for a patient
POST/abdm/v1/consents/createSubmit a new consent request
POST/abdm/v1/consents/detailsFetch details of a specific consent
Base URLs:
EnvironmentBase URL
Productionhttps://api.eka.care
Developmenthttps://api.dev.eka.care

Frequently Asked Questions

The View action only appears for consents with Success (GRANTED) status. Ensure the patient has approved the request and the table has refreshed.
OPConsultation, Prescription, DischargeSummary, DiagnosticReport, ImmunizationRecord, HealthDocumentRecord, and WellnessRecord. You can select one or more when requesting consent.