User authorization is required for all consent operations (approve, deny, revoke).
HIU: Requesting Health Data
An HIU initiates the flow by creating a consent request. The patient receives it on their PHR app and acts on it.Create a consent request
Use the Create Consent API to raise a request for a patient’s health records. The request specifies the patient’s ABHA address, the purpose, the date range of records needed, and the HIPs to fetch from.
Patient approves the request
The patient receives the request on their PHR app and approves it. Once approved, EKA handles all the ABDM gateway callbacks required to trigger data fetch from the HIP — no action needed on your side.
Receive the health data
Once the HIP pushes the data, it is delivered to you in one of two ways depending on how your integration is set up:If you manage data on your side:
You receive the
abha.hiu_data_push webhook with the encrypted FHIR bundle and key_information needed to decrypt it. Set up your HIU public keyset using the Update Keyset API — EKA shares this with the HIP so they can encrypt the data for you.abha.hiu_data_push webhook →If EKA stores the data:
Call the Retrieve Health Records API with the care_context_id as the identifier. Get the care_context_id from the Consent Details API after approval.Patient / PHR App: Managing Consent
From the patient’s side, consent requests arrive and can be approved, denied, or revoked at any time.List consent requests
Use the List Consents API to fetch all pending and past consent requests for the patient.
Approve a request
Use the Approve Consent API. You need to provide the consent ID, the care contexts to share, and the HIP details.On approval, ABDM generates consent artefacts — one per HIP involved. These artefacts authorize the HIU to fetch records from those HIPs.
Deny a request
Use the Deny Consent API with the consent ID and a reason.
Revoke a granted consent
Use the Revoke Consent API with the consent artefact ID to revoke access for a specific HIP.