Glossary
What is FHIR Subscription?
A FHIR Subscription is a resource that tells a FHIR server to deliver a notification when resources matching a search expression are created or updated.
In context
A Subscription is itself a FHIR resource. It carries a criteria expression (a FHIR REST search that describes which resources it cares about) and a channel (the delivery transport, such as a webhook or email). The server evaluates each create or update against active subscriptions and pushes a notification to the configured channel.
Subscriptions are not an authorisation boundary on their own. The consumer still needs credentials to fetch the referenced resources, and the server's authorisation rules still apply on those reads. A subscription that fires for a resource the consumer cannot read is a misconfiguration, not a privilege escalation.
How Fire Arrow handles it
Fire Arrow Server supports REST hook, email, WebSocket, and Azure Storage Queue channels. Permission to create a subscription is itself an authorisation decision, so applications cannot subscribe to events they would not be allowed to read. Combined with care-plan-driven Tasks, subscriptions form the notification backbone for patient-reported outcomes, remote monitoring, and care-coordination workflows.
