Epic February 2026's FHIR R4 behavior, fetched 2026-04-26 from the Epic public sandbox. 189 element-level deviations from US Core 6.1, 10 resource types probed for search-param subsets, OperationOutcome example responses, OAuth/SMART specifics, pagination behavior, reference resolution sampling, and bulk export kickoff status — every claim source-cited with verbatim quote and verification date.
Client credentials JWT alg: RS384. JWKS hosting required (hosted, not embedded). Scopes format: SMART v1. Authorize endpoint at /oauth2/authorize, token at /oauth2/token. Phase A finding from the published CapabilityStatement.rest[0].security — declared OAuth + SMART-on-FHIR + Basic.
Verbatim error response bodies for unknown resource types, not-found resource IDs, and invalid bearer tokens. Vendor-specific extensions and OID-coded errors — what your error-handling code has to actually parse.
189 path-level rows with expected vs. observed, multi-patient evidence (matches-everywhere, missing-everywhere, per-patient), and source citations. Filterable by category and substring on the page.
Compatible with Epic's published FHIR R4 CapabilityStatement (Epic February 2026 release). Not affiliated with or endorsed by Epic Systems Corporation. Trademarks used for identification only. Build against this overlay without a partner contract via Studio.