• All Files

Data Access through API

After you have uploaded the data to the FHIR server and have created a new authorization client in XEConnect, you can access the data through the OAuth 2.0 API using a client application (for example, a mobile app).

In this sample scenario, you access the patient data through API calls using Postman - a tool that allows you to test calls to APIs.

XES Module for FHIR uses the XEServer profile FHIR Secure Proxy that implements proxy requests to the FHIR server with resource restrictions using the OAuth 2.0 authentication type and ensures that a patient gets access only to the permitted data. The following procedure shows you how to extract resources securely through a patient's authorization client using Postman.

To access data through the API:

  1. In Postman, create a new basic request. For more information, visit the Postman Learning Center.
  2. On the Authorization tab, in TYPE, select OAuth 2.0.
  3. In Add authorization data to, select Request Headers.
  4. On the Headers tab, add a header with a key username and value lara.mirren@domain.com. This value should match the patient's login in the file: {ECRootPath}\repository\User\Crosswalks\XESModuleForFHIR\FHIR-Security\crosswalk_fhir_security.crsw.
  5. Click Get New Access Token.
  6. In GET NEW ACCESS TOKEN, do the following:
    • In Token Name, enter XEConnect
    • In Grant Type, select Client Credentials
    • In Access Token URL, enter https://localhost:18088/oauth/token. The host and the port number are in EAM, in the FHIR Authorization profile. To retrieve them, click Services, click XEConnect, and then click Oauth2 SSL. On the Jetty tab, the host and the port number are displayed in the HTTP options.
    • In Client ID and Client Secret, copy the Client ID and the Client Secret from the client settings in XEConnect Client Management.
    • Leave the Scope field empty. The information on the available scopes is taken from the XEConnect client settings.
    • In Client Authentication, select Send client credentials in body.
    • Click Request Token.
  7. In MANAGE ACCESS TOKENS, click Use Token.
  8. To get the information on resources for a specific patient, select the GET HTTP method, and then enter a request URL. To retrieve the Allergy resource for the patient - Lara Mirren who has the FHIR ID - 22. For this, send the request as follows:

    9. http://localhost:11443/edifecs/fhir/R4/Patient?_id=22&_revinclude=AllergyIntolerance:patient

    where:

    • http://localhost:11443/edifecs/fhir/R4/Patient is a path to the FHIR server for proxy requests. You can find this path in EAM, in the FHIR Secure Proxy profile. In the Proxy FHIR Patient route, click the Proxy Request component, and then on the Settings tab, click the Common tab.
    • id=22 is a FHIR ID of a patient whose data is requested (in this sample scenario, Lara Mirren has the FHIR ID 22, however, you should use the value assigned to Lara Mirren after you uploaded the data). Make sure that the assigned patient ID is added to the crosswalk file that maps this ID to the user name of the patient. The crosswalk file is located at {ECRootPath}\repository\User\Crosswalks\XESModuleForFHIR\FHIR-Security\crosswalk_fhir_security.crsw
    • revinclude=AllergyIntolerance:patient is a parameter that defines the scope of the requested data. Make sure that the requested scope (AllergyIntolerance) is selected in the client settings.
  9. Click Send.
  10. View the response on the Body tab.

The following is a snippet of a sample response:

.......

{

"resourceType": "Bundle",

......

{

"fullUrl": "http://localhost:11443/edifecs/fhir/R4/Patient/22",

"resource": {

"resourceType": "Patient",

"id": "22",

....

"identifier": [

{

"value": "123456"

}

],

"name": [

{

"family": "Mirren",

"given": [

"Lara"

],

.....

"coding": [

{

"system": "L",

"code": "1605",

"display": "AllergenCode/acetaminophen"

}

],

"text": "AllergenCode/acetaminophen"

},

....

You can request any other FHIR resource or a few resources at one go in the same way. For example, use the GET method with the following URL to get the Coverage and EOB resources:

http://localhost:11443/edifecs/fhir/R4/Patient?_id=22&_revinclude=Coverage:patient&_revinclude=ExplanationOfBenefit:patient

Copyright © 2021 Edifecs | www.edifecs.com

Privacy PolicyTerms of UseAbout Us