FHIR Bulk Export System API - Implementation Template
Setup guide
Importing Templates into Anypoint Studio
- In Studio, click the Exchange X icon in the upper left of the taskbar.
- Log in with your Anypoint Platform credentials.
- Search for the template.
- Click Open.
Running Templates in Anypoint Studio
After you import your template into Studio, follow these configuration steps to run it:
Common Configuration
mule.env
- sets the environment where the application is to be deployed. It should be configured inconfig-<mule.env>.yaml
file. For a studio deployment, the recommended mule.env value islocal
.mule.key
- sets the encryption password to be used for encrypting secure properties. Update as needed.api.autoDiscoveryID
should be configured inconfig-<mule.env>.yaml
file.
HTTPS Configuration
https.host
— sets the service host interface. It should be configured inconfig-<mule.env>.yaml
file. (Defaults to 0.0.0.0 for all interfaces)https.port
— sets the service port number. It should be configured inconfig-<mule.env>.yaml
file. (Default 8082)- TLS Configuration - Keystore properties setup:
keystore.alias
- sets the alias to the keystore. It should be configured inconfig-<mule.env>.yaml
file.keystore.path
- sets the path to the key file. Key should be availabe in /src/main/resources/keystore. It should be configured inconfig-<mule.env>.yaml
file.keystore.keypass
— sets keystore keypass to support HTTPS operation. It should be encrypted and configured inconfig-secured-<mule.env>.yaml
file.keystore.password
— sets keystore password to support HTTPS operation. It should be encrypted and configured inconfig-secured-<mule.env>.yaml
file.
Please refer to the attached link on how to generate the Keystore.
HLS FHIR Bulk Export Application Configuration
The application requires a few things to be configured, mainly the FHIR bulk export server connection information. Configure them in the properties file located in the config/properties
folder.
bulk-export-server.protocol
- sets the protocol to be used when connecting to the bulk export server. (http/https) It should be configured inconfig-<mule.env>.yaml
file.bulk-export-server.host
- sets the host name to be used when connecting to the bulk export server. It should be configured inconfig-<mule.env>.yaml
file.bulk-export-server.basePath
- sets the base path string to be used when connecting to the bulk export server. It should be configured inconfig-<mule.env>.yaml
file.bulk-export-server.connectionIdleTimeout
- sets the idle timeout in milliseconds for the bulk export connection. It should be configured inconfig-<mule.env>.yaml
file.bulk-export-server.useAuth
- sets a flag which signals if the app should use authentication or not. (true/false) It should be configured inconfig-<mule.env>.yaml
file.bulk-export-server.tokenurl
- if useAuth is set to 'true' this sets the token URL used with authentication. It should be configured inconfig-<mule.env>.yaml
file.bulk-export-server.reconnection.frequency
- sets the reconnection frequency in milliseconds for the bulk export connection. (2000) It should be configured inconfig-<mule.env>.yaml
file.bulk-export-server.reconnection.attempts
- sets the number of reconnection attempts for the bulk export connection. (2) It should be configured inconfig-<mule.env>.yaml
file.bulk-export-server.clientId
- sets the authentication clientId of the bulk export server. It should be configured inconfig-secure-<mule.env>.yaml
file.bulk-export-server.kid
- sets the authentication kid value of the bulk export server. It should be configured inconfig-secure-<mule.env>.yaml
file.
Please refer to the attached link on how to secure the configuration properties.
Using Authenticated SMART Bulk Data Server
In order to authenticate with the SMART Bulk Data Server a number of steps need to be completed. The following steps will outline how this is accomplished.
Navigate to the server webpage https://bulk-data.smarthealthit.org/. In the Authentication section click the "JWKS" button and click the "Generate" drop down and select "Generate RS384". This will generate new credentials in the text box below. In the "Access Token Lifetime" drop down select "1 hour". At the bottom of the page in the "Launch Configuration" section click the "as JSON" button to save the configuration to file. (Note that this configuration is only good for 1 hour.)
Open up the saved configuration file in a text editor. In the "jwks.keys" section select the key with "key_ops" of "sign" which should be the second one. Copy that key structure and convert from JWK to PEM. Once converted copy the private key text including the begin and end declarations and save it into the project file src/main/resources/smart-bulk-data.private.pem.rsa. For testing purposes, use an online JWK to PEM converter such as the one by 8gwifi.org.
In the project src/main/resources directory, run the following command to convert the RSA key to PKCS for use by the application.
> openssl pkcs8 -topk8 -inform PEM -in smart-bulk-data.private.pem.rsa -out smart-bulk-data.private.pem -nocrypt
In the src/main/resources directory in the config-local.yaml file update the bulk-export-server.basePath to the path provided in the downloaded config file in the "fhir_url" field.
In the src/main/resources directory in the config-secured-local.yaml file update bulk-export-server.clientId with the value from the downloaded config file in the "client_id" field and update the bulk-export-server.kid value with the value from the downloaded config file in the signing key with the "kid" field name.
Run it
- Right-click the template project folder.
- Hover your mouse over 'Run as'.
- Click Mule Application (configure).
- Inside the dialog, select Environment and set the variable mule.env to the appropriate value (e.g., dev or local).
- Inside the dialog, select Environment and set the variable mule.key.
- Inside the dialog, go to
Clear Application Data
selectalways
radio button. - Click Run.
Deployment instructions for CloudHub using provided scripts
Ensure the Maven profile CloudHub-DEV
has been properly configured in your settings.xml
file. Reference can be found by downloading the Accelerator Setup Guide asset. Additional instructions are available in Accelerator Setup Guide - Configuring the Accelerator Build
section.
Update the config-<env>.yaml
properties appropriately and then use one of the following scripts to deploy the application to CloudHub:
- packageDeploy.sh or deployOnly.sh (Mac/Linux)
- packageDeploy.cmd or deployOnly.cmd (Windows)
Test it
- Use Advanced Rest Client or Postman to send a request over HTTPS. The template includes a postman collection in the
src/test/resources
folder. Update the collection variable(s) after successful import.