FHIR Bulk Export System API - Implementation Template

Importing Templates into Anypoint Studio

1. In Studio, click the Exchange X icon in the upper left of the taskbar.
2. Log in with your Anypoint Platform credentials.
3. Search for the template.
4. Click Open.

Running Templates in Anypoint Studio

After you import your template into Studio, follow these configuration steps to run it:

Common Configuration

• mule.env - sets the environment where the application is to be deployed. It should be configured in config-<mule.env>.yaml file. For a studio deployment, the recommended mule.env value is local.
• mule.key - sets the encryption password to be used for encrypting secure properties. Update as needed.
• api.autoDiscoveryID should be configured in config-<mule.env>.yaml file.

HTTPS Configuration

• https.host — sets the service host interface. It should be configured in config-<mule.env>.yaml file. (Defaults to 0.0.0.0 for all interfaces)
• https.port — sets the service port number. It should be configured in config-<mule.env>.yaml file. (Default 8082)
• TLS Configuration - Keystore properties setup:
  • keystore.alias - sets the alias to the keystore. It should be configured in config-<mule.env>.yaml file.
  • keystore.path - sets the path to the key file. Key should be availabe in /src/main/resources/keystore. It should be configured in config-<mule.env>.yaml file.
  • keystore.keypass — sets keystore keypass to support HTTPS operation. It should be encrypted and configured in config-secured-<mule.env>.yaml file.
  • keystore.password— sets keystore password to support HTTPS operation. It should be encrypted and configured in config-secured-<mule.env>.yaml file.

Please refer to the attached link on how to generate the Keystore.

HLS FHIR Bulk Export Application Configuration

The application requires a few things to be configured, mainly the FHIR bulk export server connection information. Configure them in the properties file located in the config/properties folder.

• bulk-export-server.protocol - sets the protocol to be used when connecting to the bulk export server. (http/https) It should be configured in config-<mule.env>.yaml file.
• bulk-export-server.host - sets the host name to be used when connecting to the bulk export server. It should be configured in config-<mule.env>.yaml file.
• bulk-export-server.basePath - sets the base path string to be used when connecting to the bulk export server. It should be configured in config-<mule.env>.yaml file.
• bulk-export-server.connectionIdleTimeout - sets the idle timeout in milliseconds for the bulk export connection. It should be configured in config-<mule.env>.yaml file.
• bulk-export-server.useAuth - sets a flag which signals if the app should use authentication or not. (true/false) It should be configured in config-<mule.env>.yaml file.
• bulk-export-server.tokenurl - if useAuth is set to 'true' this sets the token URL used with authentication. It should be configured in config-<mule.env>.yaml file.
• bulk-export-server.reconnection.frequency - sets the reconnection frequency in milliseconds for the bulk export connection. (2000) It should be configured in config-<mule.env>.yaml file.
• bulk-export-server.reconnection.attempts - sets the number of reconnection attempts for the bulk export connection. (2) It should be configured in config-<mule.env>.yaml file.
• bulk-export-server.clientId - sets the authentication clientId of the bulk export server. It should be configured in config-secure-<mule.env>.yaml file.
• bulk-export-server.kid - sets the authentication kid value of the bulk export server. It should be configured in config-secure-<mule.env>.yaml file.

Please refer to the attached link on how to secure the configuration properties.

Using Authenticated SMART Bulk Data Server

In order to authenticate with the SMART Bulk Data Server a number of steps need to be completed. The following steps will outline how this is accomplished.

1. Navigate to the server webpage https://bulk-data.smarthealthit.org/. In the Authentication section click the "JWKS" button and click the "Generate" drop down and select "Generate RS384". This will generate new credentials in the text box below. In the "Access Token Lifetime" drop down select "1 hour". At the bottom of the page in the "Launch Configuration" section click the "as JSON" button to save the configuration to file. (Note that this configuration is only good for 1 hour.)

2. Open up the saved configuration file in a text editor. In the "jwks.keys" section select the key with "key_ops" of "sign" which should be the second one. Copy that key structure and convert from JWK to PEM. Once converted copy the private key text including the begin and end declarations and save it into the project file src/main/resources/smart-bulk-data.private.pem.rsa. For testing purposes, use an online JWK to PEM converter such as the one by 8gwifi.org.

3. In the project src/main/resources directory, run the following command to convert the RSA key to PKCS for use by the application.

   > openssl pkcs8 -topk8 -inform PEM -in smart-bulk-data.private.pem.rsa -out smart-bulk-data.private.pem -nocrypt

4. In the src/main/resources directory in the config-local.yaml file update the bulk-export-server.basePath to the path provided in the downloaded config file in the "fhir_url" field.

5. In the src/main/resources directory in the config-secured-local.yaml file update bulk-export-server.clientId with the value from the downloaded config file in the "client_id" field and update the bulk-export-server.kid value with the value from the downloaded config file in the signing key with the "kid" field name.

Run it

1. Right-click the template project folder.
2. Hover your mouse over 'Run as'.
3. Click Mule Application (configure).
4. Inside the dialog, select Environment and set the variable mule.env to the appropriate value (e.g., dev or local).
5. Inside the dialog, select Environment and set the variable mule.key.
6. Inside the dialog, go to Clear Application Data select always radio button.
7. Click Run.

Deployment instructions for CloudHub using provided scripts

Ensure the Maven profile CloudHub-DEV has been properly configured in your settings.xml file. Reference can be found by downloading the Accelerator Setup Guide asset. Additional instructions are available in Accelerator Setup Guide - Configuring the Accelerator Build section.

Update the config-<env>.yaml properties appropriately and then use one of the following scripts to deploy the application to CloudHub:

• packageDeploy.sh or deployOnly.sh (Mac/Linux)
• packageDeploy.cmd or deployOnly.cmd (Windows)

Test it

• Use Advanced Rest Client or Postman to send a request over HTTPS. The template includes a postman collection in the src/test/resources folder. Update the collection variable(s) after successful import.