Integrate Healthcare API with API Gateway for SMART-ON-FHIR

Google Cloud API Gateway is a fully managed service that makes it easy to publish, secure, monitor, and manage APIs. Google Cloud Healthcare API is a RESTful API that provides access to healthcare data. By integrating API Gateway with Healthcare API, you can securely expose Healthcare API endpoints to your developers and applications and easily integrate them with SMART-ON-FHIR UI.

Prevalent ways to expose Healthcare API endpoints are:
1) Apigee Integration
2) API Gateway Integration

We have existing documentation on Apigee Integration with Healthcare API. In this blog, we’ll discuss API Gateway Integration, which is more cost-effective but offers less customization. The blog Addressing your API use cases, can help you decide which service is right for your use case.

API Gateway also provides a number of security features that can help you to protect your Healthcare API endpoints. These features include:

• API Keys: API Keys can be used to authenticate requests to your Healthcare API endpoints.
• OAuth 2.0: OAuth 2.0 is a popular authorization framework that can be used to authenticate requests to your Healthcare API endpoints.
• JWT: JWT is a lightweight token format that can be used to authenticate requests to your Healthcare API endpoints.
• Improved performance: The API Gateway instance can be used to cache requests to the Google Cloud Healthcare API. This can improve the performance of the SMART-ON-FHIR app by reducing the number of requests that need to be made to the Google Cloud Healthcare API.

Prerequisites:

• FHIR Store setup
• Configure development environment
• Service Account with necessary permissions to be used by API Gateway

The key to successful integration is to create OpenAPI configurations that include proper authentication. Adding sample open api configs which can be used for the integration:

1. Use below Security Definitions to accept the Service Account JWT

securityDefinitions:
  Bearer:
    type: apiKey
    name: Authorization
    in: header
    description: >-
      Enter the token with the `Bearer: ` prefix, e.g. "Bearer abcde12345".

2. [Config-1] OpenAPI config to fetch all Patients from FHIR Server using the above token

paths:
  /getPatients:
    get:
      summary: Get all the patients
      operationId: getPatients
      security:
        - Bearer: []  # <-- use the same name here
      x-google-backend:
        # JWT credentials will be passed on as-is to target API
        disable_auth: true
        address: https://healthcare.googleapis.com/v1/projects/<PROJECT-ID>/locations/<LOCATION>/datasets/<DATASET>/fhirStores/<FHIR-STORE-NAME>/fhir/Patient/
      responses:
       '200':
          description: A successful response
          schema:
            type: string

3. [Config-2] OpenAPI config to fetch specific Patient details based on resource id

  /Patient/{id}:
    get:
      summary: Get single patient
      operationId: getPatient
      parameters:
        - in: path
          name: id
          type: string
          required: true
          description: ID of the patient to get
      security:
        - Bearer: []  # <-- use the same name here
      x-google-backend:
        # JWT credentials will be passed on as-is to target API
        disable_auth: true
        # Below parameter will append the /Patient/{id} to the base url
        path_translation: APPEND_PATH_TO_ADDRESS
        address: https://healthcare.googleapis.com/v1/projects/<PROJECT-ID>/locations/<LOCATION>/datasets/<DATASET>/fhirStores/<FHIR-STORE-NAME>/fhir/      
      responses:
       '200':
          description: A successful response
          schema:
            type: string

4. Include additional search parameters based on requirements. Example for identifier below

parameters:
        - in: query
          # accepts name query param
          name: name
          type: string
          description: Get details of patient based on name search parameter

You can find the sample config here. Feel free to create your custom configs based on the sample for other FHIR resources.

Go to the API Gateway Console and click on `CREATE GATEWAY`. Add variables of your choice in the field `Display Name` and `API ID`, Use the above config in `Upload an API Spec` while creating the API Gateway as shown below:

API-Gateway Console

Finally, click on CREATE GATEWAY to deploy the API Gateway. It might take 5–10 minutes before you can actually start using the API’s.

Test your API

I have used the Service account authorization using JSON Web Tokens for this POC. But you can choose what best works for you.

For testing the above API’s, requests would look like:

# Get all Patients [Config-1]
curl -X GET -H "Authorization: Bearer <SIGNED_JWT>" "<GATEWAY-URL>/getPatients"

# Get patient with resource id=b0457c2b-2b25-427f-b2e9-04e8fba2148e [Config-2]
curl -X GET -H "Authorization: Bearer <SIGNED_JWT>" "<GATEWAY-URL>/Patient/b0457c2b-2b25-427f-b2e9-04e8fba2148e"

# Request with `name` search parameter
curl -X GET -H "Authorization: Bearer <SIGNED_JWT>" "<GATEWAY-URL>/getPatient?name=Clara"

I hope you found the above information helpful. Thank you for reading!