Integrate Healthcare API with API Gateway for SMART-ON-FHIR
Google Cloud API Gateway is a fully managed service that makes it easy to publish, secure, monitor, and manage APIs. Google Cloud Healthcare API is a RESTful API that provides access to healthcare data. By integrating API Gateway with Healthcare API, you can securely expose Healthcare API endpoints to your developers and applications and easily integrate them with SMART-ON-FHIR UI.
Prevalent ways to expose Healthcare API endpoints are:
1) Apigee Integration
2) API Gateway Integration
We have existing documentation on Apigee Integration with Healthcare API. In this blog, we’ll discuss API Gateway Integration, which is more cost-effective but offers less customization. The blog Addressing your API use cases, can help you decide which service is right for your use case.
API Gateway also provides a number of security features that can help you to protect your Healthcare API endpoints. These features include:
- API Keys: API Keys can be used to authenticate requests to your Healthcare API endpoints.
- OAuth 2.0: OAuth 2.0 is a popular authorization framework that can be used to authenticate requests to your Healthcare API endpoints.
- JWT: JWT is a lightweight token format that can be used to authenticate requests to your Healthcare API endpoints.
- Improved performance: The API Gateway instance can be used to cache requests to the Google Cloud Healthcare API. This can improve the performance of the SMART-ON-FHIR app by reducing the number of requests that need to be made to the Google Cloud Healthcare API.
Prerequisites:
- FHIR Store setup
- Configure development environment
- Service Account with necessary permissions to be used by API Gateway
The key to successful integration is to create OpenAPI configurations that include proper authentication. Adding sample open api configs which can be used for the integration:
- Use below Security Definitions to accept the Service Account JWT
securityDefinitions:
Bearer:
type: apiKey
name: Authorization
in: header
description: >-
Enter the token with the `Bearer: ` prefix, e.g. "Bearer abcde12345".
2. [Config-1] OpenAPI config to fetch all Patients from FHIR Server using the above token
paths:
/getPatients:
get:
summary: Get all the patients
operationId: getPatients
security:
- Bearer: [] # <-- use the same name here
x-google-backend:
# JWT credentials will be passed on as-is to target API
disable_auth: true
address: https://healthcare.googleapis.com/v1/projects/<PROJECT-ID>/locations/<LOCATION>/datasets/<DATASET>/fhirStores/<FHIR-STORE-NAME>/fhir/Patient/
responses:
'200':
description: A successful response
schema:
type: string
3. [Config-2] OpenAPI config to fetch specific Patient details based on resource id
/Patient/{id}:
get:
summary: Get single patient
operationId: getPatient
parameters:
- in: path
name: id
type: string
required: true
description: ID of the patient to get
security:
- Bearer: [] # <-- use the same name here
x-google-backend:
# JWT credentials will be passed on as-is to target API
disable_auth: true
# Below parameter will append the /Patient/{id} to the base url
path_translation: APPEND_PATH_TO_ADDRESS
address: https://healthcare.googleapis.com/v1/projects/<PROJECT-ID>/locations/<LOCATION>/datasets/<DATASET>/fhirStores/<FHIR-STORE-NAME>/fhir/
responses:
'200':
description: A successful response
schema:
type: string
4. Include additional search parameters based on requirements. Example for identifier below
parameters:
- in: query
# accepts name query param
name: name
type: string
description: Get details of patient based on name search parameter
You can find the sample config here. Feel free to create your custom configs based on the sample for other FHIR resources.
Go to the API Gateway Console and click on `CREATE GATEWAY`. Add variables of your choice in the field `Display Name` and `API ID`, Use the above config in `Upload an API Spec` while creating the API Gateway as shown below:
Finally, click on CREATE GATEWAY to deploy the API Gateway. It might take 5–10 minutes before you can actually start using the API’s.
Test your API
I have used the Service account authorization using JSON Web Tokens for this POC. But you can choose what best works for you.
For testing the above API’s, requests would look like:
# Get all Patients [Config-1]
curl -X GET -H "Authorization: Bearer <SIGNED_JWT>" "<GATEWAY-URL>/getPatients"
# Get patient with resource id=b0457c2b-2b25-427f-b2e9-04e8fba2148e [Config-2]
curl -X GET -H "Authorization: Bearer <SIGNED_JWT>" "<GATEWAY-URL>/Patient/b0457c2b-2b25-427f-b2e9-04e8fba2148e"
# Request with `name` search parameter
curl -X GET -H "Authorization: Bearer <SIGNED_JWT>" "<GATEWAY-URL>/getPatient?name=Clara"
I hope you found the above information helpful. Thank you for reading!