Best Practice Question - Connecting to REST API's outside of the network |

Question

Scott Roth · Jul 1

#API #FHIR #Interoperability #REST API #Security #SSL #HealthShare #InterSystems IRIS for Health #Health Connect

Up until recently, I have been toying around with REST/FHIR capabilities but only internally. Now I have a request to make REST API calls outside of our Network.

I am using an RSA 4096 key, because Microsoft Active Directory Services which generates the signed certificate could not handle the Elliptical Key (ECC) when I put the request in.

Others in the Healthcare industry, how have you handled this when there isn't an API manager involved?
Do you connect directly through the Interoperability Engine using a TLS key?
How have you ensured that the TLS is enough to keep it secure and not expose the Interoperability Engine to the world?
Is RSA 4096 really enough?

$ZV: IRIS for UNIX (Red Hat Enterprise Linux 8 for x86-64) 2024.1 (Build 267_2U) Tue Apr 30 2024 16:06:39 EDT [HealthConnect:3.5.0-1.m1]