We are implementing delegated auth between Kong Gateway and IRIS. Kong is correctly configured to forward JWT authenticated requests with consumer headers (X-Consumer-Username, etc.) to IRIS, but the ZAUTHENTICATE routine (deployed in the %SYS namespace) never executes, leaving ZW ^ZAUTHLOG empty despite successful header delivery.

401 errors response:
...
* Request completely sent off
< HTTP/1.1 401 Unauthorized
< Content-Type: text/html; charset=utf-8
< Content-Length: 0
< Connection: keep-alive
< Date: Fri, 02 Jan 2026 16:03:48 GMT
< CACHE-CONTROL: no-cache
< EXPIRES: Thu, 29 Oct 1998 17:04:19 GMT
<

Defining my first REST API within InterSystems using iris-rest-Api-template as a basis and I am seeing if someone could provide me some guidance to see if I can make it work.  

In some of my other posts, I have been trying to come up with a way for our Enterprise Application Development team which works with .Net to build Applications to make a REST call to our instance of InterSystems to query some of the Cache Tables we have defined. 

Using the iris-rest-api-template, I have created the osuwmc.DataLookup.REST.Base.cls

Class osuwmc.DataLookup.REST.Base Extends%CSP.REST [ System = 3 ]
{

Para

Table of Contents

1. Purpose of the article
2. What containers are and why they make sense with IRIS
    2.1 Containers and images in a nutshell
    2.2 Why containers are useful for developers
    2.3 Why IRIS works well with Docker
3. Prerequisites
4. Installing the InterSystems IRIS image
    4.1 Using Docker Hub
    4.2 Pulling the image
5. Running the InterSystems IRIS image
    5.1 Starting an IRIS container
    5.2 Checking container status
    5.3 Executing code in the container terminal
    5.4 Accessing the IRIS Management Portal
    5.5 Connecting the container to VS Code
    5.6 Stopping or removing the container
    5.7 Setting a specific password with a bind mount
    5.8 Using durable %SYS volumes
     5.8.1 What gets stored with durable %SYS
     5.8.2 How to enable durable %SYS
6. Using Docker Compose
    6.1 Docker Compose example
    6.2 Running Docker Compose
7. Using a Dockerfile to run custom source code
    7.1 Dockerfile example
    7.2 Docker Compose example
    7.3 Understanding layers, image tagging and build vs. run time
    7.4 Source code and init script
    7.5 Building the image with Dockerfile
    7.6 Running instructions in the containerized IRIS terminal
8. Conclusion and what’s next

1. vscode extensions : intersystems.language-server-2.8.0@linux-arm64.vsix

2.  api/atelier web application is enabled 

3. vscode connect failed.

The most upvoted idea on the InterSystems Ideas Portal—garnering 74 votes—requests a lightweight version of IRIS. While the platform has grown into a powerful data engine, many projects require only its SQL database capabilities. This article demonstrates how to build an unofficial, compact IRIS Community Edition image focused solely on core database functionality, reducing the image size by over 80%.

⚠️ Disclaimer

This project produces an unofficial, experimental image of InterSystems IRIS Community Edition.

• Not supported or endorsed by InterSystems.
• Use at your own risk. The modifications remove core platform features and may break compatibility with tools, APIs, and expected behaviors.
• No warranties or guarantees apply, including fitness for production use.
• Intended only for educational and experimental purposes by advanced users.

Why a Lightweight IRIS?

While IRIS today includes rich functionality—interoperability, analytics, machine learning, system management, etc.—many projects only require its core SQL capabilities. The official Community Edition Docker image is approximately:

• Disk usage: 3.5–3.8 GB
• Compressed size: ~1.1 GB

IRIS Light reduces that to:

• Disk usage: ~575–583 MB
• Compressed size: ~144–148 MB

This makes it suitable for:

• Microservice or containerized SQL use
• CI pipelines with faster startup and pull
• Horizontal scaling where full features are unnecessary

There is a Master Table within IRIS that I am populating from Epic but want to share it with our Enterprise Application Development Team (Web). As a test I was able to use _SYSTEM from postman to execute the following.

POST /api/atelier/v1/xxxx/action/query HTTP/1.1
Host: xxxxxxxx
Content-Type: application/json
Authorization: ••••••
Cookie: CSPSESSIONID-SP-443-UP-api-atelier-=00f0000000000AKyLjBfUvU$MpFD8UT8y$EoNKNw1ixZeXN4_Q; CSPWSERVERID=hzZAT5rb
Content-Length: 86

{"query": "SELECT * FROM osuwmc_Epic_Clarity.DepartmentMaster WHERE ID = '300000000'"}

if I create another user specific

The demo is based on the raw class descriptions.
The data classes used are Address, Person, Employee, Company
For a more attractive demo, a JSONtoString method by ID was added.

Has anyone tried to authenticate IRIS client in Snowflake using Key Pair Auth as described in this doc?

I have been struggling sometime with trying to take a FHIR Bundle Response, extract the "entry.resourceType", extract the MRN and Name from the Patient FHIR Response...

Going through learning.intersystems.com, it suggested that I try using fhirPathAPI to parse and search my response for certain values, however I am not sure my syntax is correct. Using the AI code, it suggested to set my tree = "Bundle.entry.resource.resourceType"

ClassMethod Transform(source As HS.FHIRServer.Interop.Response, target As osuwmc.Epic.FHIR.DataStructures.PatientSearch.Record) As%Status
{
  Set tSC=$$$OKset tQ

I was wondering if anyone had a way to automate creating the Query String for a FHIR Request?

Using HS.FHIRServer.Interop.Request in my development I have to specify the following...

I was wondering.... if my source had variable number of fields if there was a way to automate the build for the QueryString when doing a Patient Search?

I am trying to replicate a way to use FHIR as a way to query the EMR instead of using a MS SQL Stored Procedure that is populated via HL7 ADT to query.

I am looking for a way to capture Data Quality issues with the Source data that is populating HealthShare Provider Directory. 1 way is to use Managed Alerts, but since it could be multiple Providers and different messages it seems silly to alert on every message that has the error. Instead, I was thinking of using the Workflow Engine so it could populate a Worklist for someone to review and work.

Looking over the Demo.Workflow Engine example, I am not comprehending on how to send a task to the Workflow manager to populate the worklist from a DTL.

Does anyone have any examples on how this could

According to the Documentation  EnsLib.Workflow.TaskRequest has the following fields...

• %Action
• %Command
• %FormFields
• %FormTemplate
• %FormValues
• %Message
• %Priority
• %Subjext
• %TaskHandler
• %Title
• %UserName

I want to be able to capture the Source, Session ID, and any other Identifiers outside of the Error so it will show up on the Task List.

I am struggling how to build a csp template for me to be able to capture additional fields to send to the Workflow Operation.

Does anyone have a good example outside of what is in the documentation on how to build out a Custom Form for this

Hi Developers!

Consider I have a persistent class derived from %Persistent and I want it to be derived from %JSON.Adaptor to enjoy all the JSON features.

Can I do it programmatically? 

So, it'd be wonderful to have a method in some util class that makes it happen? Something like:

Do ClassUtil.AddAncestor("MyPackage.MyPersistentClass","%JSON.Adaptor")

Any ideas?

You probably know this situation:
Some time ago, you found a very special $ZU function for a very specific type of problem. Some kind of mystical formula. It became popular and was used by many developers throughout your code and across all your installations.

Several versions and updates later, you are informed by ISC that your mystical $ZU is deprecated and no longer supported. You are advised to replace it with a new $something().

So, how do you find and document the usage of this mysterious code?
It might be located in classes, in MAC, INT, or INC code.
It can also be spread across multiple

I built a BP, that every time that a message is received from a BS, it executes 

set isAuth=##class(%SYS.OAuth2.AccessToken).IsAuthorized("EpicFHIRPOC",,,.accessToken,.idtoken,.responseProperties,.error)
 if 'isAuth {
        set tSC=##class(%SYS.OAuth2.Authorization).GetAccessTokenClient("EpicFHIRPOC", "*",, .error)        
         set isAuth=##class(%SYS.OAuth2.AccessToken).IsAuthorized("EpicFHIRPOC",,,.accessToken,.idtoken,.responseProperties,.error)
    }

To save time, I was thinking of just creating a BS that goes out and gets the Authorization Token every hour.

When working with InterSystems Interoperability (Iris / Health Connect / Ensemble), configuration data is often spread across many production items: services, processes, operations, adapters, and their settings.

A common operational or security need is to answer questions like:

• Which interfaces reference file system paths?
• Where are directories, network shares, or absolute paths configured?
• Can I quickly audit or document this information across all my productions?

The ObjectScript utility below solves exactly that problem by exporting selected configuration settings into a CSV file.

This

Here is what is currently used.

..CurrentDateTime("%Y%m%d%H%M%S")

The format is not the issue.

I need to make it our current time as it is five hours ahead.

How can I access the header property of either of these.

Or, if I can't do that, subtract five hours or the equivalent time in seconds.

example, if I receive 20201224161922, how can I make it 20201224111922?

Thanks,

Jonathan

Embeddedpy-bridge: A Toolkit for Embedded Python

Overview

Embedded Python is a game-changer for InterSystems IRIS, offering access to the vast Python ecosystem directly within the database. However, bridging the gap between ObjectScript and Python can sometimes feel like translating between two different worlds.

To make this transition seamless using embeddedpy-bridge.

This package is a developer-centric utility kit designed to provide high-level ObjectScript wrappers, familiar syntax, and robust error handling for Embedded Python.

As I am iterating through the FHIR JSON Response from a Patient Search, I am running into an issue where the extracted values are not being popualted into the Response object that I have created. If I do a $$$LOGINFO on them they will show up in the Object log, however if I try the following for example I get an error.

set target.MRN = identifier.value

Here is my Ens.DataTransform

Class osuwmc.Epic.FHIR.DTL.FHIRRespo

Hi developers!

There is a neat feature of ObjectScript classes - Query element, which allows you to write in a clear SQL (without any & or ()), pass parameters to it and call it from ObjectScript as do QueryNameFunc() or via Call SQLProcedureName via SQL, .e.g.

Query MyQuery(p as%String) as%SQLQuery [SQLProc]

{ 

SELECT * FROM MyTable 

WHERE Name=:p

}

All works fine, but when I tried to use the same for a DELETE statement see the following error:

SELECT expected, DELETE found ^ DECLARE Q1 CURSOR FOR DELETE

Is the Query element for SELECT only? What am I doing wrong? )

I am trying to centralize our FHIR queries into a single BP object that would send the FHIR query to the EMR, interpret the response into a %Persistent structure that could be sent back to the requestor. In theory it seemed like it would work but I am running into an issue..

"Warning on Message body 5@osuwmc.Epic.FHIR.DataStructures.PatientSearch.Record'
/ 229 because Status 'ERROR <Ens>ErrException: <PROPERTY DOES NOT EXIST>Transform+3 ^osuwmc.Scott.FHIR.DemoOutboundHL7Message.1 *DocType,osuwmc.Epic.FHIR.DataStructures.PatientSearch.Record -- logged as '-'
number - @' Set:""=source.DocType

I'm trying to login and seeing the message 'Unexpected request - client_id'. Could you please have a look?

The Rut

Up until early this year, I haven't been not doing much coding at all -- I had gotten sick of it.

After many years as a hands-on software engineer and data scientist, I got burned out around 2015. I switched to business development roles focused on "external innovation," then joined InterSystems in 2019 as a product manager. I missed the creative aspects of coding, but not the tedium. The endless cycle of boilerplate, debugging, and context-switching had left me creatively depleted. Like Jim Carrey's character in Yes Man, I found myself saying "no" to new projects -- so much so that I

Hi developers!
Happy holidays!

In ObjectScript there is neat option to log errors - call Log() method of an exception intance, e.g.:

ClassMethod MyMethod() {

Try {

w1/0

}

Catch e {

do e.Log() // logging error in the app logwrite"the error happened: "_e.DisplayString()

}

}

Is there anything like that for Embedded Python? e.g:

ClassMethod MyMethod() [Language = python] {

 try:

   print(1/0)

 except ZeroDivisionError as e:

   // how can I log e into IRIS App Error Log here?

   print("Caught exception: " + str(e))

}

Any ideas?

Hey Developers,

Enjoy the new video on InterSystems Developers YouTube

⏯  Inside Vector Search - Technical Innovations In InterSystems IRIS @ READY 2025

I'm a huge sci-fi fan, but while I'm fully onboard the Star Wars train (apologies to my fellow Trekkies!), but I've always appreciated the classic episodes of Star Trek from my childhood. The diverse crew of the USS Enterprise, each masterminding their unique roles, is a perfect metaphor for understanding AI agents and their power in projects like Facilis. So, let's embark on an intergalactic mission, leveraging AI as our ship's crew and  boldly go where no man has gone before!  This teamwork concept is a wonderful analogy to illustrate how AI agents work and how we use them in our DC-Facilis

InterSystems FAQ rubric

The default settings for Stay Connected and Pool Size for business hosts using the TCP adapter are as follows:

If a network problem causes a connection to a business host to be lost, the production side will be unable to detect this and will not accept new connections.In this situation, no event is recorded in the event log.If StayConnected is set to its default value (-1), connections will not time out, and you will need to restart the business host before it can accept new connections.

Hi noble developers!

Have a question/discussion. Sometimes, while developing, we'd need to connect VSCode directly to a remote server (e.g., stage one) for debugging purposes. And after change back to local one. And then to remote again.

How do you perform this switching in VSCode in a convenient way?

I have several settings.json files (settings_local, settings_remote) which I put to a main settings.json when I need to make VSCode to connect to switch the connection:

Is it the best practice?

InterSystems IRIS embedded vector search capabilities lets us search unstructured and semi-structured data. Data is converted to vectors (also called ‘embeddings’) and then stored and indexed in InterSystems IRIS for semantic search, retrieval-augmented generation (RAG), text analysis, recommendation engines, and other use cases.

This is a simple demo of IRIS being used as a vector database and similarity search on IRIS.

Prerequisites:

1. Python
2. InterSystems IRIS for Health - as it will be used as the vector database

Repository: https://github.com/piyushisc/vectorsearchusingiris

Steps to follow:

You send an HTTP request and get back an HTTP error but with an HTML error page which you didn't expect... what's happening?... 🤔

Specifically for example, perhaps you tried to READ a FHIR Resource (e.g. /Patient/123) and you get back a 404 error page, even though with other Patient IDs, you get back the Resource payload, so "the page" definitely does exist... why should you be getting a 404 error page? 🙄