#REST API

Up until recently, I have been toying around with REST/FHIR capabilities but only internally. Now I have a request to make REST API calls outside of our Network. 

I am using an RSA 4096 key, because Microsoft Active Directory Services which generates the signed certificate could not handle the Elliptical Key (ECC) when I put the request in.

• Others in the Healthcare industry, how have you handled this when there isn't an API manager involved?
• Do you connect directly through the Interoperability Engine using a TLS key?

Hello,

First of all thanks for your time, thoughts, teaching and help:

We wonder how could we get the metrics from http://[Ip]:[Port]/api/monitor/metrics and use them in Kibana to chart statistics.

We would like to ask you how do you use the api monitor metrics, and as a second question, how would you suggest to utilize them in a third party software as Kibana to chart them.
 

We have thought to do the following:

1. Retrieve Metrics from Intersystems HealthShare API: Use a tool or script to make requests to the Intersystems HealthShare REST API and obtain the list of metrics.

Hello community,

in addition to HL7 V2 interfaces mediated via TCP/IP, we have been implementing more and more HS.FHIRServer.Interop.Service based services that are addressed via port 57772.
We would like to secure access to the Management Portal now and have come up with a procedure that I would like to discuss.

1. The local server firewall only allows access to port 57772 for the IPs of the administration PCs (and some few other exceptions).
2. A REST service is introduced for access to FHIR endpoints, which listens on a different (accessible) port.

Hello everyone!

I have set up an EnsLib.REST.GenericService with an  EnsLib.HTTP.InboundAdapter which forwards the http requests received by a web app to my Business Process. 

I would like to parse HTTP multipart/form messages I am receving and be able to iterate over the various fields within the request body, accessing its content type and the content itself.

As far as I understand I should use the %Net.MIMEReader class which should return a list of %Net.MIMEPart, one for each field within the request. However if I do : 

Set##class%Net.MIMEReader

Hi, 

i'm with a trouble to take the api/monitor/alerts using prometheus.

i'm using prometheus 3.2.1 with IRIS 2022.1, the api metrics is working fine, but with the alerts, i'm receiving the following error:
 

and this is the answer in the request:

it apears the iris is not using the right way to answer the OpenMetrics the way Prometheus want.

Someone already see this?

I have a scenario where I send a GET request to a broker and receive a FHIR response. When I attempted to use the built-in InterSystems functions to convert this FHIR response into SDA, the transformation failed—likely because it is not a standard FHIR request.

How should I handle this situation? Is there a recommended approach to processing FHIR responses in this context?

Additionally, if I manage to convert the FHIR response into a request format, I noticed that the broker sends a Task resource.

Hello community

I sent a http post message with a large message body (approx. 200 kB) to a standard EnsLib.REST.GenericService using a standard EnsLib.HTTP.InboundAdapter.

When inspecting the message in the message viewer I expected to see a HTTPMessage XML in the Contents preview, but I found a GenericMessage with no HTTPHeaders section. After a while, I found out that the display in the message's Visual Trace differs from what is shown, when going to the View Full Contents view in the Contents tab of the message viewer.

I am trying to create my first call to our Epic FHIR Repository from Health Connect using Samples-FHIRStarter now that I have OAuth2.0 connection tested/working with our Epic Interconnect URL.

When I take a patient example from our Epic environment and test it through Data.BPL.PatientRecordCollector within the Namespace, I keep getting a 404 - File or directory not found 

as it tells me it cannot find the patient. So, I know the connection is being established, I just can't see what is being sent to Epic to see if I could test it through Postman.

I'm working with isc.rest and am going through the tutorial right now. My project directory exists on my IRIS server. When I try to create a module.xml file in the root package, I get a #16006 error. I see that there is a "generate" command for zpm that should create a module.xml for me on my local filesystem. How can I create this module.xml in the same folder that holds my code living on the IRIS server?

I have the following setup: REST broker calls inProc BO via BS. As BO initialization is time-consuming, I want to reuse the same BO during the CSP process lifetime.

I have tried the following approaches:

1. Set %session.Preserve to 1 (I would prefer not to use it as the BO object is not linked to a specific client)
2. Set $$$EnsInProcPersist to 1 (looked relevant)
3. Cached BS between calls

However, every time I call my REST endpoint, I get a new BO. Is there a way to cache inProc BOs in the CSP context?

To run the sample, import it into any interoperability-enabled namespace, start

Hi:

I see a lot of cool REST apps and i'm trying to host something in the TIE using REST/Axios with VITE. 

At the moment i will probably host the application in web applications in Intersytems. 

For authorisation and getting the logged in user and password to any app, is there a standard people are doing? 

I.e. for axios you might have this from the app

auth: {
        username: apiUser,
        password: apiPass
      }

But surely you want to pass through credentials from the IRIS logged in user, or alternatively pass the credential request to IRIS API to first receive the data.

I am trying to replicate a REST call that I am able to make via a Postman call within a EnsLib.REST.GenericOperation.

It's been a while since I have messed around with trying to make external REST calls. When I execute my REST call, tSC is coming back with an error and I am trying to pinpoint why. I tried turning on ISCLOG = 5 but when calling the REST Operation from the Testing tool it is not logging anything to the ISC log.

How do we see the RAW request being sent out to verify that my request is formatted properly?

Hello Community,

I’m working on an InterSystems IRIS production that needs to call an external API using OAuth client credentials (client_id and client_secret). For security reasons, I must pass these credentials via environment variables in my Docker container.

In the IRIS terminal, I can successfully retrieve these environment variables using $System.Util.GetEnviron("api-clientid") and $System.Util.GetEnviron("api-clientsecret"). However, inside my Business Operation class (OnMessage method), these environment variables return empty strings.

Hi, I have a controller which handles accounts, and forwards to the relevant controller based on the path, example below:

XData UrlMap
{
<Routes>

<Map Prefix="/:accountId/anothercontroller""AnotherController"

Problem is that inside AnotherController, the accountId path parameter is lost, I assume that's because the map forward simply checks if there's a match then forwards.

AnotherController:

XData UrlMap
{
<Routes>

<Route Url=

IRIS on mac unable to run my rest api which I created using spec first approach. 
I am getting a 403 forbidden account error.

We are calling a REST web-service from Ensemble using EnsLib.HTTP.OutboundAdapter and redefining the adapter class to set custom headers as described by @Eduard Lebedyuk here: How to set Content-Type

During development we accidentally stumbled across puzzling behaviour - we now suspect that the  object created in the linked example is being reused in the following scenario:

1. request is created as described and sent to web-service, so an instance of a %Net.HttpRequest object exists and is known to the EnsLib.HTTP.OutboundAdapter

We've got some web services that utilise EnsLib.SOAP.Service/EnsLib.REST.Service. These do some further requests to a few operations to call some other services and return the combined results.

An issue that we are noticing is that some of the usage involves users hitting the refresh button a few too many times and generating a lot of requests. This is mostly an issue when the service that the operations are calling are down or slow to respond. IRIS starts using a lot of RAM when this occurs and has caused outages by getting through an extra 50-60GB of RAM.

I have built a REST operation to submit a JSON Request Body, and in the JSON Response Object, I need to pull out certain values like pureID, portalURL, and under the identifiers array the ClassifiedID that has a term."en_US" = "Scopus Author ID"

{
    "count"1

My REST Operation looks like...

Method PostSearchPerson(pRequest 

But when I execute I am getting...

Hello, I have a problem with a call and I would need some help.

When I call an API with the SendFormDataArray method of the EnsLib.HTTP.OutboundAdapter adapter, I pass it a %Net.HttpRequest object and I receive the following error:

ERROR #5002: ObjectScript error: <SUBSCRIPT>MatchSuffix+1^%Net.HttpRequest.1 ^%qPublicSuffix("")

I have correctly entered the url in my business operation and I pass it in the last parameter of the SendFormDataArray method. Do you have any idea, please?

Method XRPUAuthentification(pInput AsAs

Hey,

I'm testing a REST API that is used for our IRIS Backend with a mobile app (Angular / ionic). 

The problem is that, our test environment does not yet have HTTPS capabilities, it's something we're going to set up ASAP, but right now we don't have it set up. 

We want to test the API endpoints via a web browser using either a test application built in Angular, or the app itself built with NPM via the browser. This means that the set-cookie headers are being blocked by the browser. 

Is there a way that we can allow the set-cookie header to be set in the browser for testing?

I deployed an IRIS REST application using Installer class. I think I created the namespace FEEDER database with %DB_Default resource and I used the same resource in Web Application roles. I allowed Unauthenticated Authentication method. I used ^%ISCLOG and reviewed ^ISCLOG. I do not understand why I get 403 Forbidden response.

I have a primary dispatch class that implements %CSP.REST.AccessCheck() for some high level access checks before the route table forwards the request to the implementation classes which also implement %CSP.REST.AccessCheck() for some lower level access checks.  The idea is that we know where we are in the implementation class and what the user is trying to do, so it makes more sense to check some lower level items there rather than trying to parse out the request at the dispatch class.

The problem is the second, implementation level access check is not happening.

Hi developers!

While developing web apps the security practice I consider safe and convenient is to create a special Role (e.g. equal application name) which contains security resources which application will need (SQL tables, priviledges, database access, etc) and assign it to the Web Application.
So the user gets this role once it loggs in to the application (via password, no password or delegated).

Convenient, right?

So, the question is, when I deploy the app as an IPM module what should I put as a database access?

I understand that InterSystems provides functions to facilitate transactions between FHIR and HL7 via the SDA segment. My question is:

• Does this transformation only work when InterSystems receives FHIR requests and converts them into HL7, or does it also support responses?
• Specifically, if our operation sends a GET request to a broker and receives a FHIR response, does InterSystems support transforming this response into an SDA segment automatically?
• Or should we manually parse and modify the response to handle it according to our needs?

What would be the best approach in this scenario?

I have a question about the routing of IIS.

If I have a javascript application that has a single entry point app.html. Is it possible to configure the IIS server such that both the urls

addr:port/entry1

addr:port/entry2

to provide the same app.html and let the javascript code from application decide what component to load next, depending on the path of the URL ?

My IIS server is configured such that when I do a GET url1, ir tries to send entry1.html , respectively entry2.html when I do GET url2.

Hello Community,

When handling a %CSP.REST API response for a custom endpoint, how can I capture or access the response content before it is written to the output buffer and sent through the Web Gateway to the UI?

In manually created REST services (for example, with a route like:<Route Url= ),
the response is typically written from within any class method in the execution flow.

Is there a way to intercept or log the response content before it is sent to the client?

Thanks!

I have a rest API Class used for getting data from Cache 2018 version.
I have single route '/callfuntions'
I send the following parameters to the API :-  className, methodName, params
I use $CLASSMETHODto execute and send the result back to the client.

If I make more that 10 to 12 requests in quick succession, then it stops sending data.

if I wait for over 10 seconds it allows me to send more requests to the API.  How do I resolve this?

While working with GET request I encountered this situation where FHIR Server return a responseStatusHTTP "HTTP/1.1 200 200" instead of "HTTP/1.1 200 OK" (as highlighted in the attached screenshot).

Although the response code seems valid, these bundles have a total value of 0.

Could anyone clarify what "200 200" signifies in this context? Is there an issue with my setup, or does this indicate a specific condition related to the empty bundle search?

Thank you in advance for your help!

Hello Community,

Is there any way to avoid generating the built in validation inside the classmethod from the .disp class definition. I've added the resource with path parameter as integer in swagger 2.0 open API.  The class method(in my case getRandom is the class method) inside .disp handles the integer validation by default. Is there a way to avoid/remove by default.

default validations for Integer

If$number"I"

"/random/{min}/{max}":{
    "get": {
        "operationId": "getRandom",
        "parameters": [
            {
                "name": "min",
                "in": "path",
                "description": "Minimal Integer",
                "required": true,
                "type": "integer",
                "format": "int32"
            },
            {
                "name": "max",
                "in": "path",
                "description": "Maximal Integer",
                "required": true,
                "type": "integer",
                "format": "int32"
            }
        ]
    }
}

Hello,

I have a main dispatcher (that extends %CSP.REST) that contains:
<Routes>
   <Map Prefix="/v([0-9]{1,2})/news"    Forward="API.Dispatch.news"/>
</Routes>

And I have the sub-dispatcher that contains:
<Routes>
   <Route Url="/:id"                        Method="GET"  Call="NewsGetItem"/>
</Routes>
If I try to access this route:
https://mydomain.com/mobile/api/v4/news/123
It doesn't work (404).
 

But strangely enough, it works (200):
https://mydomain.