Article
David Crawford · Jul 31, 2019 2m read
Anti CSRF Methods

IRIS provides us with anti login CSRF attack mitigation, however this is not the same as a CSRF attack, as login attacks only occur on the login form. There are currently no built-in tools to mitigate CSRF attacks on api calls and other forms, so this is a step in mitigating these attacks.

See the following link from OWASP for the definition of a CSRF attack:

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

4 5
1 499

I am working on an angular applications and build a web application (Rest API) on IRIS for health, the web application uses a password authentication and setup with the default csp session time out (15 minutes). If the user make an REST API call from the angular application after the session expired, it displays a login prompt...is that anyway that we can disable the login prompt and just simply return http status 401?  When the angular application received the status 401, it can redirect to angular error page.

Thanks,

Hoi

0 5
0 221

We are using an F5 load balancer to route public traffic to our IS server. My goal is to block public access to the Management Portal, and only allow what we want to expose, such as REST/SOAP services. At the F5, they can block URL wildcards or specific ports, so those are our options.

Since the URLs for the web services are in the same path ([host]/csp/healthshare/[namespace]/*), I can't see any URL wildcards happening. That leads me to ports; is there a way to put services on a specific port for all services, and everything else stay on a standard web port?

0 5
0 278
Article
Eduard Lebedyuk · Mar 14, 2018 10m read
REST Design and Development

Intro

For many in today's interoperability landscape, REST reigns supreme. With the overabundance of tools and approaches to REST API development, what tools do you choose and what do you need to plan for before writing any code?
This article focuses on design patterns and considerations that allow you to build highly robust, adaptive, and consistent REST APIs. Viable approaches to challenges of CORS support and authentication management will be discussed, along with various tips and tricks and best tools for all stages of REST API development. Learn about the open-source REST APIs available for InterSystems IRIS Data Platform and how they tackle the challenge of ever-increasing API complexity.
The article is a write-up for a recent webinar on the same topic.

6 5
4 2,368

Is there any good documentation/tutorials on creating gateways in both directions between FHIR and Hl7v2 (for Health Connect)?

the scenarios I'm most interested in

1. Client application sends a FHIR demographic query to Health Connect - and the interface has to convert this to Hl7v2 QBP^Q11 message to the PAS.

2. Health connect sends a PDF document (from a file or HL7v2 interface) to an EPR over FHIR.

Thanks

Stephen

UPDATE

0 5
1 940

Referencing this post:

https://community.intersystems.com/post/producing-json-sql

I'm not sure how to actually interact with the result set I get from doing something like this.  I want to return something like:

[{"field1":1, "field2":2}, {"field1":2, "field2":10}]

I'm finding it very difficult to get it in this format, since %Print appends a newline onto the end of the {} object it prints.

Here's the closest I've gotten:

1 5
3 862

First webinar on  InterSystems API Management!


We are pleased to invite you to the upcoming webinar in Russian: Introduction to InterSystems API Management on November 21 at 10:00 Moscow time (GMT+3)!

As you might have heard, we recently introduced the InterSystems API Manager (IAM) - a new feature of the InterSystems IRIS Data Platform,
enabling you to monitor, control and govern traffic to and from web-based APIs within your IT infrastructure.

In this webinar I will highlight some of the many capabilities IAM allows you to leverage. InterSystems API Manager brings everything you need:

  • to monitor your HTTP-based API traffic and understand who is using your APIs; what are your most popular APIs and which could require a rework.
  • to control who is using your APIs and restrict usage in various ways. From simple access restrictions to throttling API traffic and fine-tuning request payloads, you have fine-grained control and can react quickly.
  • to protect your APIs with central security mechanisms like OAuth2.0 or Key Token Authentication.
  • to onboard third-party developers and provide them with a superb developer experience right from the start by providing a dedicated Developer Portal for their needs.
  • to scale your API demands and deliver low-latency responses

There would be a live demo.

This webinar is for System Architects, Developers and DevOps Engineers.
Time: November 21 at 10:00 Moscow time (GMT+3)!

The language of the webinar is Russian.


Register!

0 5
0 294
Article
Rob Tweed · Apr 18, 2017 1m read
Having your Node.js Cake and Eating It Too

I've mentioned the QEWD project in this group before: it's a Node.js-based platform for web, Native and REST applications which tightly integrates with Cache.  It uses a somewhat different philosophy to the use of Node.js than the norm, and I've now published an article that explains this approach and the unique benefits that arise as a result.

It turns out that, integrated via QEWD, Cache is an ideal bed-fellow for Node.js.  QEWD makes the integration of Cache and Node.js exceptionally fast, simple and intuitive to use, but also extremely powerful.

Read the article here: 

4 4
0 468

Hi, 

I am a beginner on intersystems technologies ! and i want implements Oauth2 for our projects ( Angular 2 + Caché REST  Backend). 

i read the article that the link  is below : 

https://community.intersystems.com/post/cach%C3%A9-open-authorization-framework-oauth-20-implementation-part-1

But : i need to create  all servers ( Auth and Resource ) on Caché and dont' to use google server.

0 4
0 827

The REST webservice works perfectly when run on SOAP UI. This end point server is an https site that uses basic authentication (uname and pwd).  But when I run the request through an Enslib.Rest.Operation using a configured SSL and stored credentials, I get an "unauthorized" error, unless I explicitly hard code the password in the operation class. HS Version is 2014.1 .

I have 2 questions. Pardon me, they are both related!!

0 4
0 872

What if you could serialize/deserialize objects in whatever format: JSON, XML, CSV,...; attending different criteria: export/import some properties and not others, transform values in this or that way before exporting/importing,...; and all of this without having to change the class definition? Wouldn't that be great??

Well, perhaps it's a goal too ambitious to reach 100% but, exploring this idea, I've developed a bunch of classes that I thought it was good to share. If you want to test, change, modify or improve the code, or just take a look at it, you can do it here. There you'll find a more detailed explanation (see Readme.md)

Be aware, this is a proof of concept for myself done in spare times, sure it's not robust enough or it can be done much better... but, I was just playing...ok, I could just wait to the new JSON Adaptor (coming soon!) that sure is going to resolve much more scenarios in a cleaner way, but... meanwhile... :-) ...

9 4
4 1,789

Does developing a RESTful API in Caché remove the requirement to use the InterSystems.Data.CacheClient.dll and generate proxy classes using the Caché Object Binding Wizard for .NET web development? If anyone has links to sample applications using .NET with Caché and REST Services, I would be grateful if you could share them.

0 4
0 443

Hello Cache Developers:  I was curious if anyone has ever created a TWAIN interface to their Cache Application?   I am new to TWAIN and hence the reason for this question.  From what I understand, TWAIN is software used by various digital imaging software and TWAIN provides an API for applications to call to be able to import images into their application.   I work with a healthcare application and was wondering what types of things are required for a Cache Web Application to call the TWAIN API to be able to load images into a Cache table.    Any input, sample code, or suggestions is apprec

1 4
0 436

Hi all,

a HealthConnect customer of ours came across with a question to use an external service via REST and OpenID within one of his HealthConnect  (2020.1) productions. The overal idea is to send data to the external system after receiving a baerer token to use for the communication between HealthConnect and this system.

0 4
0 269
Question
Juuso Lepistö · Nov 5, 2021
ERROR #9406

I'm trying to send a POST request to my REST API and I'm getting this error and most likely due the lack of experience, I have no idea how to fix this issue:  

"error": "ERROR #9406: Unexpected format for value of field, AlertText, using class base mapping",

            "id": "JSONImportError",

            "params": [

                "AlertText",

                "class base"

            ]

Am I missing something from my string definition?

Defined below as:

0 4
0 160