I agree with Vic that this is probably not worth the complexity. The rule definitions are stored as XML -- to change them you'll need to fetch the XML, modify it, then save the changed XML and re-compile the class. It would look something like this:

    set tMyRuleClassName="My.RoutingRuleClass"
    &SQL(select %id into :tXDataID from %Dictionary.XDataDefinition where parent = :tMyRuleClassName and Name='RuleDefinition')
    if (SQLCODE > 0) {
        // Query returned no results. Do some error handling

    set tRuleDefinition=##class(%Dictionary.XDataDefinition).%OpenId(tXDataID)

    /* This stream contains the raw XML of the RuleDefinition. It looks like this:
    <ruleDefinition alias="" context="EnsLib.HL7.MsgRouter.RoutingEngine" production="TESTINGPKG.FoundationProduction">
        <ruleSet name="" effectiveBegin="" effectiveEnd="">
            <rule name="">
                <when condition="1">
                    <send transform="" target="HL7.File.Out"/>
    set tRuleDefinitionXMLStream=##class(%Stream.GlobalCharacter).%New()
    do tRuleDefinitionXMLStream.CopyFrom(tRuleDefinition.Data)

    // Use XML classes to manipulate the stream
    // (docs about XML classes: https://docs.intersystems.com/irislatest/csp/docbook/DocBook.UI.Page.cls?KEY=GXML_intro)
    // ...
    // ...
    // ...
    // Ok, done making changes to the stream

    // Copy the changed XML back into the RuleDefinition
    do tRuleDefinition.Data.CopyFrom(tRuleDefinitionXMLStream)

    // Save the changees to the rule definition XData
    set tSC=tRuleDefinition.%Save()
    // Check if tSC indicates an error and do something about it
    if $$$ISERR(tSC) {
        // Do some error handling

    // Recompile the rule class
    set tSC=$System.OBJ.Compile(tMyRuleClassName,"cuk",.errorlog,1)

    // Check if tSC indicates an error and do something about it
    if $$$ISERR(tSC) {
        // Do some error handling

You can definitely do the OAuth requests using basic HTTP calls.

Doing it in OnInit won't work because the token you receive has an expiration time.

You'll need to:
- For every message your Operation receives you'll need to check if the cached token's expiration time has passed (or if there's no cached token).
- If you need a new token, do your POST call to get a new token and cache it.

Here's a cheat sheet I put together on creating an OAuth client definition:

Go to System Administration >> Security >> OAuth 2.0 >> Client

Choose “Create Server Description”

Enter the endpoint URL provided for the OAuth server and select the TLS config you created for the OAuth server. Click “Discover and Save”. It should populate details about the OAuth server.

After saving, a new server entry will appear. Click “Client Configurations” and then “Create Client Configuration”

Enter the name details, select the TLS config, and choose Client Credentials as the grant type. The redirect URL won’t actually be used, but you’ll need to enter something for hostname anyway.

Keep track of what you enter for “Application Name”. You’ll need to put this in your custom code.

Switch to the “Client Credentials” tab and enter the Client ID and Client Secret you were given.