API gateway
The API Gateway functionality in the console enables Application Providers to create (both Test & Production) clients and to get access to the Audit Record Repository. Within an existing Client, Application Providers can create subscriptions to messages from Provider Organizations. This tutorial explains the Application Providers Clients, the creation of subscriptions is explained in the separate Create Subscriptions tutorial and the Audit Record Repository is explained in the separate Audit Record Repository tutorial.
The Client represents a profile of the Application Provider that contains all configurations and logic. An Application Provider requires at least one configured Client in order to set up Subscriptions and to receive authorizations from Provider Organizations. A Client of an Application Provider must always be authorized by a Provider Organization before the Application Provider can start using the Client and before sending API calls.
An Application Provider can use the Console to:
- Create Test Clients: Any form of application, automation, or other technology service that is created by an Application Provider and interacts with a Sandbox provider is referred to as a Test Client. When a Test Client is created, a sandbox Provider Organization will automatically be created containing all FHIR 4 resources the Founda Health API supports. The Test Client will have unlimited privileges on those resources.
- Create Production Clients: Any form of application, automation, or other technology service that is built for production use is referred to as a Production Client. A Production Client is created by the Application Provider and defines the (FHIR) scopes and other interactions the service requires. A Production Client must always be (prior) authorized by a Provider organization before it is allowed to interact with that Provider. When authorizing a Production Client, the Provider Organization accepts the (FHIR) scopes and interactions the Application Provider has defined.
- Create Subscriptions: Configuration to receive all messages from the Provider Organization that meet certain conditions.
In order to set up a Client, click on the Clients functionality in the API Gateway menu in the navigation pane of the left.
To create a new Client:
- Click on the “+”-icon in the top right corner to create a new client.
- Choose between a Production or a Test Client.
- Fill in the “Name” and “Description” field for the Client.
- In case of a Production Client; choose what FHIR Resource Actions are required for this Client (the Provider Organization needs to authorize this). The Client’s list of FHIR Resource Actions that the Client is authorized for is called the Scopes of the Client.
- In case of a Test Client; no FHIR Resource Actions need to be chosen. A Test Client is always authorized for all FHIR Resource Actions and automatically gets access to a Sandbox Provider Organization.
- Click the “Save” button to save the Client.
After clicking on the save button, both for a Test Client and a Production Client, the credentials of the Client will be shown. A Client exchange ID, (OAuth) Client ID and the Client secret are displayed. The Client exchange ID is required for a Provider Organization to authorize the Application Provider’s application, automation, or other technology service.
The Client secret will only be shown once, when the user creates the Client. Make sure to store this secret somewhere safe. It cannot be retrieved after it disappears from the Client screen.
After the Client is saved, two more functionalities appear within the Client settings. These functionalities are only available for an Application Provider to configure, after the Client is authorized by the Provider Organization. The details of the Subscriptions functionality are explained in the seperate Create Subscriptions part of the Console Manual.
Within the Client settings, there is also the possibility to delete a Client, this must be confirmed by typing the word DELETE in the text box.
