Google Cloud API Gateway is a fully managed service that makes it easy to publish, secure, monitor, and manage APIs. Google Cloud Healthcare API is a RESTful API that provides access to healthcare data. By integrating API Gateway with Healthcare API, you can securely expose Healthcare API endpoints to your developers and applications and easily integrate them with SMART-ON-FHIR UI.
Prevalent ways to expose Healthcare API endpoints are:
We already have existing documentation on Apigee integration with Healthcare API so in this blog, we’ll talk about the API Gateway integration.
API Gateway can be more cost effective but it provides fewer customizations compared to Apigee. You can decide which services to choose based on your use case and this blog might come to your rescue.
API Gateway provides a number of security features that can help you protect your Healthcare API endpoints. These features include:
Prerequisites:
The key to successful integration is to create OpenAPI configurations that include proper authentication. In this example, we'll look at authorization via Service Account JWT. You can follow openAPI documentation for other use cases.
Adding sample open api configs which can be used for the integration:
securityDefinitions:
Bearer:
type: apiKey
name: Authorization
in: header
description: >-
Enter the token with the `Bearer: ` prefix, e.g. "Bearer abcde12345".
paths:
/getPatients:
get:
summary: Get all the patients
operationId: getPatients
security:
- Bearer: [] # <-- use the same name here
x-google-backend:
# JWT credentials will be passed on as-is to target API
disable_auth: true
address: https://healthcare.googleapis.com/v1/projects/<PROJECT-ID>/locations/<LOCATION>/datasets/<DATASET>/fhirStores/<FHIR-STORE-NAME>/fhir/Patient/
responses:
'200':
description: A successful response
schema:
type: string
/Patient/{id}:
get:
summary: Get single patient
operationId: getPatient
parameters:
- in: path
name: id
type: string
required: true
description: ID of the patient to get
security:
- Bearer: [] # <-- use the same name here
x-google-backend:
# JWT credentials will be passed on as-is to target API
disable_auth: true
# Below parameter will append the /Patient/{id} to the base url
path_translation: APPEND_PATH_TO_ADDRESS
address: https://healthcare.googleapis.com/v1/projects/<PROJECT-ID>/locations/<LOCATION>/datasets/<DATASET>/fhirStores/<FHIR-STORE-NAME>/fhir/
responses:
'200':
description: A successful response
schema:
type: string
parameters:
- in: query
# accepts name query param
name: name
type: string
description: Get details of patient based on name search parameter
You can find the sample config here. Feel free to create your custom configs based on the sample for other FHIR resources.
Go to the API Gateway Console and click on `CREATE GATEWAY`. Add variables of your choice in the field `Display Name` and `API ID`, Use the above config in `Upload an API Spec` while creating the API Gateway as shown below:
Finally, click on CREATE GATEWAY to deploy the API Gateway. It might take 5–10 minutes before you can actually start using the APIs. Fetch the GATEWAY-URL from the API Gateway Console.
I used the service account authorization using JSON Web Tokens for this POC. But you can choose what works best for you.
For testing the above APIs, requests would look like:
# Get all Patients [Config-1]
curl -X GET -H "Authorization: Bearer <SIGNED_JWT>" "<GATEWAY-URL>/getPatients"
# Get patient with resource id=b0457c2b-2b25-427f-b2e9-04e8fba2148e [Config-2]
curl -X GET -H "Authorization: Bearer <SIGNED_JWT>" "<GATEWAY-URL>/Pateint/b0457c2b-2b25-427f-b2e9-04e8fba2148e"
# Request with `name` search parameter
curl -X GET -H "Authorization: Bearer <SIGNED_JWT>" "<GATEWAY-URL>/getPatient?name=Clara"
Hope you all found the above information useful. Thanks for reading!