Smile CDR v2023.05.PRE
On this page:

18.1Gateway Setup

 

Setting up the Gateway involves a few key setting, described here.

18.1.1Server Configuration

 

The FHIR Gateway provides a FHIR REST endpoint, served as an HTTP server. This endpoint supports a set of standard endpoint configuration properties, including:

  • FHIR Version (the version of FHIR that FHIR clients invoking the gateway endpoint are expected to support)

  • Port (the port to listen on)

  • TLS/SSL (support for the HTTPS protocol)

  • Security: The endpoint can be secured with HTTP Basic and OpenID Connect / SMART, and fully supports authorization checks on the data being returned based on user permissions and approved SMART scopes

  • Request Validation: The endpoint can be configured to validate requests (see Request Validating Enabled). Additionally, instance validation can be configured by setting a validation dependency to the validation-supporting module

18.1.2Encryption JWKS (Keystore)

 

The FHIR Gateway uses Encrypted JSON Web Tokens (JWE) to encode data about the backend servers in a way that prevents clients from learning internal implementation details. A JWKS keystore must be supplied as a part of the gateway module configuration.

Many tools exist to create JWKS files. One such tool is the mkjwk tool available at: https://mkjwk.org/

To create a JWK using this tool, the following settings are recommended:

  • Type: RSA
  • Key Size: 4096
  • Key Use: Encryption
  • Algorithm: RSA-OAEP
  • Key ID: SHA-256

Click on the "generate" button and copy the Public and Private Keypair Set. This can be pasted directly into the Encryption JWKS (Text) setting, or imported by file using the Encryption JWKS (File) setting.

18.1.3Configuration Document

 

Details about the target servers that the gateway will communicate with are supplied in the Gateway Configuration Document.

18.1.4Interceptors

 

Custom interceptors may be registered in order to provide specific functionality. See Gateway Interceptor Examples for samples.