Configuration: Initial Setup
Setting up the Gateway involves a few key setting, described here.
The FHIR Gateway provides a FHIR REST endpoint, served as an HTTP server. This endpoint supports a set of standard endpoint configuration properties, including:
FHIR Version (the version of FHIR that FHIR clients invoking the gateway endpoint are expected to support)
Port (the port to listen on)
TLS/SSL (support for the HTTPS protocol)
Security: The endpoint can be secured with HTTP Basic and OpenID Connect / SMART, and fully supports authorization checks on the data being returned based on user permissions and approved SMART scopes
Request Validation: The endpoint can be configured to validate requests (see Request Validating Enabled). Additionally, instance validation can be configured by setting a validation dependency to the validation-supporting module
The FHIR Gateway uses Encrypted JSON Web Tokens (JWE) to encode data about the backend servers in a way that prevents clients from learning internal implementation details. A JWKS keystore must be supplied as a part of the gateway module configuration.
Many tools exist to create JWKS files. One such tool is the mkjwk tool available at: https://mkjwk.org/
To create a JWK using this tool, the following settings are recommended:
Click on the "generate" button and copy the Public and Private Keypair Set. This can be pasted directly into the Encryption JWKS (Text) setting, or imported by file using the Encryption JWKS (File) setting.
Details about the target servers that the gateway will communicate with are supplied in the Gateway Configuration Document.
Custom interceptors may be registered in order to provide specific functionality. See Gateway Interceptor Examples for samples.