Smile CDR v2023.11.PRE
On this page:

6.3.1FHIRWeb Console


FHIRWeb Console is a testing tool that can be used by developers and administrators to view data in the CDR, create searches, and perform other FHIR operations (create, read, update, etc.) from a web-based console.

FHIRWeb Console is not intended as an end-user tool. It is not, for example, a GUI that could be used to present clinical FHIR data to clinicians for providing care. Instead it is intended as a tool for back-office staff to interact with data in the CDR.



FHIRWeb Console requires a FHIR Endpoint, and shares the same settings and backing database as the endpoint it is configured to use. However, FHIRWeb Console uses an internal hook to communicate with the endpoint, meaning that:

  • it is not necessary for the module to be able to access the HTTP Listener port exposed by the FHIR Endpoint; and
  • it is necessary for the FHIRWeb Console module to be deployed to the same node(s) as the FHIR Endpoint.

This is illustrated in the following diagram:

FHIRWeb Architecture



Users accessing the FHIRWeb Console are authenticated directly into the FHIRWeb Console. In other words, if an Inbound Security module is specified as a dependency, users will be presented with a login page when they access the console.

In order to be permitted to log into FHIRWeb console, a user must be granted the ACCESS_FHIRWEB permission. However, this permission alone is not sufficient for a user to be able to use the console. When users log in, their regular user permissions will be applied to any FHIR requests they make. If the logged in user has access only to read one Patient's compartment then any requests that exceed this permission will be rejected exactly as though the user was making their request directly against the FHIR Endpoint.

At a minimum in order to be able to browse the console, the user needs to have the FHIR_CAPABILITIES permission, which allows the user to access a list of available resources.

Additional capabilities can be enabled using appropriate permissions. For example, if the user has been granted the FHIR_ALL_READ permission, they will be allowed to browse all data using the console but will not be permitted to perform write operations.

The primary purpose of the FHIRWeb Console is to create and execute FHIR requests. These FHIR requests are invoked via a FHIR Endpoint module, and are subjected to the same security, auditing, and interceptor settings as any other request submitted via the same endpoint module.

Interceptors may detect requests originating from the FHIRWeb Console by testing the following value from the RequestDetails object.

public void someHookMethod(RequestDetail theRequestDetails) {
    String attrName = "ca.cdr.endpoint.fhirweb.IS_FHIRWEB_DIRECT_REQUEST";
    Boolean fhirWebRequest = theRequestDetails.getAttribute(attrName);
    if (Boolean.TRUE.equals(fhirWebRequest)) {
        // do something
} Anonymous Usage

In a typical configuration, all access to data is secured and requires an authenticated user. However, it is desirable to allow unauthenticated access to data in some situations. For example, some scenarios where this would be useful might include:

  • development servers; and
  • publicly accessible registries of non-sensitive information (e.g. medication lists, provider lists, etc.).

If you wish to allow users to be able to access FHIRWeb Console without requiring authentication, there are two configuration settings required:

  1. the FHIRWeb Console module should have the anonymous.access.enabled property set to true; and

  2. the ANONYMOUS user should be granted the ACCESS_FHIRWEB permission, as well as any additional permissions required for operations that the user should be allowed to perform anonymously.

6.3.4Creating the Module


When creating a module of this type, there are only a few required configuration options:

  • Listener Port – The port that the server will listen on (e.g. 8001).
  • FHIR Endpoint module dependency – The FHIR Endpoint module to which to connect, and which must be a module on the same node.

Optionally, an Inbound Security module dependency can be specified in order for the FHIRWeb Console to be able to authenticate users and authorize them.

6.3.5Using the Console


The console is accessed simply by pointing a browser at the selected port on the server. For example, if port 8001 was selected and the system is deployed to the server, the following URL should be used:

The user will be presented with a login page. Once logged in, the home page of FHIRWeb Console appears as follows:

FHIRWeb Console Home



See the FHIRWeb Console Module Configuration for a complete list of available configuration options for this module.