API Documentation
Elekta’s FHIR API documentation is available so that developers may build applications that operate through the retrieval of patient data from MOSAIQ, Elekta’s Electronic Health Record. Applications are intended to be available for use by patients, providers, and third party application developers. Applications may be launched standalone or within the context of MOSAIQ.
Elekta’s FHIR API is powered by Firely and is compatible with MOSAIQ v2.86. Authenticated application developers will have access to USCDI v1 data.
Elekta's Terms and Conditions of use
Fees: To further grow Elekta’s interoperability and promote patient access to data, application developers are invited to build with Elekta’s platform at no cost. There will be no fee for the use of Elekta’s FHIR API within the current scope of available USCDIv1 data.
To read more about the FHIR API Terms and Conditons please click here.
You can find our Elekta Privacy Policy here.
Application Registration and Configuration
The Site admins of MOSAIQ Electronic Health Record have permission to add the application.
To build an application with Elekta’s FHIR API Authorization Server, the below information is required:
- Application Name
- Application Logo (Optional)
- Application URL
- Application Redirect URL
- Application Signoff (Logout) URL
- Application scope to access resources
Application Configuration
Proof Key for Code Exchange (PKCE) is an industry standard that can help mitigate CSRF and other known security threats.
| Configuration Option | Values |
|---|---|
| Token Name | DevTestToken |
| Grant Type | Authorization Code (With PKCE) |
| Callback URL | https://www.getpostman.com/oauth2/callback |
| Auth URL | https://elektaeu.oktapreview.com/oauth2/aus4p8j0ykfNgewRT0x7/v1/authorize aud=api://dev-sandbox-test |
| Access Token URL | https://elektaeu.oktapreview.com/oauth2/aus4p8j0ykfNgewRT0x7/v1/token |
| Client Id | Your Client ID |
| Client Secret | Your Secret |
| Code Challenge Method | SHA-256 |
| Code Verifier | Leave Blank |
| Scope | I.e. openid patient/*.read |
| State | Any UUID |
| Client Authorization | Send client credentials in body |
Authorization Server Info
- Auth URL: https://elektaeu.oktapreview.com/oauth2/aus4p8j0ykfNgewRT0x7/v1/authorize
- Access Token URL: https://elektaeu.oktapreview.com/oauth2/aus4p8j0ykfNgewRT0x7/v1/token
- aud: api://dev-sandbox-test
API Information
- FHIR API Base URL: https://elektafhirdevsandboxtest.azurewebsites.net
- FHIR Authorization Root URL: https://elektaeu.oktapreview.com/oauth2/aus4p8j0ykfNgewRT0x7
- FHIR Metadata Information URL: https://elektafhirdevsandboxtest.azurewebsites.net/metadata
- FHIR Authorization Server Information URL: https://elektaeu.oktapreview.com/oauth2/aus4p8j0ykfNgewRT0x7/.well-known/openid-configuration
- FHIR Server SMART Configuration: https://elektafhirdevsandboxtest.azurewebsites.net/.well-known/smart-configuration/
Please refer to SMART App Authorization Guide for more information
FHIR Resources
Elekta’s FHIR API is based on the HL7 FHIR® US Core Implementation Guide STU3 Release 3.1.1 and HL7 FHIR® R4.
To view Elekta’s FHIR Resources, please click here.
Bulk Export
Client Configuration:
Bulk Export requires a public/private key pair. The client must generate or obtain this key pair and register the public key set (via URL to JWK Set or JWK Set Directly)
A client must also produce a JSON Web Token (JWT) that will be used to authenticate the client to the FHIR® authorization server before requesting an access token. The following claims must be included in the authentication JWT, and it must be signed using the client's private key.
How to create JWT token:
Header Values for JWT Authentication
| Key | Value |
|---|---|
| alg | RS384 (fixed value) |
| kid | The identifier of the key-pair used to sign this JWT. This identifier SHALL be unique within the client's JWK Set |
| typ | JWT (fixed value) |
Authentication for JWT Claims
| Key | Value |
|---|---|
| iss | client_id - determined during registration with the authorization server |
| sub | client_id - determined during registration with the authorization server (same as iss) |
| aud | https://elektaeu.oktapreview.com/oauth2/aus4p8j0ykfNgewRT0x7/v1/token |
| exp | Expiration time integer for this authentication JWT, expressed in seconds since the "Epoch" (1970-01-01T00:00:00Z UTC). This time SHALL be no more than five minutes in the future. |
| jti | A nonce string value that uniquely identifies this authentication JWT. |
Bulk export client configuration (Postman will consume FHIR API)
Steps:
- Start your API client
- https://elektaeu.oktapreview.com/oauth2/aus4p8j0ykfNgewRT0x7/v1/token
- Select POST as the HTTP verb
- Select the "Body" tab then select the x-www-form-urlencoded radio button for the format
- Enter the configuration details from the table below and click the "Send" Button
Postman Configuration
Key Value scope system/*.read grant_type client_credentials client_assertion_type urn:ietf:params:oauth:client-assertion-type:jwt-bearer client_assertion JWT client assertion token obtained above - After obtaining an access token, use the token to retrieve resources in ndjson format.
Bulk Data Kick-off Request:
This FHIR® Operation starts the asynchronous generation of data that the client is authorized to see - whether it's all patients, a subset (specified group) of patients, or all data in a FHIR® server.
Endpoint - All Patients:
GET https://elektafhirdevsandboxtest.azurewebsites.net/Patient/$export
Endpoint - Group of Patients
GET https://elektafhirdevsandboxtest.azurewebsites.net/Group/[id]/$export
Required Request Headers
Accept - application/fhir+json
Prefer - respond-async
Response - Success
HTTP Status Code of 202 Accepted
Content-Location header with the absolute URL of an endpoint for subsequent status requests (polling location)
Bulk Data Status Request
Following the start of a bulk data request, the client MAY poll the status URL specified in the Content-Location header.
Response - In-Progress Status
HTTP Status Code of 202 Accepted
Response - Error Status
HTTP status code of 4XX or 5XX
Content-Type - application/json
Response - Complete Status
HTTP status of 200 OK
Content-Type - application/json
File Request
A client can download the created bulk data files (one or more per resource type) using the URLs provided by the FHIR® server in the Complete Status response body within the time period set in the Expires header (if present).
Endpoint
GET [url from status request output field]
Headers
Accept - application/fhir+ndjson
Response - Success
HTTP status of 200 OK
Content-Type - application/fhir+ndjson
Response - Error
HTTP Status Code of 4XX or 5XX
*For more information on Bulk Export – please refer to - HL7.FHIR.UV.SMART-APP-LAUNCH\Client Authentication: Asymmetric (public key) - FHIR v4.0.1