Use Cases
- Auth Server
- (existing) A user of the Auth server is able to register a client with scopes specified by the user
- Sandbox
- A user of the Sandbox is able to create a sandbox account that has an isolated FHIR resource server datasource (personal datasource)
- A user of the Sandbox is able to select a public datasource
- The initial public datasource is the HSPC FHIR API Server
- A user of the Sandbox is able to launch a SMART application that will run using the selected datasource
- The selected datasource is passed to the application using the "iss" parameter
- Logical API Server
- Defined: A Logical API Server is a FHIR API Server for a FHIR resource server datasource. It may be:
- A physical deployment of an HSPC Reference API instance that specifies a database and schema (traditional)
- A shared deployment of an HSPC Reference API instance that uses a router and multi-tenant database strategy to offer a single FHIR API interaction
- Other technique offering a single FHIR API interaction
- A user of the API server is able to perform the full FHIR REST API interaction according to the FHIR specification and SMART security model (no additional HTTP headers or parameters needed)
- OAuth2 token extensions are permissible
- Base URL path parameters are permissible
- A user a SMART application is restricted by a provisioning layer by scope (ex: app wants write scope but API server does not support write)
- A user of the API server is restricted from accessing a private/personal FHIR server that is not shared with them
- Defined: A Logical API Server is a FHIR API Server for a FHIR resource server datasource. It may be:
- Datasource publication and sharing
- A user of the Sandbox is able to register a datasource as a publicly available datasource (no provisioning required)
- A user of the Sandbox is able to share a personal datasource with another user of the Sandbox
Endpoints
Sandbox (application)
| Public Endpoint | Internal Endpoint | Purpose |
|---|---|---|
| sandbox.hspconsortium.org | sandbox.hspconsortium.org/hspc-sandbox-manager/[brain1]/ | Sandbox Welcome Page |
| sandbox.hspconsortium.org/manage | sandbox.hspconsortium.org/hspc-sandbox-manager/[brain1]/manage | Management above any team sandbox |
| sandbox.hspconsortium.org/health | sandbox.hspconsortium.org/hspc-sandbox-manager/[brain1]/health | Health check |
| sandbox.hspconsortium.org/dashboard | sandbox.hspconsortium.org/hspc-sandbox-manager/[brain1]/dashboard | Future use |
| sandbox.hspconsortium.org/admin | sandbox.hspconsortium.org/hspc-sandbox-manager/[brain1]/admin | Future use |
| sandbox.hspconsortium.org/hspc | sandbox.hspconsortium.org/hspc-sandbox-manager/[brain2]/hspc | HSPC shared team sandbox |
| sandbox.hspconsortium.org/{sandboxid} | sandbox.hspconsortium.org/hspc-sandbox-manager/[brain2]/{sandboxid} | Dashboard for a team sandbox |
| sandbox.hspconsortium.org/{sandboxid}/manage | sandbox.hspconsortium.org/hspc-sandbox-manager/[brain2]/manage | Management endpoint for a team sandbox |
FHIR Server
| Public Endpoint | Internal Endpoint | Purpose |
|---|---|---|
| api.hspconsortium.org | (Info page) Root of the multi-tenant FHIR server | |
| api.hspconsortium.org/manage | Management endpoint of the root FHIR server | |
| api.hspconsortium.org/{team} | Root of a team sandbox | |
| api.hspconsortium.org/{team}/data | Root of a team FHIR server | |
| api.hspconsortium.org/{team}/management | Management endpoint of the team sandbox |
Authorization Server
| Public Endpoint | Internal Endpoint | Purpose |
|---|---|---|
| auth.hspconsortium.org | Root of the HSPC Authorization server |
Applications (Cloud hosted)
| Public Endpoint | Internal Endpoint | Purpose |
|---|---|---|
| apps.hspconsortium.org | (Info Page) Root of the HSPC Applications server | |
| apps.hspconsortium.org/bilirubin-risk-chart | Info page for Bilirubin risk chart app | |
| apps.hspconsortium.org/{application} | Info page for the application | |
| apps.hspconsortium.org/{application}/launch | Sample launch endpoint for a SMART style application | |
| apps.hspconsortium.org/{application}/redirect | Sample redirect endpoint for a SMART style application |
Application Gallery
| Public Endpoint | Internal Endpoint | Purpose |
|---|---|---|
| appgallery.hspconsortium.org | Root of the HSPC application gallery | |
| appgallery.hspconsortium.org/{application} | Info page for the application with try it out link. {application} is the key for this application, needs to be consistent for apps.hspconsortium.org endpoints. | |
Possibly we would like to have REST API to get, put, delete applications from the appgallery |
Test Endpoints
| Public Endpoint | Internal Endpoint | Purpose |
|---|---|---|
| test-api.hspconsortium.org | hspcreferenceapi-sandbox-env.us-west-2.elasticbeanstalk.com/ | Root of the FHIR API server |
| test-auth.hspconsortium.org | hspcreferenceauth-sandbox-env.us-west-2.elasticbeanstalk.com/ | Root of the OpenID Connect Auth server |
| test-messaging.hspconsortium.org | hspcreferencemessag-env.us-west-2.elasticbeanstalk.com/ | Root of the messaging server |
| test-sandbox.hspconsortium.org | hspcsandboxmanager-env.us-west-2.elasticbeanstalk.com/ | Root of the test sandbox instance for all Sandbox (application) endpoints above For example, test-sandbox.hspconsortium.org/hspc is the HSPC team sandbox |
| test-apps.hspconsortium.org | Root of the test sandbox apps server | |
| test-apps.hspconsortium.org/{application} | For example, test.hspconsortium.org/apps/bilirubin-chart | |
| ? | Root of the test sandbox app gallery |
Database
Architecture
