FHIR (Fast Healthcare Interoperability Resources) is a new and emerging standard for interoperability in healthcare IT. Unlike the ancient HL7v2 standard, FHIR is open, extensible, and composable. It supports modern web standards like JSON, XML, HTTP(!), and Turtle. It also defines different data exchange methods like RESTful API, messaging, services, documents, and persistent storage. Best of all the FHIR documentation is outstanding: There is detail documentation for every type of resource, with lots of examples. Enough detail for anyone to create a compliant implementation. All of the data types like dates and times, terminologies, identifiers, references, numeric values, extensions are documented in detail, including how to read and write them. It’s probably one of the best documented and well thought out APIs I have worked with.
Epic made their FHIR APIs available on https://fhir.epic.com/. In this post, we will discuss using Epic’s FHIR APIs in Mule 4
Prerequisites
You will need an Epic developer account. You can get one for free by signing up here. I have used Anypoint Studio 7.7 for Mule app.
Configuration
Certificate setup for JWS
We will use SMART Backend Services approach described here which uses signed JWT to get the access token.
Generate a new public-private key pair, and get the certificate(s) in appropriate format
1
2
3
4
5
6
7
8
# generate a new public-private key pair
openssl genrsa -out Anypoint_Mulesoft.pem 2048# export the public key to a base64 encoded X.509 certificate
openssl req -new -x509 -key Anypoint_Mulesoft.pem -out Anypoint_PublicKey.pem -subj '/CN=Anypoint' -days 365# export the keystore in pkcs12
openssl pkcs12 -export -in Anypoint_PublicKey.pem -inkey Anypoint_Mulesoft.pem -out Anypoint_Keystore.p12
Click on ‘Create’ and enter your app details as follows. Make sure to select the Application Audience as ‘Backend Systems’. For Sandbox JWT signing public key, upload the public key store (Anypoint_PublicKey.pem) file generated in the previous step. Click on save.
You should see the Client ID and Non-Production Client ID for your app. Select the SMART on FHIR version as R4, enter the summary, accept the terms of usage and click on ‘Save & Ready for Sandbox’.
In my experience it usually takes a couple of hours for your app to be usable in Epic. It took me ~2 hours for my app to be usable
Mule application details
Create a new Mule application, and copy the pkcs12 formatted keystore (Anypoint_Keystore.p12) created earlier, in the src/main/resources folder.
To generate a signed JWT (JWS), we will use Java JWT library. In the pom.xml of your Mule application, include the following dependencies. (I have included Apache log4j dependencies, these are optional).
In Mule application’s src/main/java folder, create a new Java package com.dhimate.demo, class JWTProvider and use following code snippet to generate signed JWT.
In Mule application’s src/main/java folder, create a new Java package com.dhimate.demo, class JWTProvider and use the following code snippet to generate signed JWT.
Calling Epic’s FHIR APIs is a two-step process.
In the first step we need to get the access token using the signed JWT token
In the second step we will use the access token received in the step above to access FHIR resource
Let’s look at the configuration of important components
Generate signed JWS token using Invoke Static component
Prepare request payload to get access token
Get the access token
Call FHIR API to get the data
Once this is done, we can add a simple HTTP listener and connect our flow to it to get the data from Epic’s FHIR API. Epic has provided test data in the sandbox. Let’s use it to search for a patient record.
MuleSoft offers multiple connectors for Salesforce integration. This post is about Salesforce Connector for Mule 4. This connector helps in integrating with Sales Cloud, Service Cloud, Salesforce Platform, and Force.com. We will specifically look into different options for authentication with Salesforce.
Software Prerequisites
You need a Salesforce developer account. You can get one for free by signing up here. I have used the following versions for MuleSoft software.
Anypoint Studio 7.7
Salesforce Connector 10.8.0
Configuration
Security Token in Salesforce
Salesforce security token is an alphanumeric code associated with your password. You do not need a security token if you are trying to authenticate from an IP address that is inside your Salesforce org’s trusted IP range, or your Salesforce profile’s login IP range. When you sign up for a new developer account, your Salesforce org does not have trusted IP ranges. You can either set up trusted or login IP ranges in your org, or use the security token for authentication. Generating security token is simple.
Go to settings
Reset security token by using the ‘Reset My Security Token’ menu and clicking on the ‘Reset Security Token’ button.
You should receive your new security token in your email account that you used to sign up for the Salesforce developer account.
Certificate setup in Salesforce
For certificate-based security, you need to set up a certificate in Salesforce.
Go to setup
Search for certificate and key management and select the option
Click on ‘Create Self-Signed Certificate’ button to create a new certificate and enter the information and save it.
Once certificate is created, download the certificate (.crt) file. We need it for setting up the connected app.
Export the certificate to keystore. We need it to configure the connection information in Mule app.
Enter the password when exporting to keystore
Make sure you save both the .crt file (downloaded in step 4 above) and the .jks file safely on your disk.
Connected App setup in Salesforce
Go to setup
Search for app manager and select the ‘App Manager’ option
Use the ‘New Connected App’ button to create a new connected app.
Fill in name and email. Select ‘Enable OAuth Settings’ Enter two Callback URLs
Select ‘Use digital signatures’ and upload the .crt file received when setting up the certificate above.
Select all the OAuth Scopes if possibleNote the client_id and client_Secret
In your connected app’s page, click on Manage button to review and update the app policies. Click on Manage.
And then on ‘Edit Policies’
In the Permitted Users option you can see two options
Admin approved users are pre-authorized.
We will not go into the details of this option, but if you want to use it you can use the following steps
Go to Settings > Manage Users > Profiles
Edit the profile associated with the user
For ‘Connected App Access’ under the profile, select the checkbox against the connected app. Save.
All users may self-authorize.
We will use this option. Ensure that you select this option and save the policy.
It should redirect you to enter your credentials on Salesforce login screen and you should receive an authorization code.
This will complete the connected app setup.
Basic Authentication
Basic authentication is the easiest way to authenticate with Salesforce. For basic authentication you need username and password, and optionally a security token.
OAuth JWT
For OAuth JWT connection copy and paste the key store file (.jks) that you created in the certificate setup section into the src/main/resources folder.
Consumer Key – Consumer key of the Connected App that was created in Salesforce
Key Store – Keystore file (.jks) that you downloaded from the certificate setup
Store Password – Keystore password that was created when you generated the key store file
Principal – Salesforce username of the user that was approved against the authorization URL
OAuth SAML
For OAuth SAML connection copy and paste the key store file (.jks) that you created in the certificate setup section into the src/main/resources folder.
Consumer Key – Consumer key of the Connected App that was created in Salesforce
Key Store – Keystore file (.jks) that you downloaded from the certificate setup
Store Password – Keystore password that was created when you generated the key store file
Principal – Salesforce username of the user that was approved against the authorization URL
OAuth Username Password
For OAuth Username Password configure the following properties
Consumer Key – Consumer key of the Connected App that was created in Salesforce
Consumer Secret – Consumer secret of the Connected App that was created in Salesforce
Username – Salesforce login id
Password – Salesforce password
Security Token - Security token associated with the username
I recently finished reading Range - Why Generalists Triumph in a Specialized World by David Epstein. It wasn’t exactly a new topic. It was recommended in Bill Gates' blog so I was curious about it and picked it up. The book talks about (hyper)specialization vs broad thinking in career as well as life. I had read one perspective about this in other books like ‘Talent is Overrated’ by Geoffrey Colvin, and Cal Newport’s ‘So Good They Can’t Ignore You’.
This book offers a different perspective. It’s quite a myth-buster about the 10000 hours theory or deliberate practice. It explains how the hyperspecialization of narrow skills can be harmful to your long term growth. David kept me engaged throughout the book, even though sometimes the content kept on dragging the same message. It also felt relevant to my experience in life and career. I have been a sort of generalist, trying out different things like software engineering, solution architecture, or pre-sales over the last 20 years in my career. I intentionally avoided sticking to a single tech stack or framework or career track. And sometimes felt bad (or incompetent) being a jack of all trades type of a person. Turns out it isn’t bad to be that guy. In a way, I felt vindicated of everything I have done so far.
The key messages that stuck with me were about the experimentation and match quality - the term used to describe the fit between work someone does and their abilities. Everyone progresses at a different rate, so feeling behind doesn’t help much. Most likely you don’t know where exactly you are going. In this situation, the proactive pursuit of match quality, experimentation with different things, learning and adjusting as you go is the best approach. Comparing yourself to (cherry-picked) younger people doesn’t help either. Instead, compare yourself to your yesterday’s self and see how you are progressing. Epstein provides a good framework and reason to encourage range (rather than depth) over different areas of interest and stay curious.
As noted above, some of the repetitive content could’ve been edited to make it more concise. But other than that it was a fun and enjoyable read.