Making a FHIR REST API request on a SMART enabled HealthLake data store
An example request from client application containing a JWT in the authorization header and how Lambda should decode that response
After the client application request has been authorized and authenticated the client application must receives a bearer token from the authorization server. Use the bearer token in the authorization header when sending a FHIR REST API request on a SMART on FHIR enabled HealthLake data store.
Sample FHIR REST API request to SMART on FHIR enabled a HealthLake data store
An example GET request on a SMART on FHIR enabled HealthLake data store
GET https://healthlake.your-region.amazonaws.com/datastore/your-datastore-id/r4/Patient/[ID]Authorization: Bearerauth-server-provided-bearer-token
Because a bearer token was found in the authorization header and no AWS IAM identity was detected HealthLake invokes the Lambda function specified when the SMART on FHIR enabled HealthLake data store was created. When the token is successfully decoded by your Lambda function here is an example response which sent to HealthLake.
{ "authPayload": { "iss": "https://authorization-server-endpoint/oauth2/token", # The issuer identifier of the authorization server "aud": "https://healthlake.your-region.amazonaws.com/datastore/your-datastore-id/r4/", # Required, data store endpoint "iat": 1677115637, # Identifies the time at which the token was issued "nbf": 1677115637, # Required, the earliest time the JWT would be valid "exp": 1997877061, # Required, the time at which the JWT is no longer valid "isAuthorized": "true", # Required, boolean indicating the request has been authorized "uid": "100101", # Unique identifier returned by the auth server "scope": "system/*.*" # Required, the scope of the request }, "iamRoleARN": "iam-role-arn" #Required, IAM role to complete the request }
