Add $validate API endpoints to APIM

CDCgov / data-exchange-fhir

Enterprise Data Exchange (DEX) is a new cloud-native centralized data ingestion, validation, and observation service scoped for common data types (HL7, FHIR, CDA, XML, CSV) sent to the CDC. It helps public health stakeholders who send data to the CDC while reducing the maintenance efforts, complexity, and duplication of ingestion points to CDC.

Apache License 2.0

10 stars 1 forks source link

Add $validate API endpoints to APIM #106

Open briansok71 opened 1 year ago

briansok71 commented 1 year ago

We initially only generated Swagger for the FHIR APIs and added to APIM. However, we are missing the ability to append $validate to these endpoints when creating or updating FHIR resources. When $validate is appended to end of URL, then FHIR will validate the resource being created/updated against the validation profile (StructureDefinition) stored in FHIR. The response may be an OperationOutcome resource type with validation error messages if invalid.

Example: .../Bundle versus .../Bundle/$validate

briansok71 commented 1 year ago

This user story is a lower priority for now - team's attention has been on loading validation profiles and running validation against mock data

bennettn4 commented 1 year ago

Initial APIM configuration for $validate has been added to the Non-CDC internal APIM

rmharrison commented 1 year ago

Thanks for looking ahead to APIM access control for external (non-CDC internal) users of $validate.

However, for our immediate use case (Healthcare surveys), we want validation as apart of the $process-message operation, NOT as a user-trigger $validate. Ideally, this'd be apart of the Azure FHIR $process-message configuration. And you'd return the validation error as part of the $process-message response (one or more OperationOutcome instructing the sender about the validation failure).

Upon receipt of the message, the Data Receiver SHALL validate the message before (my emphasize) accepting the message. http://build.fhir.org/ig/HL7/fhir-medmorph/reportsubmission.html#data-receiver-requirements-for-receiving-messages-from-ttp-or-hdea

briansok71 commented 1 year ago

@rmharrison - I agree. We will be validating on $process-message as mentioned in your comment.

We knew when we imported the Swagger for our FHIR APIs into APIM that we were missing FHIR custom operations ($validate, $export, $process-message, etc.) and that we would be adding them at some point. We decided to go ahead and add $validate this past Sprint because of the POC testing we were doing for posting our mockup of a HealthCare Survey message bundle and validating against the HL7 validation profiles (structure definitions) we've been adding to our FHIR service instance.