Create a destination for Microsoft Azure + Health Data Services

Last updated: Oct 15, 2024

IMPLEMENTATION

HEALTH TECH VENDOR

Closed beta feature

This is a closed beta feature for a limited pilot group. We're not currently accepting additional participants, but we'll let you know when it's available to everyone.

For cloud connectivity with Redox, you decide which cloud provider and cloud product(s) to use. Then, you'll need to create a cloud destination in your Redox organization.

You'll need to perform some steps in your cloud product(s) and some in Redox. You can perform Redox setup in our dashboard or with the Redox Platform API.

Cloud products

This article is for this combination of cloud products:

Microsoft Azure
Azure Health Data Services (HDS)

Configure in Microsoft Azure

Navigate to the Microsoft Azure dashboard and log in. Review Azure's quickstart guide to get started.
Create an application through Azure Entra. Review Azure's help article. This is where you'll get a client ID and tenant ID, which you'll need for Redox setup later.
Create a new secret for your application. This is where you'll get client secret value, which you'll need for Redox setup later.
Use Postman to access the FHIR® service in Azure Health Data Services.
For Redox configuration later, get the capability statement.
Get an access token for the FHIR® server.

Create a cloud destination in Redox

Next, create a cloud destination in your Redox organization. This destination will be where your data is pushed to.

In the dashboard

For the select destination step, follow the instructions for creating a cloud destination.
From the Product type field, select Health Data Services.
For the configure destination step, populate these fields. Then click the Next button.
1. FHIR® URL: Enter the Azure FHIR® endpoint where data should be sent. Append the URL with either /Bundle or /fhir, depending on the message type you plan to receive at this destination.
For the auth credential step, either a drop-down list of existing auth credentials displays or a new auth credential form opens. Learn how to create an auth credential for OAuth 2.0 2-legged.
Existing or new auth credential
Your existing auth credentials will only display if they're supported for the cloud product type you selected. If you don't have any supported auth credentials for the cloud type in the current Redox environment, you'll have to create a new auth credential.
For the verify step, follow the instructions for verifying a destination.

With the Redox Platform API

Review the Create auth credential endpoint.
In your terminal, prepare the /v1/authcredentials request.
Specify these required values in the request. These may not be noted as required fields in our API spec, but these are what's required for working with Azure.
- Locate the audience (FHIR® metadata endpoint) and clientID (Application ID) on the Overview page of the Microsoft Azure dashboard. The audience value is equivalent to the FHIR® metadata endpoint value. However, you must remove metadata at the end and replace it with either Bundle or fhir. For Redox, you should use Bundle.
- Locate the clientSecret value on the Certificates & Secrets page of the Microsoft Azure dashboard when you're creating a user. This value only displays once, so make sure you store it. Note that this isn't the same as the secret ID value.
  Example: Create auth credential for Azure + Health Data Services
  json
  1
  curl 'https://api.redoxengine.com/platform/v1/authcredentials' \
  2
  --request POST \
  3
  --header 'Authorization: Bearer $API_TOKEN' \
  4
  --header 'accept: application/json' \
  5
  --header 'content-type: application/json' \
  6
  --data '{
  7
  "organization": "<Redox_organization_id>"
  8
  "name": "<human_readable_name_for_auth_credential>"
  9
  "environmentId": "<Redox_environment_ID>"
  10
  "authStrategy": "OAuth_2.0_2-legged"
  11
  "audience": "<FHIR_metadata_endpoint_from_Azure>/Bundle"
  12
  "resourceURI": "<FHIR_metadata_endpoint_from_Azure>"
  13
  "clientId": "<client_id_from_Azure>"
  14
  "clientSecret": "<client_secret_from_Azure>"
  15
  "grantType": "client_credentials"
  16
  "url": "https://login.microsoftonline.com/<tenant id from azure console_step 1>/oauth2/v2.0/token"
  17
  "scope": "https://storage.azure.com/.default"
  18
  }
You should get a successful response with details for the new auth credential.
Review the Create destination endpoint.
In your terminal, prepare the /v1/environments/{environmentId}/destinations request.
Specify these values in the request.
- Set authCredential to the auth credential ID from the response you received in step #4.
- Populate cloudProviderSettings with the settings below.
  - Enter the Azure FHIR® endpoint to send to for the FHIR® base URL. Append the endpoint with either /Bundle or /fhir, depending on the message type you plan to receive at this destination.
    Example: Values for Azure + HDS cloudProviderSettings
    json
    1
    {
    2
    "cloudProviderSettings": {
    3
    "typeId": "azure",
    4
    "productId": "health-data-services",
    5
    "settings": {
    6
    "fhirBaseUrl": "<FHIR_endpoint>/<Bundle_or_fhir>"
    7
    }
    8
    }
    9
    }
You should get a successful response with details for the new destination for Azure.
Your new destination will now be able to receive messages. FHIR® data is validated against the FHIR® standard schema to ensure compliance since HDS enforces strict adherence to FHIR® rules. Once validated, data is securely stored in Azure's FHIR® datastore, which can be queried.

FHIR® is a registered trademark of Health Level Seven International (HL7) and is used with the permission of HL7. Use of this trademark does not constitute an endorsement of products/services by HL7®.