Skip to main content


class HS.FHIRServer.RestHandler extends %CSP.REST


Method Inventory


DefaultContentType specifies the content type to use when no content type is specified in the incoming request. The FHIR spec at is clear about defaulting if no acceptable format is specified via content negotiation: "If neither the accept header nor the _format parameter are specified, the MIME-type of the content returned by the server is undefined and may vary." Per the FHIR spec, "FHIR uses UTF-8 for all request and response bodies." ( Setting this parameter to 1 (the default in %CSP.Page is 0) will cause CSP to convert the request content to internal format before passing it to this handler (The equivalent of doing $ZCVT(val, "I", "UTF8") on the request content).
parameter DefaultContentType = JSON;
parameter HandleCorsRequest = 1;
This parameter influences the CORS support. The default is an empty string meaning 'not specified'. If set to true (1) then CORS processing is ON. If set to false (0) then CORS processing is OFF. If left unset "" then the decision to process CORS is delegated to the setting on the URL map route.
parameter IGNOREMISSINGCHARSETKEY = \FHIR\IgnoreMissingContentTypeCharset;
Per the FHIR spec, "requests and responses SHALL explicitly set the character encoding to UTF-8 using the charset parameter of the MIME-type in the Content-Type header" ( However what we have observed working with various FHIR clients is that clients sometimes include a Content-Type header in a request with no charset parameter. Setting the value of this key to 1 in the Configuration Registry in this namespace will cause a missing Content-Type charset to be ignored rather than rejected. A non-null charset that is not "utf8" or "utf-8" (case-insensitive) will still be rejected.
parameter MinimalTokenCheck = 0;
When set to 1 (true), OAuth access tokens are only checked to verify:
- The token is located in the Authorization header.
- The token is not blank (i.e., the Authorization header is not simply "Bearer" or "Bearer ").
- The current request is secure (i.e., is over https).
This may be desired when tokens are expected to always already have been validated prior to arriving at this Dispatch Class, or for specific implementations that want to defer token validation to some later part of request processing.
parameter PrivilegedPrefix = p;
If the first element of the FHIR request url is this string, then we flag the request as a population query request by setting AdditionalInfo("USER:PopulationQueryRequested") to 1. This allows for specialized Strategy code to handle population queries specially if desired.
parameter ServiceConfigName;
parameter isInteropAdapter = 0;


classmethod GetFormatForAccept(mimeType As %String)
Translate valid values of the Accept header into a "format code"
classmethod GetFormatForContentType(mimeType As %String)
Translate valid values of the Content-Type header into a "format code"
classmethod GetFormatForParameter(mimeType As %String)
Translate valid values of the _format query parameter into a "format code"
classmethod GetRESTConfig() as HS.Util.RESTCSPConfig
classmethod GetResponseMimeType(pResponseFormatCode As %String, ByRef toObject)
@API Writes any returned content from the Response object to a stream, converting into the requested content format (json or xml). Sets the ContentType and CharSet properties in the specified'toObject'
classmethod IsPrelimTokenCheckOnly() as %Boolean
Return an indicator indicating whether to do only the checking that is done by the PrelimTokenCheck method.
classmethod IsRequestAuthenticated()
classmethod OnHandleCorsRequest(pUrl As %String) as %Status
OnHandleCorsRequest overrides the same method from %CSP.REST. FHIR CSP config setting DisableCORS provides a way for an implementation to override the HandleCorRequest class parameter.
classmethod OnHandleOptionsRequest(pUrl As %String) as %Status
Called by %REST base class when an OPTIONS request is received. This method provides handling of the options request. Note carefully: If authentication is required then this method will be called before login and as such will have only limited privileges
classmethod OnPreDispatch(pUrl As %String, pMethod As %String, ByRef pContinue As %Boolean) as %Status
Override of %CSP.REST OnPreDispatch(). This method gets called prior to dispatch of EVERY request. If this method sets pContinue to 0, the request will NOT be dispatched according to the UrlMap. In that case it is the responsibility of this method to return a response.
classmethod UpdateUserInfo(pTokenHandlerObj As HS.FHIRServer.API.OAuth2Token, pOrigUsername As %String, pOrigRoles As %String, pRequest As HS.FHIRServer.API.Data.Request)
Use the user-related information in the access token to update the user-related information in the FHIR API request message.
classmethod WriteErrorResponse(json As %DynamicObject, pFHIRResponse As HS.FHIRServer.API.Data.Response, fhirService As HS.FHIRServer.Service, pOutStream As %Stream.Object, ByRef pMimeObj)
classmethod WriteResponse(json As %DynamicObject, pResponseFormatCode As %String, isPretty As %Boolean, fhirService As HS.FHIRServer.Service, pOutStream As %Stream.Object, ByRef pMimeObj)
classmethod WriteServiceResponse(pFHIRResponse As HS.FHIRServer.API.Data.Response, fhirService As HS.FHIRServer.Service, pOutStream As %Stream.Object, ByRef pMimeObj)
classmethod determineInputFormatCode(pRequest As HS.FHIRServer.API.Data.Request) as %String
Return the requested content format codes for the POSTed input data. The format codes are $$$FHIRContentCodeXML and $$$FHIRContentCodeJSON. The format of the input data (if any) is determined by the Content-Type header. This method analyzes the various acceptable Mime-Types and ensures that the CharSet is also proper. If the requested type is not supported, a 415 is returned for all FHIR versions. (Note: before R4, the return code was unspecified in the FHIR Spec). The spec says "... and 415 Unsupported Media Type when the client posts a format that is not supported to the server."
classmethod determineOutputFormatCode(pRequest As HS.FHIRServer.API.Data.Request) as %String
Return the Format Code ($$$FHIRContentCodeJSON or $$$FHIRContentCodeXML) for the output data. 1. check for '_format' parameter. If present, use that. 2. check the "Accept" header. If present, use that. Require charset is utf-8 (if present). Allow non-presence of charset spec. NOTE: The STU3 spec was stricter, but R4 removes the strictness because it was a pain. we will follow the R4 spec for R3. 3. Use the default (from the configuration)
classmethod processRequest(pRequestPath As %String) as %Status
Process an inbound request. This hands off the incoming request to the business service.
classmethod processWellKnown(pUriSuffix As %String) as %Status

Inherited Members

Inherited Methods


FeedbackOpens in a new tab