OpenEHR REST Definitions API

API Endpoint
http://www.openehr.org/api/v1

Release: 1.0.0

Status: TRIAL

Preface

Purpose

This specification describes service endpoints, resources, functions and operations as well as details of requests and responses that interacts with an openEHR API in a RESTful manner.

Related Documents

Prerequisite documents for reading this document include:

Related documents include:

Status

This specification is in the DEVELOPMENT state. It might not be complete and can still be subject to changes before the final release. Users are encouraged to comment on and/or advise on these paragraphs as well as the main content.

Feedback should be provided the Specification PR tracker or on specifications-ITS issue tracker.

Trademarks

Glossary and conventions

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in BCP 14 RFC 2119 RFC 8174 when, and only when, they appear in all capitals, as shown here.

Types defined by openEHR specification are always capitalized (e.g. EHR, COMPOSITION, VERSIONED_OBJECT, etc.) when used in this specification. For a list of all available types or a particular type definition please refer to the RM index.

Throughout this specification, a set of short terms is being used as described below:

Term Description
ehr_id The value for an EHR identifier, stored under EHR.ehr_id.value, usually an UUID or GUID
versioned_object_uid The value of a VERSIONED_OBJECT unique identifier, stored under VERSIONED_OBJECT.uid.value, e.g. 8849182c-82ad-4088-a07f-48ead4180515
version_uid The value of a VERSION unique identifier, stored under VERSION.uid.value, e.g. 8849182c-82ad-4088-a07f-48ead4180515::example.domain.com::2
preceding_version_uid The value of a previous VERSION unique identifier, used usually for PUT or DELETE methods, e.g. 8849182c-82ad-4088-a07f-48ead4180515::example.domain.com::1
version_at_time Time specifier used to retrieve the VERSION at specified time; the value is a timestamp in the ISO8601 format (e.g. 2015-01-20T19:30:22.765+01:00)
timestamp A timestamp in the ISO8601 format (e.g. 2015-01-20T19:30:22.765+01:00)
UUID A universally unique identifier (RFC 4122) (e.g. 8849182c-82ad-4088-a07f-48ead4180515)

HTTP Methods used in this specification are described by RFC 7231. HTTP Status codes are described by RFC 7231 and in the IANA Status Code Registry.

See design considerations section section for more details on how some HTTP methods and status codes MUST be used by an openEHR REST API implementation to achieve good interaction between services and clients in the spirit of this specification.

JSON format is used in many of the example below, but this does not imply that XML might not be supported by the same service endpoint. See below how data representation MUST be done and negotiated.

Design considerations

Authentication and authorization

Services SHOULD implement and support an HTTP Authentication and Authorization framework (which can support various schemes) but there is no assumption or recommendation being made in this specification about which authentication scheme should be used by services and clients. See RFC 7235 or Mozilla’s HTTP Authentication for details on this subject.

If an Authentication and Authorisation framework is present, services MUST properly use WWW-Authenticate and/or Proxy-Authenticate response headers and return HTTP status code 403 Forbidden or 401 Unauthorized or 407 Proxy Authentication whenever applicable, and clients MUST properly use Authorization and Proxy-Authorization in their request headers.

Options and conformance

OPTIONS http://www.openehr.org/api/v1/
RequestsInspect services and conformance
Headers
Accept: application/json
Responses200
Headers
Content-Type: application/json
Allow: GET, POST, PUT, DELETE, OPTIONS
Body
{
  "solution": "BestEHRSys",
  "solution_version": "v0.9",
  "vendor": "BestEHR",
  "restapi_specs_version": "v1.0",
  "conformance_profile": "STANDARD",
  "endpoints": [
    "/ehr",
    "/definitions",
    "/query"
  ]
}

OPTIONS/

The OPTIONS HTTP method allows a client to determine the options and/or requirements associated with a resource, or the capabilities of the service, without implying a resource action. Services SHOULD respond to this method with at least appropriate HTTP codes, headers and potentially with a payload revealing more details themselves.

Another use-case for this method is related to exposing service capabilities for a conformance manifest.

HTTP headers

This specification is using a few standard and custom HTTP headers that are described below.

The openEHR-VERSION and openEHR-AUDIT_DETAILS headers

When it comes to committing content to an openEHR system, for all change-controlled resources (e.g. COMPOSITION, EHR_STATUS, FOLDER, etc.) the services are performing versioning under the hood. Thus, the ‘native’ way of committing content is to wrap it as VERSION and use CONTRIBUTION.

But in order to keep things simpler and consistent, service MUST allow PUT, POST and DELETE methods also directly on these change-controlled resources. However, internally, these operations MUST be executed using the ‘native’ way with CONTRIBUTION.

In order to allow clients to provide committal metadata, services MUST accept openEHR-VERSION and openEHR-AUDIT_DETAILS request custom headers. For clients, it is RECOMMENDED to provision these headers based on authentication and authorization runtime data. Below is a complex example of these request headers used in a PUT action to update a COMPOSITION:

openEHR-VERSION.lifecycle_state: code_string="532"
openEHR-AUDIT_DETAILS.change_type: code_string="251"
openEHR-AUDIT_DETAILS.description: value="An updated composition contribution description"
openEHR-AUDIT_DETAILS.committer: name="John Doe", external_ref.id="BC8132EA-8F4A-11E7-BB31-BE2E44B06B34", external_ref.namespace="demographic", external_ref.type="PERSON"

None of these headers are mandatory, but whatever is provided it MUST be merged with the default VERSION and VERSION.audit_details attributes on commit runtime.

Below a list of code_string values and their meaning (taken from openEHR terminology):

header code value / meaning
openEHR-VERSION.lifecycle_state 532 complete
openEHR-VERSION.lifecycle_state 553 incomplete
openEHR-VERSION.lifecycle_state 523 deleted
openEHR-AUDIT_DETAILS.change_type 249 creation
openEHR-AUDIT_DETAILS.change_type 250 amendment
openEHR-AUDIT_DETAILS.change_type 251 modification
openEHR-AUDIT_DETAILS.change_type 252 synthesis
openEHR-AUDIT_DETAILS.change_type 523 deleted
openEHR-AUDIT_DETAILS.change_type 666 attestation
openEHR-AUDIT_DETAILS.change_type 253 unknown

The If-Match header and accidental overwrites

The use case of this is described by RFC 7232.

If-Match: 8849182c-82ad-4088-a07f-48ead4180515::example.domain.com::2

This HTTP request header SHOULD be used by the clients to prevent accidental overwrites when multiple user agents might be acting in parallel on the same resource. This is only required by a small set of resources of this specification, as in most of the other cases the preceding_version_uid path segment is instead required in order to prevent such accidental overwrites. In case a service receives this header and the condition evaluates to false it MUST respond with HTTP status code412 Precondition Failed.

The Location header

This response header indicates the resource location (URL). According to RFC 7231, it is used to refer to a specific resource in relation to the response. The type of relationship is defined by the combination of request method and status code semantics. Services MUST return this header whenever a create or update operation was performed, but it MAY return this header on other operation or action. Example:

Location: http://www.openehr.org/api/v1/ehr/347a5490-55ee-4da9-b91a-9bba710f730e/composition/8849182c-82ad-4088-a07f-48ead4180515::example.domain.com::2

See representation details negotiation section for more details on how use this header.

Services MAY generate resource URL as specified by DV_URI/DV_EHR_URI format, and if this feature is supported then the services MUST use openEHR-uri response header. Example:

openEHR-uri: ehr:/347a5490-55ee-4da9-b91a-9bba710f730e/compositions/87284370-2D4B-4e3d-A3F3-F303D2F4F34B

The Prefer header

This request header MAY be used by clients for resource representation negotiation. See more details on representation details negotiation section.

The ETag and Last-Modified headers

According to RFC 7232,

The “ETag” header field in a response provides the current entity-tag for the selected representation, as determined at the conclusion of handling the request. An entity-tag is an opaque validator for differentiating between multiple representations of the same resource, regardless of whether those multiple representations are due to resource state changes over time, content negotiation resulting in multiple representations being valid at the same time, or both.

ETag: 8849182c-82ad-4088-a07f-48ead4180515::example.domain.com::2

The Last-Modified response HTTP header contains the datetime of the last modification of targeted resource which should be taken from VERSION.commit_audit.time_committed.value. An example of such header value format is:

Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT

See more details on RFC 7232.

These headers SHOULD be present in all responses targeting VERSION, VERSIONED_OBJECT or other resources that have unique identifier for each of the changes in time. The value of this header MAY be the unique identifier of that resource (e.g. VERSIONED_OBJECT.uid.value, VERSION.uid.value, EHR.ehr_id.value, etc).

HTTP status codes

To indicate the status of the request or the executed operation, one of the following subset of the HTTP status codes RFC 7231 MUST be used:

Code Reason-Phrase Meaning, usecase and details
200 OK The request succeeded, payload sent in a 200 response depends on the request method
201 Created The request has been fulfilled and has resulted in one or more new resources being created
204 No content The request has been fulfilled and there is no additional content to send in the response payload body
400 Bad request The service cannot or will not process the request due to something that is perceived to be a client error
401 Unauthorized If the service requires authorization, this indicates that the request has not been applied because it lacks valid authentication credentials for the target resource
403 Forbidden The service understood the request but refuses to authorize it
404 Not found The origin service did not find the target resource or is not willing to disclose that one exists
405 Method Not Allowed The method received in the request-line is known by the origin service but not supported by the target resource
406 Not Acceptable The target resource does not have a current representation that would be acceptable to the user
409 Conflict Indicates that the request could not be processed because it might generate a duplicate or a conflict
412 Precondition Failed One or more conditions given in the request header fields evaluated to false when tested on the server
415 Unsupported Media Type The service is refusing the request because the payload is in a format not supported by this method on the target resource
500 Internal Server Error The service encountered an unexpected condition that prevented it from fulfilling the request
501 Not Implemented The service does not support the functionality required to fulfill the request

Meaning of these codes may be further detailed (nuanced) in this specification by particular responses. If required, other status codes MAY be used by implementations as long as their usecase is not conflicting or overlapping with above codes.

In case of errors (HTTP codes 400-500), the services MAY return more details (if Prefer: return=representation request header is present). Example:

some codes/messages https://github.com/ppazos/cabolabs-ehrserver/wiki/API-error-codes-and-messages and http://veratechnas1.synology.me:13606/InstanceValidator/rules.html

{
    "message": "Error message",
    "code": 90000,
    "errors": [
        {
            "_type": "DV_CODED_TEXT",
            "value": "Error message",
            "defining_code": {
                "terminology_id": {
                    "value": "local"
                },
                "code_string": "9000"
            }
        },
        {
            "_type": "DV_CODED_TEXT",
            "value": "Secondary error message",
            "defining_code": {
                "terminology_id": {
                    "value": "local"
                },
                "code_string": "8000"
            }
        }
    ]
}

Data representation

Services MUST support at least one of the openEHR XML or JSON formats (described below) for resource representation.

XML Format

When resources representation is serialized as XML, the result MUST be valid against published XSDs.

A client MAY use the header Content-Type: application/xml in the requests to specify the XML payload format. If the service cannot process the request payload as XML format is not supported, it MUST respond with HTTP status code415 Unsupported Media Type.

The Accept: application/xml SHOULD be used in the request by the client in order to specify the expected XML response format. If the service cannot fulfill this aspect of the request, it MUST respond with HTTP status code 406 Not Acceptable. Proper header Content-Type: application/xml MUST be present in the response of the service unless response has no body (status 204).

JSON Format

Attribute names must be lowercase snake_case names as specified in the equivalent RM type. For example:

{
    "category": {
        "value": "event",
        "defining_code": {
            "terminology_id": {
                "value": "openehr"
            },
            "code_string": "433"
        }
    }
}

Metadata attributes (those that are not also RM attributes) will always be prefixed by a '_'. One example is the _type attribute, which should be used to specify the RM type whenever polymorphism is involved or the underlying definition in RM type is abstract (dynamic type is different from the static type). This follows same rule as for XML typing. The value of this attribute MUST be the uppercase class name from the RM specification. For example:

{
    "_type": "DV_TEXT",
    "value": "Hello world!"
}

The RM attributes (even required ones) that are Null, empty list or empty arrays SHOULD be absent when serialized as JSON.

The order of attributes in the resource MAY follow the order of attributes in the RM specification of the type of the resource, but this is not mandatory.

tbd json-schema

A client MAY use the header Content-Type: application/json in the requests to specify the JSON payload format. If the service cannot process the request payload as JSON format is not supported, it MUST respond with HTTP status code 415 Unsupported Media Type.

The Accept: application/json SHOULD be used in the request by the client in order to specify the expected JSON response format. If the service cannot fulfill this aspect of the request, it MUST respond with HTTP status code 406 Not Acceptable. Proper header Content-Type: application/json MUST be present in the response of the service unless response has no body (status 204).

Datetime format

Query parameters and path segments that are date, datetime, or timestamp, MUST always use the canonical ISO8601 extended format, e.g. 2016-06-23T13:42:16.117+02:00.

Any date, datetime or timestamp value provided by a create or update action inside the COMPOSITION content will be preserved as it was sent by client (i.e. if COMPOSITION was saved as narrow format, it will always return the way it was). However, the strongly RECOMMENDED format is to use the ISO8601 extended format.

Representation details negotiation

When using the HTTP methods to create or update a resource, the service SHOULD give clients the option of returning either a complete representation of the (modified) resource, or a minimal or no content in the payload response (assuming the operation was successfully completed). See RFC 7240 for more details on how achieve this using Prefer header. The client MAY choose any of the following:

  • send Prefer: return=minimal to inform the service that prefers only a minimal response to a successful request. A Location header indicating the direct URL to access the resource MUST be part of the service response. If there is no payload content to be returned, the service SHOULD use HTTP status code 204 No Content.

  • send Prefer: return=representation to inform the service that prefers a full representation response to a successful request. A Location header indicating the direct URL to access the resource MAY be part of the service response and the payload content SHOULD include a full representation.

In case no Prefer header is present in request, the default response policy is return=minimal.

Another preference is related to following and resolving OBJ_REF identifiers. Under some circumstances a client MAY indicate that prefers response containing full or partial resource representation instead of references to resources using OBJ_REF. A typical case is a list of COMPOSITIONs part of an EHR, which, strictly following RM specification, should always return list of OBJ_REF, but sometimes clients prefers to get COMPOSITIONs. Services that have this capability implemented SHOULD accept and honor Prefer: resolve_refs request header.

Prefer: return=representation, resolve_refs

Definitions

This is a collection of resources to manage the clinical definitions and models of the openEHR Server. They allow management of openEHR templates and queries.

ADL 1.4 TEMPLATE

Release: 1.0.0

Management of OpenEHR operational templates. OpenEHR templates can be uploaded and downloaded as OPTs created by modelling tools such as the Template Designer.

POST http://www.openehr.org/api/v1/definition/template/adl1.4/?version=
Requestsexample 1
Body
<template xmlns="http://schemas.openehr.org/v1">
    <language>
        <terminology_id>
            <value>ISO_639-1</value>
        </terminology_id>
        <code_string>en</code_string>
    </language>
    <description>
        <original_author id="Original Author">Not Specified</original_author>
        <lifecycle_state>Initial</lifecycle_state>
        <other_details id="MetaDataSet:Sample Set ">Template metadata sample set </other_details>
...
Responses201400409

201 Created is returned when the template has been successfully uploaded. Depending on the header Prefer either an empty body or a full representation body is returned.
Version string in the location header is optional.

Headers
Location: {baseUrl}/definition/template/adl1.4/{template_id}/{version}
Body
<template xmlns="http://schemas.openehr.org/v1">
    <language>
        <terminology_id>
            <value>ISO_639-1</value>
        </terminology_id>
        <code_string>en</code_string>
    </language>
    <description>
        <original_author id="Original Author">Not Specified</original_author>
        <lifecycle_state>Initial</lifecycle_state>
        <other_details id="MetaDataSet:Sample Set ">Template metadata sample set </other_details>
...

400 Bad Request is returned when unable to upload a template, because of invalid content.

409 Conflict is returned when a template with given id and version already exists. This response is optional.

Upload a template
POST/definition/template/adl1.4/{?version}

Upload a new ADL 1.4 operational template (OPT).

URI Parameters
HideShow
version
string (optional) 

a SEMVER version format, i.e. 1.0.1

GET http://www.openehr.org/api/v1/definition/template/adl1.4/template_id
Responses200

200 OK is returned when the EHR resource is successfully retrieved.

Headers
Content-Type: application/json
Body
[
    {
        "template_id": "string",
        "version": "1.7.1", // optional
        "concept": "string",
        "archetype_id": "string",
        "created_timestamp": "2017-08-14T19:24:56.639Z"
    }
]

List all templates
GET/definition/template/adl1.4/{template_id}

List all available ADL 1.4 operational templates on the system.

URI Parameters
HideShow
template_id
string (optional) 

lists only versions of the template with the given id

GET http://www.openehr.org/api/v1/definition/template/adl1.4/template_id/version_pattern
Responses200404

200 OK is returned when the template is successfully retrieved.

Body
<template xmlns="http://schemas.openehr.org/v1">
    <language>
        <terminology_id>
            <value>ISO_639-1</value>
        </terminology_id>
        <code_string>en</code_string>
    </language>
    <description>
        <original_author id="Original Author">Not Specified</original_author>
        <lifecycle_state>Initial</lifecycle_state>
        <other_details id="MetaDataSet:Sample Set ">Template metadata sample set </other_details>
...

404 Not Found is returned when a template with the specified id does not exist.

Get template
GET/definition/template/adl1.4/{template_id}/{version_pattern}

Gets a specified ADL 1.4 operational template.

URI Parameters
HideShow
template_id
string (required) 

template id

version_pattern
string (optional) 

SEMVER version pattern. This can be a complete version (i.e. 1.7.1) or partial i.e. (1.0) in which case the latest version with given prefix is returned.

ADL 2 TEMPLATE

POST http://www.openehr.org/api/v1/definition/template/adl2/?version=
Requestsexample 1
Body
template (adl_version=2.0.5; rm_release=1.0.2)
    openEHR-EHR-COMPOSITION.t_clinical_info_ds_sf.v1.0.0

specialize
    openEHR-EHR-COMPOSITION.discharge.v1

language
    original_language = <[ISO_639-1::en]>

description
    lifecycle_state = <"unmanaged">
    original_author = <
        ["name"] = <"Ian McNicoll">
        ["organisation"] = <"openEHR Foundation">
        ["email"] = <"ian.mcnicoll@openehr.org">
...
Responses201400409

201 Created is returned when the template has been successfully uploaded. Version string in the location header is optional.

Headers
Location: {baseUrl}/definition/template/adl2/{template_id}/{version}

400 Bad Request is returned when unable to upload a template, because of invalid content.

409 Conflict is returned when a template with given id and version already exists. This response is optional.

Upload a template
POST/definition/template/adl2/{?version}

Upload a new ADL 2 operational template.

URI Parameters
HideShow
version
string (optional) 

a SEMVER version format, i.e. 1.0.1

GET http://www.openehr.org/api/v1/definition/template/adl2/template_id
Responses200

200 OK is returned when the template is successfully retrieved.

Headers
Content-Type: application/json
Body
[
    {
        "template_id": "string",
        "version": "1.7.1", // optional
        "concept": "string",
        "archetype_id": "string",
        "created_timestamp": "2017-08-14T19:24:56.639Z"
    }
]

List all templates
GET/definition/template/adl2/{template_id}

List all available ADL2 operational templates on the system

URI Parameters
HideShow
template_id
string (optional) 

lists only versions of the template with the given id

GET http://www.openehr.org/api/v1/definition/template/adl2/template_id/version_pattern
Responses200404

200 OK is returned when the template is successfully retrieved.

Body
template (adl_version=2.0.5; rm_release=1.0.2)
    openEHR-EHR-COMPOSITION.t_clinical_info_ds_sf.v1.0.0

specialize
    openEHR-EHR-COMPOSITION.discharge.v1

language
    original_language = <[ISO_639-1::en]>

description
    lifecycle_state = <"unmanaged">
    original_author = <
        ["name"] = <"Ian McNicoll">
        ["organisation"] = <"openEHR Foundation">
        ["email"] = <"ian.mcnicoll@openehr.org">
...

404 Not Found is returned when a template with the specified id does not exist.

Get template
GET/definition/template/adl2/{template_id}/{version_pattern}

URI Parameters
HideShow
template_id
string (required) 

template id

version_pattern
string (optional) 

SEMVER version pattern. This can be a complete version (i.e. 1.7.1) or partial i.e. (1.0) in which case the latest version with given prefix is returned.

STORED QUERY

Release: 1.0.0

Management of stored (registered) queries in the system.

Stored queries must have a name and an optional version number. Implementers can choose a schema for query names, such as <namespace>::<query-name>, this way queries can be separated by domain, etc. Version numbers, if used must be in SEMVER style (major.minor.patch). If only a partial version is supplied or version is not supplied at all, the system must use the latest version with the supplied prefix. Namespace (if used) should be reverse domain name, which allows for separation of stored queries by teams, companies, etc. In the future several standard openEHR stored queries might be developed, those will use namespace org.openehr.

Management of stored queries is done using resources starting /definition/query described here.

GET http://www.openehr.org/api/v1/definition/query/qualified_query_name
Responses200

200 OK is returned when the resources are successfully retrieved.

Headers
Content-Type: application/json
Body
[
    {
        "name": "org.openehr::compositions",
        "type": "aql",
        "version": "1.0.1",
        "saved": "2017-07-16T19:20:30.45+01:00",
    },
    {
        "name": "org.openehr::compositions",
        "type": "aql",
        "version": "3.1.7",
        "saved": "2017-06-13T09:37:20.53+01:00",
    }
]

List stored queries
GET/definition/query/{qualified_query_name}

Parameter qualified_query_name is optional. If omitted they are treated as “wildcards” in the search

Examples:

  • GET /definition/query/org.openehr will list all versions of all queries with names starting with org.openehr

  • GET /definition/query/org.openehr::compositions will list all versions of the query named org.openehr::compositions

URI Parameters
HideShow
qualified_query_name
string (required) 
PUT http://www.openehr.org/api/v1/query/qualified_query_name/version?type=
Requestsexample 1
Body
{
  "q": "SELECT c FROM EHR e[ehr_id/value=$ehr_id] CONTAINS COMPOSITION c[openEHR-EHR-COMPOSITION.encounter.v1] CONTAINS OBSERVATION obs[openEHR-EHR-OBSERVATION.blood_pressure.v1] WHERE obs/data[at0001]/events[at0006]/data[at0003]/items[at0004]/value/magnitude >= $systolic_bp",
  "query-parameters": {
    "ehr_id": "7d44b88c-4199-4bad-97dc-d78268e01398",
    "systolic_bp": 140
  }
}
Responses200400409

200 OK query was successfully stored.

Headers
Location: {baseUrl}/query/{qualified_query_name}/{version}

400 Bad Request is returned when the server was unable to store the query. Could be due to incorrect request body (could not be parsed, etc), unknown query type, etc.

409 Conflict is returned when a query with the given name and version already exists on the server.

Store a query
PUT/query/{qualified_query_name}/{version}{?type}

Store a new query on the system.

URI Parameters
HideShow
qualified_query_name
string (required) 

query name

version
string (required) 

version number following the http://semver.org/ conventions

type
string (optional) 

indicating the query language/type (presently AQL, but future additions possible)

GET http://www.openehr.org/api/v1/query/qualified_query_name/version
Responses200404

200 OK is returned when the stored AQL is successfully retrieved.

Headers
Content-Type: application/json
Body
{
  "name": "org.openehr::compositions",
  "type": "aql",
  "version": "1.0.1",
  "saved": "2017-07-16T19:20:30.45+01:00",
  "q": "SELECT c FROM EHR e[ehr_id/value=:ehr_id] CONTAINS COMPOSITION c[:compositionid] WHERE c/name/value = 'Vitals'"
}

404 Not Found is returned when the stored AQL with supplied name and version doesn’t exist.

Headers
Content-Type: application/json

Get stored query and info/metadata
GET/query/{qualified_query_name}/{version}

URI Parameters
HideShow
qualified_query_name
string (required) 

query name

version
string (required) 

version number following the http://semver.org/ conventions

Generated by aglio on 07 Dec 2018