Android smartphone API call

Christoforos_Korifid · August 20, 2021, 4:25am

Situation
I want to make an api call form an android smart phone.

OpenEMR Version
I am using this on demo site.

Operating System
Android 8.

Hello newby here!
I have read the documentation here

openemr/openemr/blob/master/API_README.md

# OpenEMR REST API Documentation

## Overview

Easy-to-use JSON-based REST API for OpenEMR. All code is done in classes and separate from the view to help with codebase modernization efforts. FHIR is also supported, see FHIR API documentation [here](FHIR_README.md)

## Implementation

REST API endpoints are defined in the [primary routes file](_rest_routes.inc.php). The routes file maps an external, addressable
endpoint to the OpenEMR controller which handles the request, and also handles the JSON data conversions.

```php
"POST /api/patient" => function () {
    RestConfig::authorization_check("patients", "demo");
    $data = (array) (json_decode(file_get_contents("php://input")));
    $return = (new PatientRestController())->post($data);
    RestConfig::apiLog($return, $data);
    return $return;
}
```

This file has been truncated. show original

and If I have understand correctly I have to register first and start making api calls.
I have found the below example to make api calls:

{
   "application_type": "private",
   "redirect_uris":
     ["https://client.example.org/callback"],
   "post_logout_redirect_uris":
     ["https://client.example.org/logout/callback"],
   "client_name": "A Private App",
   "token_endpoint_auth_method": "client_secret_post",
   "contacts": ["me@example.org", "them@example.org"],
   "scope": "openid offline_access api:oemr api:fhir api:port user/allergy.read user/allergy.write user/appointment.read user/appointment.write user/dental_issue.read user/dental_issue.write user/document.read user/document.write user/drug.read user/encounter.read user/encounter.write user/facility.read user/facility.write user/immunization.read user/insurance.read user/insurance.write user/insurance_company.read user/insurance_company.write user/insurance_type.read user/list.read user/medical_problem.read user/medical_problem.write user/medication.read user/medication.write user/message.write user/patient.read user/patient.write user/practitioner.read user/practitioner.write user/prescription.read user/procedure.read user/soap_note.read user/soap_note.write user/surgery.read user/surgery.write user/vital.read user/vital.write user/AllergyIntolerance.read user/CareTeam.read user/Condition.read user/Coverage.read user/Encounter.read user/Immunization.read user/Location.read user/Medication.read user/MedicationRequest.read user/Observation.read user/Organization.read user/Organization.write user/Patient.read user/Patient.write user/Practitioner.read user/Practitioner.write user/PractitionerRole.read user/Procedure.read patient/encounter.read patient/patient.read patient/AllergyIntolerance.read patient/CareTeam.read patient/Condition.read patient/Encounter.read patient/Immunization.read patient/MedicationRequest.read patient/Observation.read patient/Patient.read patient/Procedure.read"
  }

I have two questions.

Do I have to register through api call? I there I way I register my device once somewhere in the openemr administration section?
Using an android smarthpone to make the calls, what should be the values in parameters

2.1 redirect_uris

2.2. post_logout_redirect_uris

Thanks in advance.

Rachel_Ellison · August 20, 2021, 9:23am

The tutorial uses curl to interface with the API. To replicate on a smart phone maybe you can use an app on the Google play store that acts as a Linux terminal emulator or rest API client.

The localhost in the tutorial indicates that you’re running the curl command in the same machine/docker container has the open EMR web interface.

The port :9300 tells me that the command was written for a development version of open EMR. Where port 80 traffic, the default HTTP port, is pulled from port 8300. 9300 should mean that it’s using SSL, and I think redirected to port 443.

If you are using the web hosted demo, you should get rid of the port number and replace local host with a link to the website.

https://demo.openemr.io/a/openemr/interface/login/login.php?site=default

I think it would look something like this:
https://demo.openemr.io/a/openemr/oauth2/default/registration

curl -X POST -k -H ‘Content-Type: application/json’ -i https://localhost:9300/oauth2/default/registration --data ‘{
“application_type”: “private”,
“redirect_uris”:
[“https://client.example.org/callback”],
“post_logout_redirect_uris”:
[“https://client.example.org/logout/callback”],
“client_name”: “A Private App”,
“token_endpoint_auth_method”: “client_secret_post”,
“contacts”: [“me@example.org”, “them@example.org”],
“scope”: “openid offline_access api:oemr api:fhir api:port user/allergy.read user/allergy.write user/appointment.read user/appointment.write user/dental_issue.read user/dental_issue.write user/document.read user/document.write user/drug.read user/encounter.read user/encounter.write user/facility.read user/facility.write user/immunization.read user/insurance.read user/insurance.write user/insurance_company.read user/insurance_company.write user/insurance_type.read user/list.read user/medical_problem.read user/medical_problem.write user/medication.read user/medication.write user/message.write user/patient.read user/patient.write user/practitioner.read user/practitioner.write user/prescription.read user/procedure.read user/soap_note.read user/soap_note.write user/surgery.read user/surgery.write user/vital.read user/vital.write user/AllergyIntolerance.read user/CareTeam.read user/Condition.read user/Coverage.read user/Encounter.read user/Immunization.read user/Location.read user/Medication.read user/MedicationRequest.read user/Observation.read user/Organization.read user/Organization.write user/Patient.read user/Patient.write user/Practitioner.read user/Practitioner.write user/PractitionerRole.read user/Procedure.read patient/encounter.read patient/patient.read patient/AllergyIntolerance.read patient/CareTeam.read patient/Condition.read patient/Encounter.read patient/Immunization.read patient/MedicationRequest.read patient/Observation.read patient/Patient.read patient/Procedure.read”
}’

Christoforos_Korifid · August 28, 2021, 2:09pm

Thanks for the info.
I tried it and I really got an answer so I communicated with the server.
But the answer said “Invalid redirect url”.
From a mobile system as and android phone I can not have a redirect url.
So how do overcome this?
I put a fake rediect url and it worked but I don’t think this is proper solution.

adunsulag · August 30, 2021, 9:29pm

@Christoforos_Korifid Actually if you search on the web for “openid connect mobile application” or even “oauth2 mobile application” you’ll find plenty of articles telling you how to implement these protocols on a mobile application. The redirect url could be a custom schema or a domain you listen to via a webview etc that you can catch the ‘code’ value and then request a token from the oauth2 endpoint.

The redirect_uri is used when you initiate the oauth2 authorization_grant flow to send an encrypted code value back to your client’s URI. We use the registered uri in order to make sure there is no MITM attacks as the response is sent back to the client that registered, not the URL making the request. This is all part of the OpenID Connect specification.

Christoforos_Korifid · September 4, 2021, 8:49am

Thanks for the answer,

I have read tutorials. I had this question because I thought the example was for a mobile application. I did not realize it was a generic oath2 call.
On a mobile app there is no redirect uri on the mobile device.
On the other hand it could be o uri on a central server where, for example, I could keep track of calls or it can be a uri pointing nowhere if I chose to ignore this info.

Am I right?

adunsulag · September 8, 2021, 10:42pm

Please read the following article on using OAuth2 for Native Apps. Authorization Grant for OAuth2 requires a redirect_uri.