TL;DR; Should we change the internal api urls to use a site parameter to be consistent with the rest of our fhir/standard api urls.
So I finally am working on a project that is using the OpenEMR internal api where you don’t have to authenticate and instead use the API CRSF token that is populated in the session. Got that all working by looking at the example in tests/api/InternalAPITest.php.
However, I found that the URLs that we are using for the internal api do NOT take in a site parameter in the url which threw me off completely as its different to how we handle FHIR and our authenticated standard api.
For example a patient request in FHIR / standard api is as follows for the default site installation:
/apis/default/fhir/Patient - FHIR api
/apis/default/api/patient - standard api
But with the internal api usage using the apicsrftoken header the url is
/apis/fhir/patient - FHIR api
/apis/api/patient - standard api
I find this very confusing. I get that we can grab the site from inside the session and don’t really need it in the URLs but I really think for documentation, developers, and consistency we should keep the URLs the same.
I’d like to suggest we change this up, but I’m also concerned about legacy usage for people (and core code) who may have built against the URLs without the site parameter. I would think we could change it up so we can be backwards compliant for the next couple of releases with a deprecation warning.
If there is a reason why we need to keep the URLs this way and not add the site parameter, I’d like to know.
src/Common/Http/oeHttp.php