Xenrad Docs

FHIR integration

FHIR R4 endpoints, authentication, supported resources, operations, search parameters, and request examples.

Xenrad exposes a FHIR R4 JSON API for site-scoped clinical data. Authentication uses a site-scoped Xenrad API key in the X-API-Key header. There is no separate FHIR user; the key is bound to a site and resolves to its owning user.

Standards

  • FHIR version: R4 (normative 4.0.1 in the capability statement)
  • Format: application/fhir+json (JSON). This guide uses that format in examples.
  • Auth: X-API-Key header with an active site-scoped Xenrad API key.

Before you start

  1. Create an API key for the site in the Xenrad app.
  2. Store the revealed key securely; it is shown once.
  3. Send it as X-API-Key on FHIR requests.

Base URLhttps://fhir.integrations.xenrad-staging-app.xyz/fhir (for example https://fhir.integrations.xenrad-staging-app.xyz/fhir/Patient). Capability metadata: GET https://fhir.integrations.xenrad-staging-app.xyz/fhir/metadata.

Step 1 — Verify capability metadata

  • Capability statement: GET /fhir/metadata on the FHIR host. Confirms the server supports the listed resource types and interactions.
  • Interactive reference: open /api/documentation on the same FHIR host when enabled for your environment.

DELETE is not supported for the clinical resources listed below.

Step 2 — Call FHIR

Send:

X-API-Key: <api_key>
Accept: application/fhir+json
Content-Type: application/fhir+json   # for POST/PUT

URL patterns

OperationMethodPath
SearchGET/fhir/{ResourceType}?{search}
ReadGET/fhir/{ResourceType}/{id}
CreatePOST/fhir/{ResourceType}
UpdatePUT/fhir/{ResourceType}/{id}

The server resolves the API key to a site and executes the request inside that site boundary.

Supported resources and typical use

ResourceUse cases
PatientMaster demographics, identifiers, contact points.
ConditionProblem list, clinical status, coded conditions.
AllergyIntoleranceAllergies, clinical and verification status.
ObservationLab or clinical observations coded or textual.
ProcedureDocumented procedures.
DiagnosticReportRead structured radiology or clinical reports (backed by internal reports).
DocumentReferenceDocument metadata (and content pointers your mapping supports).

Search parameters (implemented)

The server’s search support is intentionally lean; it covers common filters. Parameters below are the ones the implementation recognizes.

Patient — GET /fhir/Patient?…

ParameterMatches
identifierInternal business identifier (maps to the patient’s identifier field for the site).
nameCase-insensitive substring of patient name.
birthdateDate of birth (exact match to stored value for the field).
genderAdministrative gender.

If no query parameters are present, the search returns all patients in the site attached to the API key.

Condition — GET /fhir/Condition?…

ParameterNotes
patientReference, for example Patient/{uuid}. The id is the Xenrad id.
clinical-statusFilter by stored clinical status text/code path your deployment uses.
codeFilter on coded code field.

AllergyIntolerance — GET /fhir/AllergyIntolerance?…

Same style as conditions: patient, clinical-status, code.

Observation / Procedure

ParameterNotes
patientPatient/{id}
codeCoded field filter

DocumentReference

ParameterNotes
patientPatient/{id}
typeDocument type code (doc_type_code path internally).

DiagnosticReport

ParameterNotes
patientResolves to reports whose study belongs to the patient.
statusUse final to map to completed reports, other values to draft.

Bundle search responses are JSON FHIR Bundle resources with type: searchset.

Create and update semantics

  • POST — creates a new resource; the server assigns an id in Xenrad.
  • PUT — id in path must match an existing id for the site, or the server will treat according to its implementation of upsert (for patients, a body without id creates when permitted).

Patient JSON mapping highlights for writes:

  • name[0].text for display name
  • identifier[0].value for the business identifier
  • telecom for phone/email by system
  • address[0] for text, state, country, postalCode
  • gender, birthDate ISO

Other resources expect references like Patient/{id} in subject / patient fields consistent with your payload examples; follow validation errors the API returns in OperationOutcome.

Read by id

GET /fhir/Patient/{id} returns a single Patient if it belongs to the API key site; 404 style OperationOutcome if not (exact behavior uses FHIR OperationOutcome in JSON).

Error format

On failure, responses use FHIR OperationOutcome (for example 404/405/500 paths) with machine-readable issue entries. Read diagnostics for developer clues.

Example: Patient search (outline)

  1. Create or select a site API key.
  2. GET {your FHIR host}/fhir/Patient?name=smith with X-API-Key: … (see Endpoints reference).
  • HL7 — v2 events that may feed the same patient data.
  • MPPS — procedure-step session ingest.
  • Endpoints reference — which host to call in each environment.
  • API keys — creating and revoking keys.

API keys

Creating, storing, using, and revoking Xenrad site API keys.

HL7 integration

HL7 v2.5.1 message types, MLLP vs HTTP, security, and how data maps into Xenrad.

On this page

StandardsBefore you startStep 1 — Verify capability metadataStep 2 — Call FHIRURL patternsSupported resources and typical useSearch parameters (implemented)Patient — GET /fhir/Patient?…Condition — GET /fhir/Condition?…AllergyIntolerance — GET /fhir/AllergyIntolerance?…Observation / ProcedureDocumentReferenceDiagnosticReportCreate and update semanticsRead by idError formatExample: Patient search (outline)Related