Versions Compared

Version Old Version 22 New Version Current
Changes made by

Michael Bodkin (Unlicensed)

Michael Bodkin (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Term

Definition

Client Id

The unique identifier we assign to user of external API call. Random 32 character string generated using custom algorithm. https://github.com/sunwavehealth/SunwaveEMR/blob/d46b653451ce24623a0c6c72d0aa4e2313c5c0f9/src/main/java/com/sunwave/emr/server/security/ExternalApplicationProcessor.java#L96

Client Secret

Secret we assign to the user of the Rest API. It is 256 characters randomly generated by custom algorithm. https://github.com/sunwavehealth/SunwaveEMR/blob/d46b653451ce24623a0c6c72d0aa4e2313c5c0f9/src/main/java/com/sunwave/emr/server/security/ExternalApplicationProcessor.java#L96

User Id

The use’s account for Sunwave Health. I It must have an email to be used for this validation.

Clinic Id

Realm to the user id is to be validated against.

Transaction Id

A unique id the customer generates for each transaction. Can not be reused.

Payload

Only used for POST operations and is the base 64 encoded string representing the data to be put into Sunwave.

MD5 Digest

Message-digest algorithm for producing 128-bit hash values. See https://en.wikipedia.org/wiki/MD5 Sunwave uses it as a checksum to validate the request has not been modified.

Seed

For GET requests: User Id + ":" + Client Id + ":" + getDateTimeBase64() + ":" + Clinic Id + ":" + Transaction Id;For POST requests User Id + ":" + Client Id + ":" + getDateTimeBase64() + ":" + Clinic Id + ":" + Transaction Id + “:” + MD5 Digest

HMAC

Hash Based Method Authentication code see https://en.wikipedia.org/wiki/HMAC Used to verify both the data integrity and authenticity of the user’s request.

Token

This is the string to used as the Digest. User Id + ":" + Client Id + ":" + getDateTimeBase64() + ":" + Clinic Id + ":" + Transaction Id + “:” + HMAC of the seed

...

Code Block
languagebash
##### Begin GET Validation Trace
01 Feb 2023 10:21:01,666~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:37 ~  ~ *********** com.sunwave.emr.server.security.DigestValidator::validateTransactionId line: 79
01 Feb 2023 10:21:01,671~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:38 ~  ~ select id from sw_api_transaction where transaction_id = '0000002' and clinic_id = '131'
01 Feb 2023 10:21:08,263~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:37 ~  ~ *********** com.sunwave.emr.server.security.DigestValidator::validateTransactionId line: 84
01 Feb 2023 10:21:08,265~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:38 ~  ~ insert into sw_api_transaction (transaction_id, created_on,clinic_id) values ('0000002',str_to_date('2023-02-01 10:21:06','%Y-%m-%d %H:%i:%s'),'131')
01 Feb 2023 10:22:09,078~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:37 ~  ~ *********** com.sunwave.emr.server.security.DigestValidator::validateGET line: 52
01 Feb 2023 10:22:09,081~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:38 ~  ~ select user_email from sw_user_clinic where sw_user_clinic.clinic_id = '131' and sw_user_clinic.user_email = 'sunwave-admin1'
01 Feb 2023 10:22:12,955~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:37 ~  ~ *********** com.sunwave.emr.server.security.DigestValidator::getPrivateKey line: 73
01 Feb 2023 10:22:12,959~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:38 ~  ~ select client_secret from sw_external_application where client_id = 'vQl91X514m11dTHHGYQPQkxJqNPxgbdJ' and clinic_id = '131'
##### End GET Validation Trace
##### Begin GET Users Trace
01 Feb 2023 10:23:55,725~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:37 ~  ~ *********** com.sunwave.emr.server.security.APISecurityFilter::validateAPICalls line: 198
01 Feb 2023 10:23:55,726~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:38 ~  ~ select api_call_limit_per_day from sw_clinic where clinic_id = '131'
01 Feb 2023 10:23:55,739~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:37 ~  ~ *********** com.sunwave.emr.server.security.APISecurityFilter::validateAPICalls line: 200
01 Feb 2023 10:23:55,739~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:38 ~  ~ select call_log_count from sw_api_call_count_log where call_log_date = '2023-02-01' and clinic_id = '131'
01 Feb 2023 10:23:55,747~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:37 ~  ~ *********** com.sunwave.emr.server.security.APISecurityFilter::validateAPICalls line: 207
01 Feb 2023 10:23:55,747~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:38 ~  ~ update sw_api_call_count_log set call_log_count = call_log_count + 1 where call_log_date = '2023-02-01' and clinic_id = '131'
01 Feb 2023 10:23:55,757~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:37 ~  ~ *********** com.sunwave.emr.server.Processor::getParentClinicId line: 1535
01 Feb 2023 10:23:55,757~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:38 ~  ~ SELECT parent_clinic_id FROM sw_clinic where clinic_id='131'
01 Feb 2023 10:23:55,762~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:37 ~  ~ *********** com.sunwave.emr.server.Processor::getTimezoneId line: 1584
01 Feb 2023 10:23:55,762~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:38 ~  ~ SELECT timezone_id, clinic_id FROM sw_clinic where id='131' 
01 Feb 2023 10:23:55,768~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:37 ~  ~ *********** com.sunwave.emr.dao.UserDao::getUsersByClinicExcludingSunwaveUsers line: 763
01 Feb 2023 10:23:55,768~ DEBUG ~ com.sunwave.emr.server.util.LoggerUtils:38 ~  ~ SELECT mb2_user.id, mb2_user.email, mb2_user.first_name, mb2_user.last_name, ifnull(mb2_user.created_on,sw_user_clinic.created_on) created_on, mb2_user.created_by,
 if(sw_user_clinic.last_login='2011-01-01 00:00:00', '', sw_user_clinic.last_login) last_login  
FROM mb2_user   inner join sw_user_clinic        on sw_user_clinic.user_email = mb2_user.email WHERE sw_user_clinic.clinic_id='131'        and ((mb2_user.is_sunwave != 'true' and mb2_user.is_sunwave_user != 'true') or            (mb2_user.is_sunwave is null and mb2_user.is_sunwave_user is null)) 
##### End GET Users Trace