Sunwave API - Attaching forms (attach forms)

Owned by Oliver Nielsen (Unlicensed)
Last updated: Feb 21, 2023
3 min read

Overview

The Sunwave API allows customers to automate the process of loading completed forms from their applications into Sunwave.

This API should only be used to attach documents to N-Forms. When an attachment is made to an N-Form using the API, it will display as a new instance of that form. For example, if I use this to attach a document to my Master Treatment Plan form, it will look like this:

Configuring Sunwave API

The following steps must be completed on the parent realm in order to enable can configure the Sunwave API for ERP Health:

NOTE: These steps must be performed by the Product team. Contact Product Management to request enabling the ERP health API integration for a given realm.

Register the External App

  1. Go to Practice Setup > External Apps.

  2. Click + Create Registry.

  3. Click the refresh button for Client ID.

  4. Click the refresh button for Client Secret.

  5. Copy the generated Client ID and Client Secret, provide these to the Customer for use when calling the API.

  6. Click Save.

Set API Call Limit Per Day

  1. Go to Manage Realms.

  2. Set API Call Limit Per Day to a value of -1. This allows for unlimited API calls.

Enable IP Access

  1. Go to Practice Setup > IP Access.

  2. Click the New Access button (top-right) and configure as follows, then click Save:

     

    • Ip Address: *

    • Clinic id: realm number

    • Description: Attach Forms (or similar label)

Enable Forms to Allow Attachments via the API

NOTE: You should only add attachments to N-Forms. Do NOT attempt to use the API to make attachments to singular forms like the Face Sheet.

  • Customers need to provide the form ID(s) that they want to add attachments to using this API.

  • Provide these form IDs to Engineering so that they can enable attachments via the API on the backend.

Sunwave API for attaching forms

Syntax

POST https://emr.sunwavehealth.com/SunwaveEMR/api/addforminpatientchart
Content-Type: application/json
Authorization: Digest $token
seed = user_id:client_id:dateTimeBase64:clinic_id:unique_transaction_id:Base64Encode(md5Hex(payload))
token = seed:JWT.hmac(seed, privateKey)

Parameters

  • user_id: Service User account created for use in ERP Health integration:
    Example: john.doe@acmehealth.com

  • client_id: This is the Realm Client Id which will be provided by Engineering upon enabling ERP Health integration. (Practice Setup > External Apps)

  • privateKey: This is the Realm Private Key which will be provided by Engineering upon enabling ERP Health integration. (Practice Setup > External Apps)

  • clinic_id: This is the Realm ID, for example ‘236’ for the Training Realm.

  • unique_transaction_id: Each call to the Sunwave API must have a unique transaction id. See the section below called Generating unique_transaction_id for more information. See Generating unique_transaction_id for more information.

  • dateTimeBase64: Base64 encoded of the GMT DateTime string formatted as "EEE, d MMM yyyy HH:mm:ss Z"
    Example: Thu, 8 Sep 2022 19:34:06 +0000

    • Example code for generating dateTimeBase64:
      Java
      SimpleDateFormat df = new SimpleDateFormat("EEE, d MMM yyyy HH:mm:ss Z");
              df.setTimeZone(TimeZone.getTimeZone("GMT"));
              Timestamp now = new Timestamp(new java.util.Date().getTime());
              String dateTime = df.format(now);
      String dateTimeBase64 = new String(Base64.getEncoder().encode(dateTime.getBytes()));

      Apex
      DateTime dt = System.now();
              String formatedDate = dt.formatGMT('EEE, d MMM yyyy HH:mm:ss Z');
              String formatedDateBase64 = EncodingUtil.base64Encode(Blob.valueof(formatedDate))

Body

{
"account_id": "string",
"service_date":"string",
"patient_first_name": "string",
"patient_last_name": "string",
"patient_dob": "string",
"form_id": "string",
"pdf_payload": "<base64-pdf>"
}

NOTE: Please limit the size of PDF attachments to 200KB or smaller.

Example Payload

{
"account_id": "133038",
"service_date":"2022-05-11",
"patient_first_name": "Arnold",
"patient_last_name": "Sullivan",
"patient_dob": "1999-01-01",
"form_id": "236",
"pdf_payload": "data:application/pdf;base64,JVBERi0xLjcKCjEgMCBvYmogICUgZW50cnkgcG9pbnQKPDwKICAvVHlwZSAvQ2F0YWxvZwogIC9QYWdlcyAyIDAgUgo+PgplbmRvYmoKCjIgMCBvYmoKPDwKICAvVHlwZSAvUGFnZXMKICAvTWVkaWFCb3ggWyAwIDAgMjAwIDIwMCBdCiAgL0NvdW50IDEKICAvS2lkcyBbIDMgMCBSIF0KPj4KZW5kb2JqCgozIDAgb2JqCjw8CiAgL1R5cGUgL1BhZ2UKICAvUGFyZW50IDIgMCBSCiAgL1Jlc291cmNlcyA8PAogICAgL0ZvbnQgPDwKICAgICAgL0YxIDQgMCBSIAogICAgPj4KICA+PgogIC9Db250ZW50cyA1IDAgUgo+PgplbmRvYmoKCjQgMCBvYmoKPDwKICAvVHlwZSAvRm9udAogIC9TdWJ0eXBlIC9UeXBlMQogIC9CYXNlRm9udCAvVGltZXMtUm9tYW4KPj4KZW5kb2JqCgo1IDAgb2JqICAlIHBhZ2UgY29udGVudAo8PAogIC9MZW5ndGggNDQKPj4Kc3RyZWFtCkJUCjcwIDUwIFRECi9GMSAxMiBUZgooSGVsbG8sIHdvcmxkISkgVGoKRVQKZW5kc3RyZWFtCmVuZG9iagoKeHJlZgowIDYKMDAwMDAwMDAwMCA2NTUzNSBmIAowMDAwMDAwMDEwIDAwMDAwIG4gCjAwMDAwMDAwNzkgMDAwMDAgbiAKMDAwMDAwMDE3MyAwMDAwMCBuIAowMDAwMDAwMzAxIDAwMDAwIG4gCjAwMDAwMDAzODAgMDAwMDAgbiAKdHJhaWxlcgo8PAogIC9TaXplIDYKICAvUm9vdCAxIDAgUgo+PgpzdGFydHhyZWYKNDkyCiUlRU9G"
}

Generating unique_transaction_id

You MUST generate a unique_transaction_id for every call. If you send multiple requests using the same unique_transaction_id, they will be rejected as duplicate transactions.

The following example illustrates how to create a unique_transaction_id using HMAC:

Syntax

hmac(seed, privateKey):

Apex Example

public static String hmac(String message, String privateKey){  
       String algorithmName = 'hmacSHA512';
       Blob hmacData = Crypto.generateMac(algorithmName, Blob.valueOf(message), Blob.valueOf(privateKey));      
       String output =  EncodingUtil.base64Encode(hmacData);
       output = output.replace('+', '-');
       output = output.replace('/', '_');
        return output;
     }