Getting Started¶
API Reference¶
The MSK Blaze API is organized around REST. Each FHIR resource type currently supports read and basic search capabilities.
Authentication¶
In order to make use of Blaze, you’ll need to be set up as an MSK “partner” so that you can consume clinical research data. If you would like to request access to data for a research study at MSK, please send a request to kochm@mskcc.org.
Authentication is based on the Client Credentials grant. This means that clients will need to generate an access token and supply it in the headers of each request being made.
Once you are established as a partner, you’ll be given a client_id
and a client_secret
, which you will use for generating tokens and using them to make
authenticated requests to the server.
Generating Tokens¶
To generate access tokens, partners need to make a POST request to the appropriate endpoint using their client_id
and client_secret
:
Base URL (Test)¶
https://webapit.mskcc.org/
Base URL (Production)¶
Coming Soon...
Request
POST /auth/oauth/v2/token
Content-Type: application/x-www-form-urlencoded
client_id=YYYY
client_secret=XXXX
grant_type=client_credentials
scope=oob
Response
{
"access_token": "7ef1949a-fab1-4600-89ca-fbeb499ef68f",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "oob"
}
Making Requests¶
To make requests, include the bearer token you generated in your requests as a part of the Authorization
header. Consider the following request for
retrieving observations for a research study:
Request
GET /api360/v2/clinical/observations?researchstudy=TEST&category=laboratory&_count=5
-H Authorization: Bearer {access_token}
Response (some attributes omitted for brevity)
{
"resourceType": "Bundle",
"identifier": {
"system": "https://datapedia.mskcc.org/index.php/IDB.PROTOCOL",
"value": "TEST"
},
"type": "searchset",
"total": 20,
}
Authorization¶
All data access is restricted on a per protocol basis. It is assumed that incoming requests to Blaze always contain a researchstudy
parameter,
which identifies what research study the client is requesting data for.
Your client_id
determines what research studies you have access to at MSK. This information is used in combination
with the researchstudy
parameter to authorize requests. If a partner has sufficient authority to access protocol data, the request will proceed -
otherwise they will get an error message.