PrescribeIT® API Summary

5.1 PrescribeIT® API Summary

This section provides details on the APIs that have been defined for the PrescribeIT® domain. Shared Health domain APIs are included on the Shared Health API Summary page.

The endpoints will vary by environment (e.g. Production, Pre-conformance) and may also be context specific. Implementers should make the endpoints' URLs configurable within their systems as these may be updated in future releases. Vendors should not be storing the organization/practitioner URLs; rather they should build it at runtime using configurable prefix's per environment and the identifier itself. The real URLs will be published to Vendors upon onboarding with PrescribeIT®.

5.1 HTTP Request Headers

For PrescribeIT® there will be three new HTTP headers that will be required in the Formulary Query, Deferred Query, and Provider Registry Queries. The headers will be for a) Application Instance Identifier, b) Practitioner CPRID, and c) Organization CPRID.

The headers are required so that PrescribeIT® can determine the originator of the query when an application instance is using a hub/routing application. See the table below for conformance rules.

When acknowledging a PrescribeIT® message, a service endpoint behaves in two ways. First, in the context of acknowledging 101, 201, or 305 interactions, no mandatory headers are required. Second, in the context of acknowledgment of a Deferred Query (401) interaction, two mandatory headers (X-SHAREDHEALTH-EXCHANGE-SENDING-APP-INSTANCE-ID and X-SHAREDHEALTH-EXCHANGE-SENDING-ORGANIZATION-ID) must be provided. When a request to acknowledge messages is received, an attempt is made to look up their Bundle IDs in the Inbox (which can contain 101, 201 or 305 messages). If this lookup is unsuccessful, then the service considers this to be a request to acknowledge 401 message(s) and a check is done to ensure that mandatory headers X-SHAREDHEALTH-EXCHANGE-SENDING-APP-INSTANCE-ID and X-SHAREDHEALTH-EXCHANGE-SENDING-ORGANIZATION-ID are present.

HTTP Request Header	Conformance Rules	Expected Format
X-SHAREDHEALTH-EXCHANGE-SENDING-APP-INSTANCE-ID	Mandatory for Formulary Query (EMR) and Deferred Query (PMS) Mandatory for acknowledging (ACK) a Deferred Query	X-SHAREDHEALTH-EXCHANGE-SENDING-APP-INSTANCE-ID: urn:oid:1.2.0.9.9.4.0994
X-SHAREDHEALTH-EXCHANGE-SENDING-PRACTITIONER-ID	Not applicable for Deferred Query (PMS) or for PMS-initiated Provider Registry Queries Optional for Formulary Query (EMR) but should be provided if Practitioner is enrolled and known Must be present for EMR-initiated Provider Registry queries if value is known	X-SHAREDHEALTH-EXCHANGE-SENDING-PRACTITIONER-ID: http://sharedhealth.exchange/fhir/NamingSystem/registry-id-practitioner\|190000074
X-SHAREDHEALTH-EXCHANGE-SENDING-ORGANIZATION-ID	Mandatory for Formulary Query (EMR) and Deferred Query (PMS) Mandatory for acknowledging (ACK) a Deferred Query	X-SHAREDHEALTH-EXCHANGE-SENDING-ORGANIZATION-ID: http://sharedhealth.exchange/fhir/NamingSystem/registry-id-organization\|190001234

HTTP Request Header

Conformance Rules

Expected Format

X-SHAREDHEALTH-EXCHANGE-SENDING-APP-INSTANCE-ID

Mandatory for Formulary Query (EMR) and Deferred Query (PMS)

Mandatory for acknowledging (ACK) a Deferred Query

X-SHAREDHEALTH-EXCHANGE-SENDING-APP-INSTANCE-ID: urn:oid:1.2.0.9.9.4.0994

X-SHAREDHEALTH-EXCHANGE-SENDING-PRACTITIONER-ID

Not applicable for Deferred Query (PMS) or for PMS-initiated Provider Registry Queries

Optional for Formulary Query (EMR) but should be provided if Practitioner is enrolled and known

Must be present for EMR-initiated Provider Registry queries if value is known

X-SHAREDHEALTH-EXCHANGE-SENDING-PRACTITIONER-ID: http://sharedhealth.exchange/fhir/NamingSystem/registry-id-practitioner|190000074

X-SHAREDHEALTH-EXCHANGE-SENDING-ORGANIZATION-ID

Mandatory for Formulary Query (EMR) and Deferred Query (PMS)

Mandatory for acknowledging (ACK) a Deferred Query

X-SHAREDHEALTH-EXCHANGE-SENDING-ORGANIZATION-ID: http://sharedhealth.exchange/fhir/NamingSystem/registry-id-organization|190001234

5.2 Attachment Upload

API Type	REST
Verb	PUT
Required Request Headers	X-SHX-SDF-Developer-Key: <value> Note: <value> for X-SHX-SDF-Developer-Key is unique for each caller location. It is a credential which is supplied along with the SDF certificate to each location during its on-boarding. Accept: application/xml Content-Type: See PrescribeIT® Clinician Communication
Response Content Type	application/xml
Response Headers	X-SHX-SDF-TraceId - unique identifier of this transaction generated by the server
Description	Service to upload PrescribeIT® (305) attachments, attachment will be uploaded as binary in the HTTP request body
Production Endpoint URL	https://api.sharedhealth.exchange/rest/v1/THP/mailbox_vs0/Binary/${AttachmentId}
Pre-Conformance Endpoint URL	https://api.sharedhealth.exchange/rest/v1/preconf/THP/mailbox_vs1/Binary/${AttachmentId}
Request Sample	PUT https://api.sharedhealth.exchange/rest/v1/preconf/THP/mailbox_vs1/Binary/60c1242e-017a-4076-961d-2968ef63a81e Accept: application/xml Content-Type: text/plain X-SHX-SDF-Developer-Key: ZTkyM2EyNTktNDQ2OC00ZmNkLThjZjUtMGIzMDc4NTE4MjhhOmY1NjMwYThjZTBkODRkY2I4Mjg3NmZhMjAwZTAzOTJhM2NhMmYxNzJlNipiNDk0ZWE1ZmFkNmI4YmMxYmNkODk= This is a sample document payload
Response Sample	HTTP response code is 200, payload is empty, headers are as follows: Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/plain Date: Thu, 12 Dec 2019 21:04:39 GMT X-Global-Transaction-ID: b2ba59235df2ab67941a637d Server: nginx/1.10.2 X-Application-Context: Attachment:precon:8181 accept: application/xml accept-encoding: gzip Access-Control-Allow-Headers: Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, CONNECT, PATCH Access-Control-Allow-Origin: * Access-Control-Max-Age: 3600 ATTACHMENT_CHECK_SUM: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 ATTACHMENT_SIZE: 370 authorization: Basic dGVzdDp0ZXN0 breadcrumbId: eeff88c9-db38-4298-bbef-430cb6826ede guid: 60c1242e-017a-4076-961d-2968ef63a81e user-agent: Apache-HttpClient/4.5.3 (Java/1.8.0_221) x-forwarded-for: 172.31.0.162 x-forwarded-host: 198.96.45.111 x-forwarded-server: 198.96.45.111 x-telus-sdf-appid: 1011622 x-telus-sdf-traceid: fd7127bb-e130-4b84-afa3-2359bab2be74 x-telus-sdf-virtualhostid: shx.external.site2 X-SHX-SDF-Site: site2.api.sharedhealth.exchange X-SHX-SDF-ServerId: sdfxmlfw21
Service Response HTTP Code header and Payload	HTTP 200 and empty response payload in case of success HTTP 4xx or HTTP 5xx for any backend errors + payload. Payload format depends on whether the error is coming from the SDF (API gateway) or PrescribeIT® Central Service. In case of the SDF failure, the response is in custom XML format, in case of PrescribeIT® Central Service the response is an OperationOutcome object

API Type

REST

Verb

PUT

Required Request Headers

X-SHX-SDF-Developer-Key: <value>

Note: <value> for X-SHX-SDF-Developer-Key is unique for each caller location. It is a credential which is supplied along with the SDF certificate to each location during its on-boarding.

Accept: application/xml
Content-Type: See PrescribeIT® Clinician Communication

Response Content Type

application/xml

Response Headers

X-SHX-SDF-TraceId - unique identifier of this transaction generated by the server

Description

Service to upload PrescribeIT® (305) attachments, attachment will be uploaded as binary in the HTTP request body

Production Endpoint URL

https://api.sharedhealth.exchange/rest/v1/THP/mailbox_vs0/Binary/${AttachmentId}

Pre-Conformance Endpoint URL

https://api.sharedhealth.exchange/rest/v1/preconf/THP/mailbox_vs1/Binary/${AttachmentId}

Request Sample

PUT https://api.sharedhealth.exchange/rest/v1/preconf/THP/mailbox_vs1/Binary/60c1242e-017a-4076-961d-2968ef63a81e

Accept: application/xml
Content-Type: text/plain
X-SHX-SDF-Developer-Key: ZTkyM2EyNTktNDQ2OC00ZmNkLThjZjUtMGIzMDc4NTE4MjhhOmY1NjMwYThjZTBkODRkY2I4Mjg3NmZhMjAwZTAzOTJhM2NhMmYxNzJlNipiNDk0ZWE1ZmFkNmI4YmMxYmNkODk=
This is a sample document payload

Response Sample

HTTP response code is 200, payload is empty, headers are as follows:

Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/plain
Date: Thu, 12 Dec 2019 21:04:39 GMT
X-Global-Transaction-ID: b2ba59235df2ab67941a637d
Server: nginx/1.10.2
X-Application-Context: Attachment:precon:8181
accept: application/xml
accept-encoding: gzip
Access-Control-Allow-Headers: Origin, Accept, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, CONNECT, PATCH
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3600
ATTACHMENT_CHECK_SUM: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ATTACHMENT_SIZE: 370
authorization: Basic dGVzdDp0ZXN0
breadcrumbId: eeff88c9-db38-4298-bbef-430cb6826ede
guid: 60c1242e-017a-4076-961d-2968ef63a81e
user-agent: Apache-HttpClient/4.5.3 (Java/1.8.0_221)
x-forwarded-for: 172.31.0.162
x-forwarded-host: 198.96.45.111
x-forwarded-server: 198.96.45.111
x-telus-sdf-appid: 1011622
x-telus-sdf-traceid: fd7127bb-e130-4b84-afa3-2359bab2be74
x-telus-sdf-virtualhostid: shx.external.site2
X-SHX-SDF-Site: site2.api.sharedhealth.exchange
X-SHX-SDF-ServerId: sdfxmlfw21

Service Response HTTP Code header and Payload

HTTP 200 and empty response payload in case of success
HTTP 4xx or HTTP 5xx for any backend errors + payload. Payload format depends on whether the error is coming from the SDF (API gateway) or PrescribeIT® Central Service. In case of the SDF failure, the response is in custom XML format, in case of PrescribeIT® Central Service the response is an OperationOutcome object

5.3 Attachment Download

API Type	REST
Verb	GET
Required Request Headers	X-SHX-SDF-Developer-Key: <value> Note: <value> for X-SHX-SDF-Developer-Key is unique for each caller location. It is a credential which is supplied along with the SDF certificate to each location during its on-boarding. Accept: <value> - one or more Accept headers can be provided. One of the values must match this attachment's content type found in the 305 message
Response Content Type	Matches original attachment content type
Description	Service to download attachments referenced in FHIR messages with message bundle type 305
Production Endpoint URL	https://api.sharedhealth.exchange/rest/v1/THP/mailbox_vs0/Binary/${AttachmentId}
Pre-Conformance Endpoint URL	https://api.sharedhealth.exchange/rest/v1/preconf/THP/mailbox_vs1/Binary/${AttachmentId}
Response Headers	X-SHX-SDF-TraceId - unique identifier of this transaction generated by the server Content-Type: <value> - value is matching the original content type Content-Disposition: attachment; filename="<value>"
Service Response HTTP Code header and Payload	HTTP 200 for success + payload HTTP 4xx or HTTP 5xx for any backend errors + payload. Payload format depends on whether the error is coming from the SDF (API gateway) or PrescribeIT® Central Service. In case of the SDF failure, the response is in custom XML format, in case of PrescribeIT® Central Service the response is an OperationOutcome object

API Type

REST

Verb

GET

Required Request Headers

X-SHX-SDF-Developer-Key: <value>

Note: <value> for X-SHX-SDF-Developer-Key is unique for each caller location. It is a credential which is supplied along with the SDF certificate to each location during its on-boarding.

Accept: <value> - one or more Accept headers can be provided. One of the values must match this attachment's content type found in the 305 message

Response Content Type

Matches original attachment content type

Description

Service to download attachments referenced in FHIR messages with message bundle type 305

Production Endpoint URL

https://api.sharedhealth.exchange/rest/v1/THP/mailbox_vs0/Binary/${AttachmentId}

Pre-Conformance Endpoint URL

https://api.sharedhealth.exchange/rest/v1/preconf/THP/mailbox_vs1/Binary/${AttachmentId}

Response Headers

X-SHX-SDF-TraceId - unique identifier of this transaction generated by the server
Content-Type: <value> - value is matching the original content type
Content-Disposition: attachment; filename="<value>"

Service Response HTTP Code header and Payload

HTTP 200 for success + payload
HTTP 4xx or HTTP 5xx for any backend errors + payload. Payload format depends on whether the error is coming from the SDF (API gateway) or PrescribeIT® Central Service. In case of the SDF failure, the response is in custom XML format, in case of PrescribeIT® Central Service the response is an OperationOutcome object

5.4 RequestOTP

API Type	REST
Verb	POST
Required Request Headers	X-SHX-SDF-Developer-Key: <value> Note: <value> for X-SHX-SDF-Developer-Key is unique for each caller location. It is a credential which is supplied along with the SDF certificate to each location during its on-boarding. Accept: application/xml Content-Type: application/xml
Description	Service to issue one time password and send it to user as SMS or through Mobile Authenticator
Production Endpoint URL	https://api.sharedhealth.exchange/rest/v1/THP/STS_vs0/api/requestOTP
Pre-Conformance Endpoint URL	https://api.sharedhealth.exchange/rest/v1/preconf/THP/STS_vs1/api/requestOTP
Response Headers	X-SHX-SDF-TraceId - unique identifier of this transaction generated by the server
Request Schema	<?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns="http://www.sharedhealth.exchange/erx/2016/06/STS" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.sharedhealth.exchange/erx/2016/06/STS" elementFormDefault="qualified" attributeFormDefault="unqualified"> <xs:element name="requestOTP" type="requestOTPType"> <xs:annotation> <xs:documentation>STS OTP Request Message</xs:documentation> </xs:annotation> </xs:element> <xs:complexType name="requestOTPType"> <xs:sequence> <xs:element name="entityBusinessId"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:maxLength value="100"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="appInstanceId"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:maxLength value="100"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="thpsUserId"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:maxLength value="100"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="noPhone" type="xs:boolean"/> <xs:element name="debug" type="xs:boolean" minOccurs="0" maxOccurs="1"/> </xs:sequence> </xs:complexType> </xs:schema> Notes: noPhone element is no longer used in the current release of PrescribeIT®, its value should be always sent as false debug element must be always set to false in Production Environment
Request Sample	<ns2:requestOTP xmlns:ns2="http://www.sharedhealth.exchange/erx/2016/06/STS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.sharedhealth.exchange/erx/2016/06/STS/STS-requestToken.xsd"> <ns2:entityBusinessId>https://api.preprd.sharedhealth.teluslabs.net/rest/v1/THP/PR_vs1/Organization/190000104</ns2:entityBusinessId> <ns2:appInstanceId>urn:oid:1.2.2.3.3.7.7.9003012</ns2:appInstanceId> <ns2:thpsUserId>190000126</ns2:thpsUserId> <ns2:noPhone>false</ns2:noPhone> <ns2:debug>false</ns2:debug> </ns2:requestOTP>
Response Schema	<?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns="http://www.sharedhealth.exchange/erx/2016/06/STS" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.sharedhealth.exchange/erx/2016/06/STS" elementFormDefault="qualified" attributeFormDefault="unqualified"> <xs:element name="responseStatus" type="responseStatusType"> <xs:annotation> <xs:documentation>Common Response Structure</xs:documentation> </xs:annotation> </xs:element> <xs:complexType name="responseStatusType"> <xs:sequence> <xs:element name="status"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value="Success"/> <xs:enumeration value="Fail"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="message" minOccurs="0"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:maxLength value="255"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="code" type="xs:int"/> <xs:element name="timeStamp" type="customDT"/> <xs:element name="X-TELUS-SDF-TraceId"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value="[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"/> </xs:restriction> </xs:simpleType> </xs:element> </xs:sequence> </xs:complexType> <xs:simpleType name="customDT"> <xs:restriction base="xs:string"> <xs:pattern value="[0-9]{4}-[01][0-9]-[0-3][0-9] [0-2][0-9]:[0-5][0-9]:[0-6][0-9]\.[0-9]{3}"/> <!-- Example: 2009-12-31 00:00:00.123 yyyy-MM-dd HH:mm:ss.SSS --> </xs:restriction> </xs:simpleType> </xs:schema>
Response Sample	Production Environment <ns:responseStatus xmlns:ns="http://www.sharedhealth.exchange/erx/2016/06/STS"> <ns:status>Success</ns:status> <ns:message/> <ns:code>200</ns:code> <ns:timeStamp>2018-04-13 13:02:23.955</ns:timeStamp> <ns:X-TELUS-SDF-TraceId>8c2e8706-e7d7-4467-8b61-e3d7c49ee093</ns:X-TELUS-SDF-TraceId> </ns:responseStatus> Non-Production Environments (e.g. Pre-Conformance) <ns:responseStatus xmlns:ns="http://www.sharedhealth.exchange/erx/2016/06/STS"> <ns:status>Success</ns:status> <ns:message/> <ns:code>200</ns:code> <ns:timeStamp>2018-04-13 13:02:23.955</ns:timeStamp> <ns:X-TELUS-SDF-TraceId>8c2e8706-e7d7-4467-8b61-e3d7c49ee093</ns:X-TELUS-SDF-TraceId> </ns:responseStatus>
Service Response Code Headers	HTTP 200 for Success HTTP 4xx or HTTP 5xx for any backend errors + payload. Payload format depends on whether the error is coming from the SDF (API gateway) or PrescribeIT® Central Service. In case of the SDF failure, the response is in custom XML format, in case of PrescribeIT® Central Service the response is in XML format compatible with the Response XML schema documented above (in this case, responseStatusType object has status set to Fail and message contains the details of the failure)

API Type

REST

Verb

POST

Required Request Headers

X-SHX-SDF-Developer-Key: <value>

Note: <value> for X-SHX-SDF-Developer-Key is unique for each caller location. It is a credential which is supplied along with the SDF certificate to each location during its on-boarding.

Accept: application/xml

Content-Type: application/xml

Description

Service to issue one time password and send it to user as SMS or through Mobile Authenticator

Production Endpoint URL

https://api.sharedhealth.exchange/rest/v1/THP/STS_vs0/api/requestOTP

Pre-Conformance Endpoint URL

https://api.sharedhealth.exchange/rest/v1/preconf/THP/STS_vs1/api/requestOTP

Response Headers

X-SHX-SDF-TraceId - unique identifier of this transaction generated by the server

Request Schema

<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns="http://www.sharedhealth.exchange/erx/2016/06/STS" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.sharedhealth.exchange/erx/2016/06/STS" elementFormDefault="qualified" attributeFormDefault="unqualified">
	<xs:element name="requestOTP" type="requestOTPType">
		<xs:annotation>
			<xs:documentation>STS OTP Request Message</xs:documentation>
		</xs:annotation>
	</xs:element>
	<xs:complexType name="requestOTPType">
		<xs:sequence>
			<xs:element name="entityBusinessId">
				<xs:simpleType>
					<xs:restriction base="xs:string">
						<xs:maxLength value="100"/>
					</xs:restriction>
				</xs:simpleType>
			</xs:element>
			<xs:element name="appInstanceId">
				<xs:simpleType>
					<xs:restriction base="xs:string">
						<xs:maxLength value="100"/>
					</xs:restriction>
				</xs:simpleType>
			</xs:element>
			<xs:element name="thpsUserId">
				<xs:simpleType>
					<xs:restriction base="xs:string">
						<xs:maxLength value="100"/>
					</xs:restriction>
				</xs:simpleType>
			</xs:element>
			<xs:element name="noPhone" type="xs:boolean"/>
			<xs:element name="debug" type="xs:boolean" minOccurs="0" maxOccurs="1"/>
		</xs:sequence>
	</xs:complexType>
</xs:schema>

Notes:

noPhone element is no longer used in the current release of PrescribeIT®, its value should be always sent as false
debug element must be always set to false in Production Environment

Request Sample

<ns2:requestOTP xmlns:ns2="http://www.sharedhealth.exchange/erx/2016/06/STS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.sharedhealth.exchange/erx/2016/06/STS/STS-requestToken.xsd">
	<ns2:entityBusinessId>https://api.preprd.sharedhealth.teluslabs.net/rest/v1/THP/PR_vs1/Organization/190000104</ns2:entityBusinessId>
	<ns2:appInstanceId>urn:oid:1.2.2.3.3.7.7.9003012</ns2:appInstanceId>
	<ns2:thpsUserId>190000126</ns2:thpsUserId>
	<ns2:noPhone>false</ns2:noPhone>
	<ns2:debug>false</ns2:debug>
</ns2:requestOTP>

Response Schema

<?xml version="1.0" encoding="UTF-8"?>
<xs:schema xmlns="http://www.sharedhealth.exchange/erx/2016/06/STS" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.sharedhealth.exchange/erx/2016/06/STS" elementFormDefault="qualified" attributeFormDefault="unqualified">
	<xs:element name="responseStatus" type="responseStatusType">
		<xs:annotation>
			<xs:documentation>Common Response Structure</xs:documentation>
		</xs:annotation>
	</xs:element>
	<xs:complexType name="responseStatusType">
		<xs:sequence>
			<xs:element name="status">
				<xs:simpleType>
					<xs:restriction base="xs:string">
						<xs:enumeration value="Success"/>
						<xs:enumeration value="Fail"/>
					</xs:restriction>
				</xs:simpleType>
			</xs:element>
			<xs:element name="message" minOccurs="0">
				<xs:simpleType>
					<xs:restriction base="xs:string">
						<xs:maxLength value="255"/>
					</xs:restriction>
				</xs:simpleType>
			</xs:element>
			<xs:element name="code" type="xs:int"/>
			<xs:element name="timeStamp" type="customDT"/>
			<xs:element name="X-TELUS-SDF-TraceId">
				<xs:simpleType>
					<xs:restriction base="xs:string">
						<xs:pattern value="[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"/>
					</xs:restriction>
				</xs:simpleType>
			</xs:element>
		</xs:sequence>
	</xs:complexType>
	<xs:simpleType name="customDT">
		<xs:restriction base="xs:string">
			<xs:pattern value="[0-9]{4}-[01][0-9]-[0-3][0-9] [0-2][0-9]:[0-5][0-9]:[0-6][0-9]\.[0-9]{3}"/>
			<!-- Example: 2009-12-31 00:00:00.123    yyyy-MM-dd HH:mm:ss.SSS -->
		</xs:restriction>
	</xs:simpleType>
</xs:schema>

Response Sample

Production Environment

<ns:responseStatus xmlns:ns="http://www.sharedhealth.exchange/erx/2016/06/STS">
	<ns:status>Success</ns:status>
	<ns:message/>
	<ns:code>200</ns:code>
	<ns:timeStamp>2018-04-13 13:02:23.955</ns:timeStamp>
	<ns:X-TELUS-SDF-TraceId>8c2e8706-e7d7-4467-8b61-e3d7c49ee093</ns:X-TELUS-SDF-TraceId>
</ns:responseStatus>

Non-Production Environments (e.g. Pre-Conformance)

<ns:responseStatus xmlns:ns="http://www.sharedhealth.exchange/erx/2016/06/STS">
	<ns:status>Success</ns:status>
	<ns:message/>
	<ns:code>200</ns:code>
	<ns:timeStamp>2018-04-13 13:02:23.955</ns:timeStamp>
	<ns:X-TELUS-SDF-TraceId>8c2e8706-e7d7-4467-8b61-e3d7c49ee093</ns:X-TELUS-SDF-TraceId>
</ns:responseStatus>

Service Response Code Headers

HTTP 200 for Success
HTTP 4xx or HTTP 5xx for any backend errors + payload. Payload format depends on whether the error is coming from the SDF (API gateway) or PrescribeIT® Central Service. In case of the SDF failure, the response is in custom XML format, in case of PrescribeIT® Central Service the response is in XML format compatible with the Response XML schema documented above (in this case, responseStatusType object has status set to Fail and message contains the details of the failure)

5.5 RequestToken

API Type	REST
Verb	POST
Request Content Type	application/xml
Response Content Type	application/xml
Required Request Headers	X-SHX-SDF-Developer-Key: <value> Note: <value> for X-SHX-SDF-Developer-Key is unique for each caller location. It is a credential which is supplied along with the SDF certificate to each location during its on-boarding. Accept: application/xml Content-Type: application/xml
Description	Service to issue SAML Token
Response Header from Service	X-SHAREDHEALTH-EXCHANGE-SAML-EXPIRY - Date and time the returned token is going to expire. This time is always in UTC X-SHX-SDF-TraceId - unique identifier of this transaction generated by the server
Production Endpoint URL	https://api.sharedhealth.exchange/rest/v1/THP/STS_vs0/api/requestToken
Pre-Conformance Endpoint URL	https://api.sharedhealth.exchange/rest/v1/preconf/THP/STS_vs1/api/requestToken
Request Schema	Production Environment <xs:schema xmlns="http://www.sharedhealth.exchange/erx/2016/06/STS" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.sharedhealth.exchange/erx/2016/06/STS" elementFormDefault="qualified" attributeFormDefault="unqualified"> <xs:element name="requestToken" type="requestTokenType"> <xs:annotation> <xs:documentation>STS Token Request Message</xs:documentation> </xs:annotation> </xs:element> <xs:complexType name="requestTokenType"> <xs:sequence> <xs:element name="entityBusinessId"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:maxLength value="100"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="appInstanceId"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:maxLength value="100"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="thpsUserId"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:maxLength value="100"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="OTP" minOccurs="0"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:maxLength value="10"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="localUserId"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:maxLength value="100"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="firstName" minOccurs="0"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:maxLength value="50"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="lastName"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:maxLength value="50"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="licenseNumber" minOccurs="0"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:maxLength value="50"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="licenseIssuer" minOccurs="0"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:maxLength value="100"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="roleCode" minOccurs="0"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:maxLength value="50"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="externalToken" minOccurs="0"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:maxLength value="4000"/> </xs:restriction> </xs:simpleType> </xs:element> </xs:sequence> </xs:complexType> </xs:schema>
Request Sample	Request using practitioner’s license number and license issuer <requestToken xsi:schemaLocation="http://www.sharedhealth.exchange/erx/2016/06/STS/STS-requestToken.xsd" xmlns="http://www.sharedhealth.exchange/erx/2016/06/STS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <entityBusinessId>https://api.sharedhealth.exchange/rest/v1/THP/TPR_vs0/Organization/200328629</entityBusinessId> <appInstanceId> urn:oid:2.16.840.1.113883.3.1467.1014915</appInstanceId> <thpsUserId>200328635</thpsUserId> <OTP>8upwh</OTP> <localUserId>10179</localUserId> <lastName>Wang</lastName> <licenseNumber>35981</licenseNumber> <licenseIssuer>urn:oid:2.16.840.1.113883.4.44</licenseIssuer> </requestToken> Request With External Token This is to be used only by vendors who have been instructed and approved by Infoway to supply this additional piece of data in order to complete the 2FA process. <requestToken xsi:schemaLocation="http://www.sharedhealth.exchange/erx/2016/06/STS STS-requestToken.xsd" xmlns="http://www.sharedhealth.exchange/erx/2016/06/STS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <entityBusinessId>https://api.preprd.sharedhealth.teluslabs.net/rest/v1/THP/TPR_vs0/Organization/200146119</entityBusinessId> <appInstanceId>urn:oid:1.2.2.3.3.7.7.10007939</appInstanceId> <thpsUserId>200146121</thpsUserId> <localUserId>PractThomas Pots</localUserId> <lastName>Pots</lastName> <licenseNumber>23423</licenseNumber> <licenseIssuer>urn:oid:2.16.840.1.113883.3.7752</licenseIssuer> <externalToken>eyJraWQiOiJpajJWZjlTOEhDb21UWVU3NGJhc0VPY0VMSFYybG9aYm5SVWZ0NlZCTDc4IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIwMHV2a284YTVsdVhyUkJyNTBoNyIsIm5hbWUiOiJNaXlhIFdoZWF0bGV5IiwidmVyIjoxLCJpc3MiOiJodHRwczovL29rdGEtZC5xaHJ0ZWNoLmNvbS9vYXV0aDIvZGVmYXVsdCIsImF1ZCI6IjBvYXZrbDNxa3dtbVpaa21FMGg3IiwiaWF0IjoxNjA5ODYxMjkwLCJleHAiOjE2MDk4NjQ4OTAsImp0aSI6IklELnNoRkN3cDZXNXdVc3RSNVVDWTdjVUZHc2Y5TXdDOXlhd3hDdmppUjgybUEiLCJhbXIiOlsicHdkIl0sImlkcCI6IjAwb2tydDI0ZWdMd1hFVnQ0MGg3IiwicHJlZmVycmVkX3VzZXJuYW1lIjoibWl5YS53aGVhdGxleUBwcmVzY3JpYmVpdC5jYSIsImF1dGhfdGltZSI6MTYwOTg2MTI5MCwiYXRfaGFzaCI6InhYZGlEalJEeWtVR1RsWlUzSWhpV0EiLCJsaWNlbnNlX2lzcyI6InVybjpvaWQ6Mi4xNi44NDAuMS4xMTM4ODMuNC43NTYiLCJsaWNlbnNlX251bSI6IjIzNDIzIiwiZ3JvdXBzIjpbIkV2ZXJ5b25lIiwiUHJvdmlkZXIgVXNlcnMiLCJGZWRlcmF0ZWQgVXNlcnMiXSwic3F1aWQiOiJlZGU0MTFiNS01YzE4LTQ4ZWItOTg2My01MzY1YmRmMjhkODkifQ.UvZB6PoVnzbHVdpTLCc1mrVL__Gr6h5xMjBjslPqmATI7SFEI53N72pz95NhROiFR5qHfxZ1uipm9lVYZoCpZ-v338BFN3Pswah0GM8nrZ96Tyhose8Nq1_zAk1MfyeNpg575LT_g_LW1owxCMmbd8uQ6pyfWBXDaShfkIWj6mIi0s1j_BHkRXzOz2inA6T7YliZBE-8L-gVSa2xjC3xUAUHcNqjYtJXoGQrXattku1LDhPD5N1d266DTB7xF9KZp4STmDJFjsDNO3IA6fhgeztSHYUJUhVR6g7RzSIS1p9lNFTSRTN2Ntdo3oXVo_EQlx7Il0wo40ug7AYzNV2mQQ</externalToken> </requestToken>
Response Schema	STSResponseStatus.xsd <xs:schema xmlns="http://www.sharedhealth.exchange/erx/2016/06/STS" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.sharedhealth.exchange/erx/2016/06/STS" elementFormDefault="qualified" attributeFormDefault="unqualified"> <xs:element name="responseStatus" type="responseStatusType"> <xs:annotation> <xs:documentation>Common Response Structure</xs:documentation> </xs:annotation> </xs:element> <xs:complexType name="responseStatusType"> <xs:sequence> <xs:element name="status"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value="Success"/> <xs:enumeration value="Fail"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="message" minOccurs="0"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:maxLength value="1000"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="code" type="xs:int"/> <xs:element name="timeStamp" type="customDT"/> <xs:element name="X-TELUS-SDF-TraceId"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value="[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"/> </xs:restriction> </xs:simpleType> </xs:element> </xs:sequence> </xs:complexType> <xs:simpleType name="customDT"> <xs:restriction base="xs:string"> <xs:pattern value="[0-9]{4}-[01][0-9]-[0-3][0-9] [0-2][0-9]:[0-5][0-9]:[0-6][0-9]\.[0-9]{3}"/> <!-- Example: 2009-12-31 00:00:00.123 yyyy-MM-dd HH:mm:ss.SSS --> </xs:restriction> </xs:simpleType> </xs:schema>
Response + response header sample	X-SHAREDHEALTH-EXCHANGE-SAML-EXPIRY: 2020-10-28 01:11:13.521 X-SHX-SDF-TraceId: 578834ee-b176-45de-a26f-3fcc8e35324f <ns:responseStatus xmlns:ns="http://www.sharedhealth.exchange/erx/2016/06/STS"> <ns:status>Success</ns:status> <ns:message>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHNhbWwyOkFzc2VydGlvbiBJRD0iN2M2Mzg3M2YtM2NhMS00YWE5LWE3YzctY2RhODMxZGQwOWY5IiBJc3N1ZUluc3RhbnQ9IjIwMjAtMTAtMjdUMTM6MTE6MTMuNTIxWiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIj48c2FtbDI6SXNzdWVyPmh0dHBzOi8vYXBpLnNoYXJlZGhlYWx0aC5leGNoYW5nZS9yZXN0L3YxL1RIUC9TVFNfdnMwPC9zYW1sMjpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+PGRzOlJlZmVyZW5jZSBVUkk9IiM3YzYzODczZi0zY2ExLTRhYTktYTdjNy1jZGE4MzFkZDA5ZjkiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiPjxlYzpJbmNsdXNpdmVOYW1lc3BhY2VzIFByZWZpeExpc3Q9InhzIiB4bWxuczplYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9kczpUcmFuc2Zvcm0+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPjxkczpEaWdlc3RWYWx1ZT5NTWlRY3ZoNUNkMkI4SkJDRTBpdGpUdVhXeXM9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPmZTT2I4NXhBRjJrazVGYUN0OE5BUTloZ1l4V3BpZU1zU3I1NEZYOWVQdkIxM2xpb3NlVVhTZEJ4aUZwbS9kTnJRT0VwQ25wMkxvNTE5MzdIMXFaTE9zd2pSWGpwZS9uL1Z5eFQ2MnArKzBCUSsrQSs0M0UwdFNWOEdaWmpNZS9wRlNSNzB1aEhBeDRKK2ZOL1VoZnRERElOc2Z2MjVUb2trSWRVcHIwc0lJUWFYYW5RY1FoL3A5MjJPYmVXM1cxNkNqVlltT2VzR1B3dDY2Znl2SFN0S0cxczNnMVVzY0Z1eC9OVmxlcEw3OEhwWjBiODNXVFBMSElYeXUrcC9YUk1rbndpRUlCV1BDcEtxaEpTby9mbEZIR25Mb3ZTa2Y2bW9PZnd0ODlKakIwamdEUlpvL3lIR0NiRmVIZDdxeFN5ODdVQzkrNlU3bkZ4Yk1sdWVCZSttZz09PC9kczpTaWduYXR1cmVWYWx1ZT48ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlHcmpDQ0JaYWdBd0lCQWdJUUtJOFhEN294VEhJQUFBQUFVUVhDQ3pBTkJna3Foa2lHOXcwQkFRc0ZBRENCdWpFTE1Ba0dBMVVFCkJoTUNWVk14RmpBVUJnTlZCQW9URFVWdWRISjFjM1FzSUVsdVl5NHhLREFtQmdOVkJBc1RIMU5sWlNCM2QzY3VaVzUwY25WemRDNXUKWlhRdmJHVm5ZV3d0ZEdWeWJYTXhPVEEzQmdOVkJBc1RNQ2hqS1NBeU1ERXlJRVZ1ZEhKMWMzUXNJRWx1WXk0Z0xTQm1iM0lnWVhWMAphRzl5YVhwbFpDQjFjMlVnYjI1c2VURXVNQ3dHQTFVRUF4TWxSVzUwY25WemRDQkRaWEowYVdacFkyRjBhVzl1SUVGMWRHaHZjbWwwCmVTQXRJRXd4U3pBZUZ3MHlNREEyTURVeE9ESTFNRGxhRncweU1UQTNNVGd4T0RVMU1EbGFNR294Q3pBSkJnTlZCQVlUQWtOQk1ROHcKRFFZRFZRUUlFd1pSZFdWaVpXTXhFVEFQQmdOVkJBY1RDRTF2Ym5SeVpXRnNNUjR3SEFZRFZRUUtFeFZEWVc1aFpHRWdTR1ZoYkhSbwpJRWx1Wm05M1lYa3hGekFWQmdOVkJBTVREbkJ5WlhOamNtbGlaV2wwTG1OaE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9VVWdHajJLNXc0a3hPa2szc3lkdE1rcExRRlUvdkEwSTJIYnd6SmJqelpIUXZVWHAxUWUwRW43VVNza2dMd2wKQ202SXFsVXRrOUlJRSswbzNIc1hYUzllcXM3VU5qbFVvVW1xcnNheUZwaWZ2c2VSTEx3aXZkQTdvMTUyTjVyT2NKZzdiaWtwVm9YUAphVys1bHlrWFVHeVVvUmtnOVZORDV5dnJTR0hJQnhFK1VjRFpqR1VwVTJ4VW5wa1k4dm56ZlY4YTNQVERzTlYyK1AwUFJNTnhHalJ3ClpWTXRMdUx5bU84aHp3M2ZndGQ3SDZUb0RqaEY1WjUrM2psYVo0VTRYYmttTlBRTHloNURrSm4rRW8rN0crbjI4d3FDTFlkY1YxdDUKSmt1b281aTkvS0c2bmY3a3B1ckxkR0ZrTmx0N2U3UGg0UGg5WHdMWjhNR0lCT09ycFFJREFRQUJvNElDL1RDQ0F2a3dHUVlEVlIwUgpCQkl3RUlJT2NISmxjMk55YVdKbGFYUXVZMkV3Z2dGK0Jnb3JCZ0VFQWRaNUFnUUNCSUlCYmdTQ0FXb0JhQUIxQUZXQjFNSVdrRFlCClN1b0xtMWM4VS9EQTVEaDRjQ1VJRnkranFoMEhFOU1NQUFBQmNvWFdQVXdBQUFRREFFWXdSQUlnQTR1YTB6WGgzWFVUYmcvYTIwQzgKc2djdEpHNEdvN1hwZmdDNjBPdnJ1UVFDSUhQVWM5TWxkUW9tVmpRL25MbUM1WFJ3YmUwcEgvK1RlRnVGQVRoN0Z3N1lBSGNBVmhRRwptaS9Yd3V6VDllRzlSTEkreDBaMnVieVpFVnpBNzVTWVZkYUowTjBBQUFGeWhkWTlaQUFBQkFNQVNEQkdBaUVBaU9sSlBGZzBMSzZoCkdaRXpXbUwreG9wdExjRmdyenlPUVVzYkZmb2U0YWtDSVFEeVF3Y0hNVXovQzYzSjExMUFWUW9HajhiOE90OG9MU0ZHaVpuSzJFNkgKSkFCMkFQWmNsQy9SZHpBaUZGUVlDRENVVm83alRSTVpNNy9mREM4Z0M4eE84V1RqQUFBQmNvWFdQWEVBQUFRREFFY3dSUUloQUtYawp5K0YzZ3hBQXViVW53UDV5N3dUYmM5ZTNGSlpjd3g3QURhZm5uYUx0QWlCSGE5L1F6dWp3ZlJNQUllUTZNRWI3MmtUdSswTStiemdRCjRZR3NldERqNXpBT0JnTlZIUThCQWY4RUJBTUNCYUF3RXdZRFZSMGxCQXd3Q2dZSUt3WUJCUVVIQXdFd013WURWUjBmQkN3d0tqQW8Kb0NhZ0pJWWlhSFIwY0RvdkwyTnliQzVsYm5SeWRYTjBMbTVsZEM5c1pYWmxiREZyTG1OeWJEQkxCZ05WSFNBRVJEQkNNRFlHQ21DRwpTQUdHK213S0FRVXdLREFtQmdnckJnRUZCUWNDQVJZYWFIUjBjRG92TDNkM2R5NWxiblJ5ZFhOMExtNWxkQzl5Y0dFd0NBWUdaNEVNCkFRSUNNR2dHQ0NzR0FRVUZCd0VCQkZ3d1dqQWpCZ2dyQmdFRkJRY3dBWVlYYUhSMGNEb3ZMMjlqYzNBdVpXNTBjblZ6ZEM1dVpYUXcKTXdZSUt3WUJCUVVITUFLR0oyaDBkSEE2THk5aGFXRXVaVzUwY25WemRDNXVaWFF2YkRGckxXTm9ZV2x1TWpVMkxtTmxjakFmQmdOVgpIU01FR0RBV2dCU0NvbkIwM2J4VFA4OTcxUGZOZjZkZ3hncE12ekFkQmdOVkhRNEVGZ1FVMFdyY24ycThsUUNmS3JLUEkreHhvSU84CmhnOHdDUVlEVlIwVEJBSXdBREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBalI5Q0RnRmVBLzVSSzA1Y3o2THVsZTlSQVZqdkdnU2UKdHM3Y2dDaUtrUU5yVHBrcmRsTHNsRExicE1VUkVseVhMTFlqc3RVeVNXR0dOakhpZkJFMnNsb0MrRGdXYTVLcDZ2Sm90eVh1SlJKMAozeWpYdTB5K0NZTndSK0V5enBWS2JHWUtOYWhuUlFaNVc0S3FoY1hkV3paN2JhYVJUNmgzVTJqOWl3OGwvVURBK0Q3SVhFL0Izb2RPCmtJS0h2N1p1bU1yaGNVRElST0JHS0xDMnRpbERENk5QZ1NLY2RyZnJlNDZncStZSGhBa3JyNmRxWmwwRnQ1Ukt3RGhsbXAwa0dZTFkKMlJacU5oMUl1b1JSRTVSaWZLOFAvU2RwaktPS2xnNlZPN1VBbjVBbVVxN0w4R2tUUkdRYzYxVVJJZXFNeXljbEtPTzZ3d0dsS2xIZQplRUVHZUE9PTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sMjpTdWJqZWN0PjxzYW1sMjpOYW1lSUQgRm9ybWF0PSJUZWx1c2hlYWx0aC5jb20iIE5hbWVRdWFsaWZpZXI9IlRlbHVzaGVhbHRoLmNvbSI+MjAwMDAwMDI2PC9zYW1sMjpOYW1lSUQ+PHNhbWwyOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDIwLTEwLTI4VDAxOjExOjEzLjUyMVoiLz48L3NhbWwyOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sMjpTdWJqZWN0PjxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyMC0xMC0yN1QxMzowNjoxMy41MjFaIiBOb3RPbk9yQWZ0ZXI9IjIwMjAtMTAtMjhUMDE6MTE6MTMuNTIxWiIvPjxzYW1sMjpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMjAtMTAtMjhUMDE6MTE6MTMuNTIxWiI+PHNhbWwyOkF1dGhuQ29udGV4dD48c2FtbDI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6U2VjdXJlUmVtb3RlUGFzc3dvcmQ8L3NhbWwyOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDI6QXV0aG5Db250ZXh0Pjwvc2FtbDI6QXV0aG5TdGF0ZW1lbnQ+PHNhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDI6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnRlbHVzaGVhbHRoLmNvbS8yMDE2LzA1L2lkZW50aXR5L2NsYWltcy9MaWNlbnNlIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+dXJuOm9pZDoyLjE2Ljg0MC4xLjExMzg4My40LjM0NzpPTjUwMDAyNjwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy50ZWx1c2hlYWx0aC5jb20vMjAxNi8wNS9pZGVudGl0eS9jbGFpbXMvUm9sZUNvZGUiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5odHRwOi8vaGw3Lm9yZy9maGlyL3ByYWN0aXRpb25lci1yb2xlfGRvY3Rvcjwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy50ZWx1c2hlYWx0aC5jb20vMjAxNi8wNS9pZGVudGl0eS9jbGFpbXMvU2VydmljZUxvY2F0aW9uRW50aXR5SUQiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5odHRwczovL3dlYnNlcnZpY2VzLnRlbHVzLmNvbS9yZXN0L3YxL1RIUC9UUFJfdnMwL09yZ2FuaXphdGlvbi8yMDAwMDAwMjg8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL3NjaGVtYXMudGVsdXNoZWFsdGguY29tLzIwMTYvMDUvaWRlbnRpdHkvY2xhaW1zL0xhc3ROYW1lIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+V2FuZzwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy50ZWx1c2hlYWx0aC5jb20vMjAxNi8wNS9pZGVudGl0eS9jbGFpbXMvTG9jYWxVc2VySUQiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5Db2xvbWJhIERlQW5nZWxpcyBNRDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy50ZWx1c2hlYWx0aC5jb20vMjAxNi8wNS9pZGVudGl0eS9jbGFpbXMvRmlyc3ROYW1lIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+QmluaHVhPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnRlbHVzaGVhbHRoLmNvbS8yMDE2LzA1L2lkZW50aXR5L2NsYWltcy9BcHBJbnN0YW5jZUlEIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+dXJuOm9pZDowLjAuMC4wLjAuMC4yMDAwMDAwMjg8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjwvc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDI6QXNzZXJ0aW9uPg==</ns:message> <ns:code>200</ns:code> <ns:timeStamp>2020-10-27 09:11:13.528</ns:timeStamp> <ns:X-TELUS-SDF-TraceId>578834ee-b176-45de-a26f-3fcc8e35324f</ns:X-TELUS-SDF-TraceId> </ns:responseStatus> X-SHAREDHEALTH-EXCHANGE-SAML-EXPIRY: 2018-09-25 02:54:28.136 X-TELUS-ERX-SAML-EXPIRY: 2018-09-25 02:54:28.136 X-SHX-SDF-TraceId: a1ba12a0-19d1-456a-a831-c877d3ae21ed X-SHX-SDF-Site: site1.api.sharedhealth.exchange X-SHX-SDF-ServerId: sdfxmlfw1
Service Response Code Headers	HTTP 200 for Success HTTP 4xx or HTTP 5xx for any backend errors + payload. Payload format depends on whether the error is coming from the SDF (API gateway) or PrescribeIT® Central Service. In case of the SDF failure, the response is in custom XML format, in case of PrescribeIT® Central Service the response is in XML format compatible with the Response XML schema documented above (in this case, responseStatusType object has status set to Fail and message contains the details of the failure)

API Type

REST

Verb

POST

Request Content Type

application/xml

Response Content Type

application/xml

Required Request Headers

X-SHX-SDF-Developer-Key: <value>

Note: <value> for X-SHX-SDF-Developer-Key is unique for each caller location. It is a credential which is supplied along with the SDF certificate to each location during its on-boarding.

Accept: application/xml

Content-Type: application/xml

Description

Service to issue SAML Token

Response Header from Service

X-SHAREDHEALTH-EXCHANGE-SAML-EXPIRY - Date and time the returned token is going to expire. This time is always in UTC
X-SHX-SDF-TraceId - unique identifier of this transaction generated by the server

Production Endpoint URL

https://api.sharedhealth.exchange/rest/v1/THP/STS_vs0/api/requestToken

Pre-Conformance Endpoint URL

https://api.sharedhealth.exchange/rest/v1/preconf/THP/STS_vs1/api/requestToken

Request Schema

Production Environment

<xs:schema xmlns="http://www.sharedhealth.exchange/erx/2016/06/STS" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.sharedhealth.exchange/erx/2016/06/STS" elementFormDefault="qualified" attributeFormDefault="unqualified">
    <xs:element name="requestToken" type="requestTokenType">
        <xs:annotation>
            <xs:documentation>STS Token Request Message</xs:documentation>
        </xs:annotation>
    </xs:element>
    <xs:complexType name="requestTokenType">
        <xs:sequence>
            <xs:element name="entityBusinessId">
                <xs:simpleType>
                    <xs:restriction base="xs:string">
                        <xs:maxLength value="100"/>
                    </xs:restriction>
                </xs:simpleType>
            </xs:element>
            <xs:element name="appInstanceId">
                <xs:simpleType>
                    <xs:restriction base="xs:string">
                        <xs:maxLength value="100"/>
                    </xs:restriction>
                </xs:simpleType>
            </xs:element>
            <xs:element name="thpsUserId">
                <xs:simpleType>
                    <xs:restriction base="xs:string">
                        <xs:maxLength value="100"/>
                    </xs:restriction>
                </xs:simpleType>
            </xs:element>
            <xs:element name="OTP" minOccurs="0">
                <xs:simpleType>
                    <xs:restriction base="xs:string">
                        <xs:maxLength value="10"/>
                    </xs:restriction>
                </xs:simpleType>
            </xs:element>
            <xs:element name="localUserId">
                <xs:simpleType>
                    <xs:restriction base="xs:string">
                        <xs:maxLength value="100"/>
                    </xs:restriction>
                </xs:simpleType>
            </xs:element>
            <xs:element name="firstName" minOccurs="0">
                <xs:simpleType>
                    <xs:restriction base="xs:string">
                        <xs:maxLength value="50"/>
                    </xs:restriction>
                </xs:simpleType>
            </xs:element>
            <xs:element name="lastName">
                <xs:simpleType>
                    <xs:restriction base="xs:string">
                        <xs:maxLength value="50"/>
                    </xs:restriction>
                </xs:simpleType>
            </xs:element>
            <xs:element name="licenseNumber" minOccurs="0">
                <xs:simpleType>
                    <xs:restriction base="xs:string">
                        <xs:maxLength value="50"/>
                    </xs:restriction>
                </xs:simpleType>
            </xs:element>
            <xs:element name="licenseIssuer" minOccurs="0">
                <xs:simpleType>
                    <xs:restriction base="xs:string">
                        <xs:maxLength value="100"/>
                    </xs:restriction>
                </xs:simpleType>
            </xs:element>
            <xs:element name="roleCode" minOccurs="0">
                <xs:simpleType>
                    <xs:restriction base="xs:string">
                        <xs:maxLength value="50"/>
                    </xs:restriction>
                </xs:simpleType>
            </xs:element>
			<xs:element name="externalToken" minOccurs="0">
                <xs:simpleType>
                    <xs:restriction base="xs:string">
                        <xs:maxLength value="4000"/>
                    </xs:restriction>
                </xs:simpleType>
            </xs:element>
        </xs:sequence>
    </xs:complexType>
</xs:schema>

Request Sample

Request using practitioner’s license number and license issuer

<requestToken xsi:schemaLocation="http://www.sharedhealth.exchange/erx/2016/06/STS/STS-requestToken.xsd" xmlns="http://www.sharedhealth.exchange/erx/2016/06/STS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
	<entityBusinessId>https://api.sharedhealth.exchange/rest/v1/THP/TPR_vs0/Organization/200328629</entityBusinessId>
	<appInstanceId> urn:oid:2.16.840.1.113883.3.1467.1014915</appInstanceId>
	<thpsUserId>200328635</thpsUserId>
	<OTP>8upwh</OTP>
	<localUserId>10179</localUserId>
	<lastName>Wang</lastName>
	<licenseNumber>35981</licenseNumber>
	<licenseIssuer>urn:oid:2.16.840.1.113883.4.44</licenseIssuer>
</requestToken>

Request With External Token

This is to be used only by vendors who have been instructed and approved by Infoway to supply this additional piece of data in order to complete the 2FA process.

<requestToken xsi:schemaLocation="http://www.sharedhealth.exchange/erx/2016/06/STS STS-requestToken.xsd" xmlns="http://www.sharedhealth.exchange/erx/2016/06/STS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
               <entityBusinessId>https://api.preprd.sharedhealth.teluslabs.net/rest/v1/THP/TPR_vs0/Organization/200146119</entityBusinessId>
               <appInstanceId>urn:oid:1.2.2.3.3.7.7.10007939</appInstanceId>
               <thpsUserId>200146121</thpsUserId>
               <localUserId>PractThomas Pots</localUserId>
               <lastName>Pots</lastName>
               <licenseNumber>23423</licenseNumber>
               <licenseIssuer>urn:oid:2.16.840.1.113883.3.7752</licenseIssuer>
               <externalToken>eyJraWQiOiJpajJWZjlTOEhDb21UWVU3NGJhc0VPY0VMSFYybG9aYm5SVWZ0NlZCTDc4IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiIwMHV2a284YTVsdVhyUkJyNTBoNyIsIm5hbWUiOiJNaXlhIFdoZWF0bGV5IiwidmVyIjoxLCJpc3MiOiJodHRwczovL29rdGEtZC5xaHJ0ZWNoLmNvbS9vYXV0aDIvZGVmYXVsdCIsImF1ZCI6IjBvYXZrbDNxa3dtbVpaa21FMGg3IiwiaWF0IjoxNjA5ODYxMjkwLCJleHAiOjE2MDk4NjQ4OTAsImp0aSI6IklELnNoRkN3cDZXNXdVc3RSNVVDWTdjVUZHc2Y5TXdDOXlhd3hDdmppUjgybUEiLCJhbXIiOlsicHdkIl0sImlkcCI6IjAwb2tydDI0ZWdMd1hFVnQ0MGg3IiwicHJlZmVycmVkX3VzZXJuYW1lIjoibWl5YS53aGVhdGxleUBwcmVzY3JpYmVpdC5jYSIsImF1dGhfdGltZSI6MTYwOTg2MTI5MCwiYXRfaGFzaCI6InhYZGlEalJEeWtVR1RsWlUzSWhpV0EiLCJsaWNlbnNlX2lzcyI6InVybjpvaWQ6Mi4xNi44NDAuMS4xMTM4ODMuNC43NTYiLCJsaWNlbnNlX251bSI6IjIzNDIzIiwiZ3JvdXBzIjpbIkV2ZXJ5b25lIiwiUHJvdmlkZXIgVXNlcnMiLCJGZWRlcmF0ZWQgVXNlcnMiXSwic3F1aWQiOiJlZGU0MTFiNS01YzE4LTQ4ZWItOTg2My01MzY1YmRmMjhkODkifQ.UvZB6PoVnzbHVdpTLCc1mrVL__Gr6h5xMjBjslPqmATI7SFEI53N72pz95NhROiFR5qHfxZ1uipm9lVYZoCpZ-v338BFN3Pswah0GM8nrZ96Tyhose8Nq1_zAk1MfyeNpg575LT_g_LW1owxCMmbd8uQ6pyfWBXDaShfkIWj6mIi0s1j_BHkRXzOz2inA6T7YliZBE-8L-gVSa2xjC3xUAUHcNqjYtJXoGQrXattku1LDhPD5N1d266DTB7xF9KZp4STmDJFjsDNO3IA6fhgeztSHYUJUhVR6g7RzSIS1p9lNFTSRTN2Ntdo3oXVo_EQlx7Il0wo40ug7AYzNV2mQQ</externalToken>
</requestToken>

Response Schema

STSResponseStatus.xsd

<xs:schema xmlns="http://www.sharedhealth.exchange/erx/2016/06/STS" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.sharedhealth.exchange/erx/2016/06/STS" elementFormDefault="qualified" attributeFormDefault="unqualified">
	<xs:element name="responseStatus" type="responseStatusType">
		<xs:annotation>
			<xs:documentation>Common Response Structure</xs:documentation>
		</xs:annotation>
	</xs:element>
	<xs:complexType name="responseStatusType">
		<xs:sequence>
			<xs:element name="status">
				<xs:simpleType>
					<xs:restriction base="xs:string">
						<xs:enumeration value="Success"/>
						<xs:enumeration value="Fail"/>
					</xs:restriction>
				</xs:simpleType>
			</xs:element>
			<xs:element name="message" minOccurs="0">
				<xs:simpleType>
					<xs:restriction base="xs:string">
						<xs:maxLength value="1000"/>
					</xs:restriction>
				</xs:simpleType>
			</xs:element>
			<xs:element name="code" type="xs:int"/>
			<xs:element name="timeStamp" type="customDT"/>
			<xs:element name="X-TELUS-SDF-TraceId">
				<xs:simpleType>
					<xs:restriction base="xs:string">
						<xs:pattern value="[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"/>
					</xs:restriction>
				</xs:simpleType>
			</xs:element>
		</xs:sequence>
	</xs:complexType>
	<xs:simpleType name="customDT">
		<xs:restriction base="xs:string">
			<xs:pattern value="[0-9]{4}-[01][0-9]-[0-3][0-9] [0-2][0-9]:[0-5][0-9]:[0-6][0-9]\.[0-9]{3}"/>
			<!-- Example: 2009-12-31 00:00:00.123    yyyy-MM-dd HH:mm:ss.SSS -->
		</xs:restriction>
	</xs:simpleType>
</xs:schema>

Response + response header sample

X-SHAREDHEALTH-EXCHANGE-SAML-EXPIRY: 2020-10-28 01:11:13.521

X-SHX-SDF-TraceId: 578834ee-b176-45de-a26f-3fcc8e35324f

<ns:responseStatus xmlns:ns="http://www.sharedhealth.exchange/erx/2016/06/STS">
	<ns:status>Success</ns:status>
	<ns:message>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHNhbWwyOkFzc2VydGlvbiBJRD0iN2M2Mzg3M2YtM2NhMS00YWE5LWE3YzctY2RhODMxZGQwOWY5IiBJc3N1ZUluc3RhbnQ9IjIwMjAtMTAtMjdUMTM6MTE6MTMuNTIxWiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIj48c2FtbDI6SXNzdWVyPmh0dHBzOi8vYXBpLnNoYXJlZGhlYWx0aC5leGNoYW5nZS9yZXN0L3YxL1RIUC9TVFNfdnMwPC9zYW1sMjpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+PGRzOlJlZmVyZW5jZSBVUkk9IiM3YzYzODczZi0zY2ExLTRhYTktYTdjNy1jZGE4MzFkZDA5ZjkiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiPjxlYzpJbmNsdXNpdmVOYW1lc3BhY2VzIFByZWZpeExpc3Q9InhzIiB4bWxuczplYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9kczpUcmFuc2Zvcm0+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPjxkczpEaWdlc3RWYWx1ZT5NTWlRY3ZoNUNkMkI4SkJDRTBpdGpUdVhXeXM9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPmZTT2I4NXhBRjJrazVGYUN0OE5BUTloZ1l4V3BpZU1zU3I1NEZYOWVQdkIxM2xpb3NlVVhTZEJ4aUZwbS9kTnJRT0VwQ25wMkxvNTE5MzdIMXFaTE9zd2pSWGpwZS9uL1Z5eFQ2MnArKzBCUSsrQSs0M0UwdFNWOEdaWmpNZS9wRlNSNzB1aEhBeDRKK2ZOL1VoZnRERElOc2Z2MjVUb2trSWRVcHIwc0lJUWFYYW5RY1FoL3A5MjJPYmVXM1cxNkNqVlltT2VzR1B3dDY2Znl2SFN0S0cxczNnMVVzY0Z1eC9OVmxlcEw3OEhwWjBiODNXVFBMSElYeXUrcC9YUk1rbndpRUlCV1BDcEtxaEpTby9mbEZIR25Mb3ZTa2Y2bW9PZnd0ODlKakIwamdEUlpvL3lIR0NiRmVIZDdxeFN5ODdVQzkrNlU3bkZ4Yk1sdWVCZSttZz09PC9kczpTaWduYXR1cmVWYWx1ZT48ZHM6S2V5SW5mbz48ZHM6WDUwOURhdGE+PGRzOlg1MDlDZXJ0aWZpY2F0ZT5NSUlHcmpDQ0JaYWdBd0lCQWdJUUtJOFhEN294VEhJQUFBQUFVUVhDQ3pBTkJna3Foa2lHOXcwQkFRc0ZBRENCdWpFTE1Ba0dBMVVFCkJoTUNWVk14RmpBVUJnTlZCQW9URFVWdWRISjFjM1FzSUVsdVl5NHhLREFtQmdOVkJBc1RIMU5sWlNCM2QzY3VaVzUwY25WemRDNXUKWlhRdmJHVm5ZV3d0ZEdWeWJYTXhPVEEzQmdOVkJBc1RNQ2hqS1NBeU1ERXlJRVZ1ZEhKMWMzUXNJRWx1WXk0Z0xTQm1iM0lnWVhWMAphRzl5YVhwbFpDQjFjMlVnYjI1c2VURXVNQ3dHQTFVRUF4TWxSVzUwY25WemRDQkRaWEowYVdacFkyRjBhVzl1SUVGMWRHaHZjbWwwCmVTQXRJRXd4U3pBZUZ3MHlNREEyTURVeE9ESTFNRGxhRncweU1UQTNNVGd4T0RVMU1EbGFNR294Q3pBSkJnTlZCQVlUQWtOQk1ROHcKRFFZRFZRUUlFd1pSZFdWaVpXTXhFVEFQQmdOVkJBY1RDRTF2Ym5SeVpXRnNNUjR3SEFZRFZRUUtFeFZEWVc1aFpHRWdTR1ZoYkhSbwpJRWx1Wm05M1lYa3hGekFWQmdOVkJBTVREbkJ5WlhOamNtbGlaV2wwTG1OaE1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW9VVWdHajJLNXc0a3hPa2szc3lkdE1rcExRRlUvdkEwSTJIYnd6SmJqelpIUXZVWHAxUWUwRW43VVNza2dMd2wKQ202SXFsVXRrOUlJRSswbzNIc1hYUzllcXM3VU5qbFVvVW1xcnNheUZwaWZ2c2VSTEx3aXZkQTdvMTUyTjVyT2NKZzdiaWtwVm9YUAphVys1bHlrWFVHeVVvUmtnOVZORDV5dnJTR0hJQnhFK1VjRFpqR1VwVTJ4VW5wa1k4dm56ZlY4YTNQVERzTlYyK1AwUFJNTnhHalJ3ClpWTXRMdUx5bU84aHp3M2ZndGQ3SDZUb0RqaEY1WjUrM2psYVo0VTRYYmttTlBRTHloNURrSm4rRW8rN0crbjI4d3FDTFlkY1YxdDUKSmt1b281aTkvS0c2bmY3a3B1ckxkR0ZrTmx0N2U3UGg0UGg5WHdMWjhNR0lCT09ycFFJREFRQUJvNElDL1RDQ0F2a3dHUVlEVlIwUgpCQkl3RUlJT2NISmxjMk55YVdKbGFYUXVZMkV3Z2dGK0Jnb3JCZ0VFQWRaNUFnUUNCSUlCYmdTQ0FXb0JhQUIxQUZXQjFNSVdrRFlCClN1b0xtMWM4VS9EQTVEaDRjQ1VJRnkranFoMEhFOU1NQUFBQmNvWFdQVXdBQUFRREFFWXdSQUlnQTR1YTB6WGgzWFVUYmcvYTIwQzgKc2djdEpHNEdvN1hwZmdDNjBPdnJ1UVFDSUhQVWM5TWxkUW9tVmpRL25MbUM1WFJ3YmUwcEgvK1RlRnVGQVRoN0Z3N1lBSGNBVmhRRwptaS9Yd3V6VDllRzlSTEkreDBaMnVieVpFVnpBNzVTWVZkYUowTjBBQUFGeWhkWTlaQUFBQkFNQVNEQkdBaUVBaU9sSlBGZzBMSzZoCkdaRXpXbUwreG9wdExjRmdyenlPUVVzYkZmb2U0YWtDSVFEeVF3Y0hNVXovQzYzSjExMUFWUW9HajhiOE90OG9MU0ZHaVpuSzJFNkgKSkFCMkFQWmNsQy9SZHpBaUZGUVlDRENVVm83alRSTVpNNy9mREM4Z0M4eE84V1RqQUFBQmNvWFdQWEVBQUFRREFFY3dSUUloQUtYawp5K0YzZ3hBQXViVW53UDV5N3dUYmM5ZTNGSlpjd3g3QURhZm5uYUx0QWlCSGE5L1F6dWp3ZlJNQUllUTZNRWI3MmtUdSswTStiemdRCjRZR3NldERqNXpBT0JnTlZIUThCQWY4RUJBTUNCYUF3RXdZRFZSMGxCQXd3Q2dZSUt3WUJCUVVIQXdFd013WURWUjBmQkN3d0tqQW8Kb0NhZ0pJWWlhSFIwY0RvdkwyTnliQzVsYm5SeWRYTjBMbTVsZEM5c1pYWmxiREZyTG1OeWJEQkxCZ05WSFNBRVJEQkNNRFlHQ21DRwpTQUdHK213S0FRVXdLREFtQmdnckJnRUZCUWNDQVJZYWFIUjBjRG92TDNkM2R5NWxiblJ5ZFhOMExtNWxkQzl5Y0dFd0NBWUdaNEVNCkFRSUNNR2dHQ0NzR0FRVUZCd0VCQkZ3d1dqQWpCZ2dyQmdFRkJRY3dBWVlYYUhSMGNEb3ZMMjlqYzNBdVpXNTBjblZ6ZEM1dVpYUXcKTXdZSUt3WUJCUVVITUFLR0oyaDBkSEE2THk5aGFXRXVaVzUwY25WemRDNXVaWFF2YkRGckxXTm9ZV2x1TWpVMkxtTmxjakFmQmdOVgpIU01FR0RBV2dCU0NvbkIwM2J4VFA4OTcxUGZOZjZkZ3hncE12ekFkQmdOVkhRNEVGZ1FVMFdyY24ycThsUUNmS3JLUEkreHhvSU84CmhnOHdDUVlEVlIwVEJBSXdBREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBalI5Q0RnRmVBLzVSSzA1Y3o2THVsZTlSQVZqdkdnU2UKdHM3Y2dDaUtrUU5yVHBrcmRsTHNsRExicE1VUkVseVhMTFlqc3RVeVNXR0dOakhpZkJFMnNsb0MrRGdXYTVLcDZ2Sm90eVh1SlJKMAozeWpYdTB5K0NZTndSK0V5enBWS2JHWUtOYWhuUlFaNVc0S3FoY1hkV3paN2JhYVJUNmgzVTJqOWl3OGwvVURBK0Q3SVhFL0Izb2RPCmtJS0h2N1p1bU1yaGNVRElST0JHS0xDMnRpbERENk5QZ1NLY2RyZnJlNDZncStZSGhBa3JyNmRxWmwwRnQ1Ukt3RGhsbXAwa0dZTFkKMlJacU5oMUl1b1JSRTVSaWZLOFAvU2RwaktPS2xnNlZPN1VBbjVBbVVxN0w4R2tUUkdRYzYxVVJJZXFNeXljbEtPTzZ3d0dsS2xIZQplRUVHZUE9PTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sMjpTdWJqZWN0PjxzYW1sMjpOYW1lSUQgRm9ybWF0PSJUZWx1c2hlYWx0aC5jb20iIE5hbWVRdWFsaWZpZXI9IlRlbHVzaGVhbHRoLmNvbSI+MjAwMDAwMDI2PC9zYW1sMjpOYW1lSUQ+PHNhbWwyOlN1YmplY3RDb25maXJtYXRpb24gTWV0aG9kPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6Y206YmVhcmVyIj48c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDIwLTEwLTI4VDAxOjExOjEzLjUyMVoiLz48L3NhbWwyOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sMjpTdWJqZWN0PjxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyMC0xMC0yN1QxMzowNjoxMy41MjFaIiBOb3RPbk9yQWZ0ZXI9IjIwMjAtMTAtMjhUMDE6MTE6MTMuNTIxWiIvPjxzYW1sMjpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMjAtMTAtMjhUMDE6MTE6MTMuNTIxWiI+PHNhbWwyOkF1dGhuQ29udGV4dD48c2FtbDI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6U2VjdXJlUmVtb3RlUGFzc3dvcmQ8L3NhbWwyOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDI6QXV0aG5Db250ZXh0Pjwvc2FtbDI6QXV0aG5TdGF0ZW1lbnQ+PHNhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudD48c2FtbDI6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnRlbHVzaGVhbHRoLmNvbS8yMDE2LzA1L2lkZW50aXR5L2NsYWltcy9MaWNlbnNlIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+dXJuOm9pZDoyLjE2Ljg0MC4xLjExMzg4My40LjM0NzpPTjUwMDAyNjwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy50ZWx1c2hlYWx0aC5jb20vMjAxNi8wNS9pZGVudGl0eS9jbGFpbXMvUm9sZUNvZGUiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5odHRwOi8vaGw3Lm9yZy9maGlyL3ByYWN0aXRpb25lci1yb2xlfGRvY3Rvcjwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy50ZWx1c2hlYWx0aC5jb20vMjAxNi8wNS9pZGVudGl0eS9jbGFpbXMvU2VydmljZUxvY2F0aW9uRW50aXR5SUQiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5odHRwczovL3dlYnNlcnZpY2VzLnRlbHVzLmNvbS9yZXN0L3YxL1RIUC9UUFJfdnMwL09yZ2FuaXphdGlvbi8yMDAwMDAwMjg8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgTmFtZT0iaHR0cDovL3NjaGVtYXMudGVsdXNoZWFsdGguY29tLzIwMTYvMDUvaWRlbnRpdHkvY2xhaW1zL0xhc3ROYW1lIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+V2FuZzwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy50ZWx1c2hlYWx0aC5jb20vMjAxNi8wNS9pZGVudGl0eS9jbGFpbXMvTG9jYWxVc2VySUQiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5Db2xvbWJhIERlQW5nZWxpcyBNRDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBOYW1lPSJodHRwOi8vc2NoZW1hcy50ZWx1c2hlYWx0aC5jb20vMjAxNi8wNS9pZGVudGl0eS9jbGFpbXMvRmlyc3ROYW1lIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+QmluaHVhPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIE5hbWU9Imh0dHA6Ly9zY2hlbWFzLnRlbHVzaGVhbHRoLmNvbS8yMDE2LzA1L2lkZW50aXR5L2NsYWltcy9BcHBJbnN0YW5jZUlEIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+dXJuOm9pZDowLjAuMC4wLjAuMC4yMDAwMDAwMjg8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjwvc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDI6QXNzZXJ0aW9uPg==</ns:message>
	<ns:code>200</ns:code>
	<ns:timeStamp>2020-10-27 09:11:13.528</ns:timeStamp>
	<ns:X-TELUS-SDF-TraceId>578834ee-b176-45de-a26f-3fcc8e35324f</ns:X-TELUS-SDF-TraceId>
</ns:responseStatus>

X-SHAREDHEALTH-EXCHANGE-SAML-EXPIRY: 2018-09-25 02:54:28.136
X-TELUS-ERX-SAML-EXPIRY: 2018-09-25 02:54:28.136
X-SHX-SDF-TraceId: a1ba12a0-19d1-456a-a831-c877d3ae21ed
X-SHX-SDF-Site: site1.api.sharedhealth.exchange
X-SHX-SDF-ServerId: sdfxmlfw1

Service Response Code Headers

HTTP 200 for Success
HTTP 4xx or HTTP 5xx for any backend errors + payload. Payload format depends on whether the error is coming from the SDF (API gateway) or PrescribeIT® Central Service. In case of the SDF failure, the response is in custom XML format, in case of PrescribeIT® Central Service the response is in XML format compatible with the Response XML schema documented above (in this case, responseStatusType object has status set to Fail and message contains the details of the failure)

5.6 Formulary Query

API Type	REST
Verb	GET
Required Request Headers	X-SHX-SDF-Developer-Key: <value> Note: <value> for X-SHX-SDF-Developer-Key is unique for each caller location. It is a credential which is supplied along with the SDF certificate to each location during its on-boarding. Accept: application/xml+fhir X-SHAREDHEALTH-EXCHANGE-SENDING-APP-INSTANCE-ID: <value> X-SHAREDHEALTH-EXCHANGE-SENDING-ORGANIZATION-ID: http://sharedhealth.exchange/fhir/NamingSystem/registry-id-organization\|<value>
Response Content Type	application/xml+fhir
Description	Query to the formulary service
Production Endpoint URL	https://api.sharedhealth.exchange/rest/v1/THP/mailbox_vs0/$formulary">https://api.sharedhealth.exchange/rest/v1/THP/mailbox_vs0/$formulary
Pre-Conformance Endpoint URL	https://api.sharedhealth.exchange/rest/v1/preconf/THP/mailbox_vs1/$formulary">https://api.sharedhealth.exchange/rest/v1/preconf/THP/mailbox_vs1/$formulary
Response Headers	X-SHX-SDF-TraceId - unique identifier of this transaction generated by the server Content-Type: application/xml+fhir
Service Response HTTP Code header and Payload	HTTP 200 for success + payload HTTP 4xx or HTTP 5xx for any backend errors + payload. Payload format depends on whether the error is coming from the SDF (API gateway) or PrescribeIT® Central Service. In case of the SDF failure, the response is in custom XML format, in case of PrescribeIT® Central Service the response is an OperationOutcome object
Sample query

API Type

REST

Verb

GET

Required Request Headers

X-SHX-SDF-Developer-Key: <value>

Note: <value> for X-SHX-SDF-Developer-Key is unique for each caller location. It is a credential which is supplied along with the SDF certificate to each location during its on-boarding.

Accept: application/xml+fhir
X-SHAREDHEALTH-EXCHANGE-SENDING-APP-INSTANCE-ID: <value>

X-SHAREDHEALTH-EXCHANGE-SENDING-ORGANIZATION-ID: http://sharedhealth.exchange/fhir/NamingSystem/registry-id-organization|<value>

Response Content Type

application/xml+fhir

Description

Query to the formulary service

Production Endpoint URL

https://api.sharedhealth.exchange/rest/v1/THP/mailbox_vs0/$formulary">https://api.sharedhealth.exchange/rest/v1/THP/mailbox_vs0/$formulary

Pre-Conformance Endpoint URL

https://api.sharedhealth.exchange/rest/v1/preconf/THP/mailbox_vs1/$formulary">https://api.sharedhealth.exchange/rest/v1/preconf/THP/mailbox_vs1/$formulary

Response Headers

X-SHX-SDF-TraceId - unique identifier of this transaction generated by the server
Content-Type: application/xml+fhir

Service Response HTTP Code header and Payload

HTTP 200 for success + payload
HTTP 4xx or HTTP 5xx for any backend errors + payload. Payload format depends on whether the error is coming from the SDF (API gateway) or PrescribeIT® Central Service. In case of the SDF failure, the response is in custom XML format, in case of PrescribeIT® Central Service the response is an OperationOutcome object

Sample query

5.7 Shared Health - API Summary

The API summary for Shared Health can be found here.