About Fire Arrow
Fire Arrow is a GraphQL facade for Microsoft's FHIR server. The intention is to provide a modern GraphQL API with easy-to-configure but strong role-based access control (RBAC) for digital health solutions intending to store data in Azure Health Data Services.
Fire Arrow leverages data stored in the FHIR server itself to dynamically provide role-based access control. All security controls are recorded in a single configuration file and any OAuth server can be used to provide authentication. While Fire Arrow's setup has some overlap with SMART on FHIR, Fire Arrow provides a higher amount of flexibility while being easier to deploy.
Rationale
FHIR servers provide great infrastructure to store medical health records in an interoperable way. Headless CMS systems provide modern APIs, flexible authentication and customizeable access controls tailored for mobile clients.
Fire Arrow aims at leveraging the best of both worlds by providing
- highly customizable entity-level access control
- use of the FHIR database itself to model access rights, decoupling RBAC from the authentication service
- inbound and outbound request authentication
- a modern GraphQL API
- support for client self registration
- an easy interface to extend the FHIR API to enable additional business logic
- support for simple and transparent binary file storage without adding bloat to the FHIR database
FHIR Server Support
Fire Arrow is currently targeting Microsoft's FHIR server while being deployed on Azure but there is very little or no effort required to use it with other FHIR servers.
FHIR server requirements:
- HL7 FHIR R4 REST API
- Support request authentication with bearer tokens
- Support custom SearchParameter creation