This documentation aims to define the services offered in terms of interoperability.

Service Connection

Connections are, unless otherwise specified, always initiated by the establishment. This provides a guarantee of non-intrusion by Rofim into the establishment's IT system. Furthermore, no port needs to be opened in the Rofim --> Establishment direction.

Flows are established in HTTPS to the following Base_URLs:

PRE-PRODUCTION: https://interop.preprod.rofim.doctor
PRODUCTION: https://interop.rofim.doctor

Unless otherwise specified, all requests are POST

A timeout of 60s must be configured on the calling application side.

Security

Flow Authentication

2 HTTP headers must be set in all calls made by the establishment. They serve to identify and authenticate the establishment.

Header Name	Header Value	Comment
`finess`	establishment's `finess` number or unique ID	Optional
`x-api-key`	`API key` provided by Rofim	Required. Keys are different in pre-production and production

Keys are different in pre-production and production.

❗️
API keys are secrets that must be stored securely and should not be shared.

IP Whitelisting

Rofim performs whitelisting of the establishment's IPs. The establishment must provide Rofim with the IPs that can call the interoperability services.

HTTP Return Codes and Error Handling

In case of successful execution, Rofim's HL7 APIs return an HTTP 20X code.
Any other code received (4XX, 5XX, etc.) must be interpreted as a failed call on the calling application side and trigger appropriate error handling (retransmission, alert raising, etc.).

Encoding

Unless otherwise specified, all messages are encoded in UTF-8