Authentication

Mirth® Connect by NextGen Healthcare User Guide

Mirth® Connect REST API

The Administrator and Command Line Interface both use a well-defined API to communicate with the Mirth® Connect server. You can also use the same API to create custom integrations of your own. The API is documented at https://localhost:8443/api (change the IP / port as needed), or you can select View Client API in Administrator via Other Tasks: Select the View Client API action to open the API documentation in your default browser. Note: You may see a warning in your browser if your Mirth® Connect instance is still using the auto-generated self-signed certificate. You can select Advanced and allow the browser to continue to the page. To resolve this warning, look at Application Data Directory for instructions on installing your own certificate. Select the arrow button on one of the endpoint group rows to view its operations. This list shows the operation's HTTP method type, request URL, and a description for each endpoint. Select on one of the endpoint rows to view its details. If desi

Multi-Factor Authentication User Guide

Using the TOTP API Integration

After invoking the /users/_login endpoint, you will receive a payload like this: <com.mirth.connect.plugins.mfa.model.MfaLoginStatus> ... <primaryStatus>SUCCESS</primaryStatus></com.mirth.connect.plugins.mfa.model.MfaLoginStatus> Take note of primaryStatus, which lets you know whether primary authentication (username and password) succeeded. You should only proceed if the primary status is SUCCESS or SUCCESS_GRACE_PERIOD. Generate a new verification code by using the secret key you previously stored. Call the /users/_login endpoint again. On this second leg of authentication, only the username is required, not the password. Concatenate the username, primary status, and verification code with colons (":"). Then send the string as a custom header, X-Mirth-Login-Data. If the login call was successful, the server returns a JSESSIONID cookie for you to use on subsequent requests. Once you no longer need the session, call the /users/_logout endpoint to clear the session data on the server. P

Multi-Factor Authentication User Guide

Using the Duo Universal API Integration

Note: You must use Mirth® Connect 4.5.0 or higher with Duo Universal. Note: Instructions on working with the DUO Administrator are available at https://duo.com/docs/duoweb#detailed-sdk-workflow. First Call The first call posts to the /users/_login endpoint in order to get authorization. To authenticate the Duo Administrator, it is necessary to provide a X-Mirth-Server-Url header containing the Mirth server URL. After invoking the /users/_login endpoint, you will receive a payload that looks, for example, like this:<com.mirth.connect.plugins.mfa.model.DuoLoginStatus> .... <primaryStatus>SUCCESS</primaryStatus> <apiHostname>api-ff51bcf3.duosecurity.com</apiHostname> <authURL>https://api-ff51bcf3.duosecurity.com/oauth/v1/authorize?scope=openid&response_type=code&redirect_uri=https://localhost:8443/api/4.5.0/extensions/mfa/duocallback&client_id=DIZ4Q0FEZGOK8ZVOWN2O&request=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJkdW9fdW5hbWUiOiJ0ZXN0MSIsInNjb3BlIjoib3BlbmlkIiwicmVzcG9uc2Vfd

Multi-Factor Authentication User Guide

Using the Duo API Integration

After invoking the /users/_login endpoint, you will receive a payload like this: <com.mirth.connect.plugins.mfa.model.DuoLoginStatus> ... <primaryStatus>SUCCESS</primaryStatus> <apiHostname>api-f9248ffb.duosecurity.com</apiHostname> <signedRequest>TX|...:APP|...</signedRequest></com.mirth.connect.plugins.mfa.model.DuoLoginStatus> Take note of the primaryStatus, which lets you know whether primary authentication (username and password) succeeded. You should only proceed if the primary status is SUCCESS or SUCCESS_GRACE_PERIOD. Note the apiHostname and signedRequest, as those will be passed into the Duo iframe. The next step is to show the Duo iframe to the user, and retrieve the signed response string. Instructions are here: https://duo.com/docs/duoweb. After you retrieve the signed response string, call the /users/_login endpoint again. On this second leg of authentication, only the username is required, not the password. Concatenate the username, primary status, and signed response wi

Mirth® Connect by NextGen Healthcare M3 User Guide

REST API Authentication

M3 supports Basic Authentication (i.e., a method for an HTTP user agent to provide a user name and password when making a request.) Basic Authentication: To include basic authentication in your API requests: Simply include an Authorization header on all API requests, with basic credentials. Example (for admin/admin): Authorization: Basic YWRtaW46YWRtaW4= Parent topic: M3 REST API

Mirth® Connect by NextGen Healthcare User Guide

JavaScript HTTP Authentication

Allows you to authenticate users with a custom JavaScript script. With this script you have access to source map variables, and can choose whether to send a challenged or failure response back to the client. The default script simply allows all requests to pass. The Script field will show <Default Script Set> if the default script is currently being used. If you have made any modification to the script, the Script field will show <Custom Script Set>. Select the Script field to edit the JavaScript: This script expects either a boolean ( true to accept the request, false to send back a failure response) or an AuthenticationResult object to be returned (for additional information, see User API) . There are three types of results you can return: AuthenticationResult.Success(): The request will be accepted and processed through the channel. AuthenticationResult.Challenged(authenticateHeader): The request will not be processed through the channel. A 401 response will be sent back to the clie

Authentication

Recommendations

Mirth® Connect REST API

Using the TOTP API Integration

Using the Duo Universal API Integration

Using the Duo API Integration

REST API Authentication

JavaScript HTTP Authentication

Mirth® Connect REST API

Using the TOTP API Integration

Using the Duo Universal API Integration

Using the Duo API Integration

REST API Authentication

JavaScript HTTP Authentication