Making API calls from the Plugin

To make API calls to BioT the plugin needs to obtain a valid JWT token from BioT.

To be able to login to BioT the plugin needs to have service user credentials.
These credentials are generated automatically if you deploy your plugin via the deploy plugin API, or you can create one manually.

Once the credentials are generated use the service user login API to login to BioT.
The API will provide you with a valid JWT token. For how to use the token see Login to BioT.

📘

Refresh Tokens

Refresh tokens are used to allow human users a convenient way to replace expired access token with new ones, with the need to enter the username and password.
Since plugins do not have this limitation no refresh token is supplied and it is advisable to obtain a new access token each time a new string of API calls is about to made.

Plugins and Interceptors

By default, when a plugin makes an API call, no interceptors are triggered. This is done because of performance reasons.
If the plugin wants to trigger other interceptors then the plugin needs to advertise this in the call header by adding:

allow-interception: <any-value>

BioT will check the existence of the header that has any value except null. Adding this header will indicate to BioT that this call should not be considered as any other API call and go through the interceptors chain.

The following is an example of an API call made by a JavaScript plugin updating a patient's age. Because the plugin passes allow-interception: 1 in the header, this call will be intercepted by any other plugin that listens to updates made to a patient entity:

const options = {
  method: 'PATCH',
  headers: {
    accept: 'application/json',
    'content-type': 'application/json',
    'allow-interception': '1',
    authorization: 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'
  },
  body: JSON.stringify({age: 46})
};

fetch('https://example.com/organization/v1/users/patients/id', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));