User GuideAPI Reference
ProductUse CasesResource CenterFAQAbout UsBook a DemoSign Up - It's Free
User Guide
ProductUse CasesResource CenterFAQAbout UsBook a DemoSign Up - It's Free
Start typing to search…

Making API calls from the Plugin

To make API calls to BioT, the plugin needs to obtain a valid JWT token from BioT.

To log in to BioT, the plugin must use service user credentials. These credentials are generated automatically if you deploy your plugin via the deploy plugin API, or you can create one manually.

Once the credentials are generated, use the service user login API to log in to BioT.
The API will provide you with a valid JWT token. For details on how to use the token, see Login to BioT.

The process of obtaining a new token is CPU-intensive. Since each token remains valid for 30 minutes, it is strongly recommended to reuse the existing token during this validity period rather than requesting a new one for every API call. Caching and reusing the token will reduce system load and improve performance.

📘

Refresh Tokens

Refresh tokens are used to allow human users a convenient way to replace expired access token with new ones, with the need to enter the username and password.
Since plugins do not have this limitation no refresh token is supplied and it is advisable to obtain a new access token each time a new string of API calls is about to made.

Plugins and Interceptors

By default, when a plugin makes an API call, no interceptors are triggered. This is done because of performance reasons.
If the plugin wants to trigger other interceptors then the plugin needs to advertise this in the call header by adding:

allow-interception: <any-value>

BioT will check the existence of the header that has any value except null. Adding this header will indicate to BioT that this call should not be considered as any other API call and go through the interceptors chain.

The following is an example of an API call made by a JavaScript plugin updating a patient's age. Because the plugin passes allow-interception: 1 in the header, this call will be intercepted by any other plugin that listens to updates made to a patient entity:

const options = {
  method: 'PATCH',
  headers: {
    accept: 'application/json',
    'content-type': 'application/json',
    'allow-interception': '1',
    authorization: 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c'
  },
  body: JSON.stringify({age: 46})
};

fetch('https://example.com/organization/v1/users/patients/id', options)
  .then(response => response.json())
  .then(response => console.log(response))
  .catch(err => console.error(err));

Updated 7 days ago