Additional settings for Azure API for FHIR
Important
Azure API for FHIR will be retired on September 30, 2026. Follow the migration strategies to transition to Azure Health Data Services FHIR service by that date. Due to the retirement of Azure API for FHIR, new deployments won't be allowed beginning April 1, 2025. Azure Health Data Services FHIR service is the evolved version of Azure API for FHIR that enables customers to manage FHIR, DICOM, and MedTech services with integrations into other Azure services.
In this how-to guide, we'll review the additional settings you may want to set in your Azure API for FHIR. There are additional pages that drill into even more details.
Configure Database settings
Azure API for FHIR uses database to store its data. Performance of the underlying database depends on the number of Request Units (RU) selected during service provisioning or in database settings after the service has been provisioned.
Throughput must be provisioned to ensure that sufficient system resources are available for your database at all times. How many RUs you need for your application depends on operations you perform. Operations can range from simple read and writes to more complex queries.
For more information on how to change the default settings, see configure database settings.
Access control
Azure API for FHIR will only allow authorized users to access the FHIR API. You can configure authorized users through two different mechanisms. The primary and recommended way to configure access control is using Azure role-based access control (Azure RBAC), which is accessible through the Access control (IAM) blade. Azure RBAC only works if you want to secure data plane access using the Microsoft Entra tenant associated with your subscription. If you wish to use a different tenant, the Azure API for FHIR offers a local FHIR data plane access control mechanism. The configuration options aren't as rich when using the local RBAC mechanism. For details, choose one of the following options:
- Azure RBAC for FHIR data plane. This is the preferred option when you're using the Microsoft Entra tenant associated with your subscription.
- Local FHIR data plane access control. Use this option only when you need to use an external Microsoft Entra tenant for data plane access control.
Enable diagnostic logging
You may want to enable diagnostic logging as part of your setup to be able to monitor your service and have accurate reporting for compliance purposes. For details on how to set up diagnostic logging, see our how-to-guide on how to set up diagnostic logging, along with some sample queries.
Use custom headers to add data to audit logs
In the Azure API for FHIR, you may want to include additional information in the logs, which comes from the calling system. To do including this information, you can use custom headers.
You can use custom headers to capture several types of information. For example:
- Identity or authorization information
- Origin of the caller
- Originating organization
- Client system details (electronic health record, patient portal)
To add this data to your audit logs, see the Use Custom HTTP headers to add data to Audit Logs how-to-guide.
Next steps
In this how-to guide, you set up additional settings for the Azure API for FHIR.
Next check out the series of tutorials to create a web application that reads FHIR data.
FHIR® is a registered trademark of HL7 and is used with the permission of HL7.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for