Integrating your health bot instance with your data sources and APIs

Connecting to Data Providers APIs

There are multiple ways to connect the Health Bot Service with your data sources and APIs:

  • Non-user associated; for example, the API is used to get general information about a healthcare provider.

  • User associated:

    • In-chat explicit consent. For example, the API is used to retrieve the user's age, gender, and workout info from a social network. This requires the user's authentication and consent.

    • Single Sign On (SSO) mode. For example, the user is already signed in to the partner web application. The health bot instance can use the API to retrieve user's medical record from the partner system, without asking the user to sign in again.

Non-user-associated API

In this scenario, the access to the backend API is generic and not done on behalf of a user, therefore no user authentication or consent is required. For example, this type of access can be used to fetch information from a doctor's repository. Typically, the access to this API will be done with an API key that will be used in the Authorization header, another header, or as a URL parameter.

To implement this scenario, a new data provider with the appropriate type of API_KEY should be created.

When adding a new data provider in the Scenario Editor, the header or URL authorization parameter should be defined based on the API key variable.

The URL, method, and headers should also be configured.

User associated API

In this scenario, the health bot instance can connect in ad hoc mode to a REST API on behalf of the user. Typically, the resources provided by this API belong to the user, and the user should provide consent to access them.

The following is an example of accessing a social network to retrieve fitness information:

The steps to implement this scenario are:

  1. Create a new data provider of type OAuth.

  2. In the Scenario Editor, add a new data provider, linked to the provider created in step one.

The data provider should be configured with the URL, method, and other optional configurations.

SSO mode

In this scenario, the health bot instance can access backend API that belongs to the partner application. If the user is already signed in to the partner application, there is no need to ask them to sign in again to access the API. For example, this type of data can be used to fetch user profile information from the partner's system.

Step 8 in the following diagram illustrates how to use optional attributes to access the partner application API in SSO mode.

To implement this scenario, a new data provider of the type "Custom" should be added in the Scenario Editor.

In the data provider, the Headers:(object) field should be edited to generate the Authorization header. In the case of OAuth access key, the value in the Authorization header is based on the optional Attributes. See the example below: