SMART Developers Documentation
This Guide is intended for software developers who want to write SMART apps — and it's a work in progress! If you have any questions, please drop a note in our SMART App Developers Group.Help us improve! You can correct errors or add to this page by clicking here to edit this page on Github.
What is SMART?
SMART provides a unified mechanism for diverse applications to interact with medical record data. SMART Apps built against the SMART API can be embedded within any SMART Container. A SMART Container is, most often, an Electronic Medical Record (EMR) system used by physicians, but might also be a Personal Health Record (PHR) such as Indivo used by patients, or a data-analytics platform such as i2b2 used by researchers.
For example, a SMART app might analyze a person's risk of heart disease based on recent labs and demographic information. This app can then be deployed on Regenstrief's CareWeb EHR, Children Hospital Boston's Indivo PCHR, or Harvard Medical School's i2b2 analytics engine. As other EMR vendors adopt the SMART platform, the app's reach increases without changing a single line of code.
Anatomy of a SMART App
A SMART app is a normal web application, embedded as a frame within the SMART Container's user interface, with access to the SMART API for interacting with health data. A patient, Penny, may use a medication browser app within her PCHR. Meanwhile, a primary care doctor Dave may use the same app within his clinic-based EMR to view the medications of a patient scheduled for an appointment next week. Penny's PCHR and Dave's EMR are both SMART containers; they both expose the SMART API; and they can both display the medication browser app. Though they may function very differently behind the scenes, they can both embed the exact same medication-list-manager app because they present the same API. Importantly, in any given user session (Penny's or Dave's), the medication-list-manager is connected to only ''one'' SMART container.
The screenshots to the right demonstrate the same medication list application running in the context of two different SMART containers: a simplified EMR, and the analytics platform i2b2.
A SMART app can access the SMART API in two ways:
- via "SMART REST", using standard OAuth authentication and authorization and simple REST calls to a SMART container
Apps with server-side requirements, or apps that need offline access to the SMART API, use the REST interface, which exposes data as resources accessible via HTTP GET, POST, PUT, or DELETE. To ensure apps are authorized to access the resources they request, the SMART container authenticates each REST API call using OAuth, a scheme by which a SMART container or user may delegate access to applications.
The delegation takes the form of a token/secret pair, generated by the SMART container and handed off to the application (with permission!). After tokens are obtained, each HTTP request is signed using the shared secret.
Writing a SMART REST app requires a bit more work than a SMART Connect app, because the app must be able to:
- Interact with the SMART container using OAuth to obtain tokens
- Store tokens securely, maintaining appropriate sessions
- Select the appropriate token and sign each SMART REST API call
OK, I'm ready to code
You'll want to follow our HOWTOs in order:
For all of these, you can find our code on Github