Node FHIR Rest API Server. Fork from Asymmetrik

Usage no npm install needed!

<script type="module">
  import ahryman40kNodeFhirServerCore from 'https://cdn.skypack.dev/@ahryman40k/node-fhir-server-core';


A fork from asymmetrik sources.

Asymmetrik FHIR API Server

A Secure Rest implementation for the HL7 FHIR Specification. For API documentation, please see our documents.

Build Status Known Vulnerabilities

The Asymmetrik Extensible Server Framework for Healthcare allows organizations to build secure, interoperable solutions that can aggregate and expose healthcare resources via a common HL7® FHIR®-compatible REST API. This server framework currently supports DSTU2 (1.0.2), STU3 (3.0.1), and R4 (4.0.0) simultaneously. You can decide to support all three or just one by editing the configuration.

The framework defines a core server, node-fhir-server-core, a simple, secure Node.js module built according to the FHIR specification and compliant with the US Core implementation.

For an example implementation using MongoDB, please refer to our Github repository that we used for the ONC FHIR Secure API Server Showdown Challenge: https://github.com/Asymmetrik/node-fhir-server-mongo.


Please view the Migration Guide for version 2.0.0. We will absolutely continue supporting previous versions but will prioritize new features going to 2.0.0 unless we receive requests to retrofit them to older versions.


Node.js version later than >7.6 is required, but you should NOT use 8.5 (see Attention). A basic understanding of promises and a familiarity of the FHIR specification is not required, but will be very helpful.

Getting Started

Please see our Getting Started guide for a walkthrough of how to set up our FHIR server.

Frequently Asked Questions


Our project vision is to build an easy to use FHIR server that supports all resource profiles defined in the US Core implementation guide and is built with security in mind from the ground up. We decided to use a plugin style architecture so implementors could focus on writing queries and not worry about all the other technical difficulties of securing the server. As this project matures, we plan to support more resources, custom extensions, versions, write capabilities, etc.

We believe in establishing a robust security, especially when it comes to health information. Part of the ONC Secure API Server Challenge was to stand up a server and let penetration testers have a go at it (you can see their results here). We are committed to continuing this practice and we will continue fixing any vulnerabilities discovered so we can do our best to make this server as secure as possible. For authentication, we are actively working on methods for simplifying integration with SMART on FHIR.


Please see CONTRIBUTING.md for more details regarding contributing issues or code.


If you are experiencing a bug, please feel free to file an issue. For general questions, please post them to StackOverflow with the tag node-fhir-server-core or javascript-fhir.


This library makes use of node's path module. This is potentially exploitable in node version 8.5, see here. When deploying this, you need to deploy with a node version later than >7.6 but NOT 8.5.


@asymmetrik/node-fhir-server-core is MIT licensed.