Additional settings for Azure API for FHIR

Important

Azure API for FHIR will be retired on September 30, 2026. Follow the migration strategies to transition to Azure Health Data Services FHIR® service by that date. Due to the retirement of Azure API for FHIR, new deployments won't be allowed beginning April 1, 2025. Azure Health Data Services FHIR service is the evolved version of Azure API for FHIR that enables customers to manage FHIR, DICOM, and MedTech services with integrations into other Azure services.

In this how-to guide, we review additional settings you may want to set in your Azure API for FHIR®.

Configure Database settings

Azure API for FHIR uses a database to store its data. Performance of the underlying database depends on the number of Request Units (RU) selected during service provisioning, or in database settings after the service has been provisioned.

Throughput must be provisioned to ensure that sufficient system resources are always available for your database. How many RUs you need for your application depends on the operations you perform. Operations can range from simple read and writes to more complex queries.

For more information on how to change the default settings, see configure database settings.

Access control

Azure API for FHIR only allows authorized users to access the FHIR API. You can configure authorized users through two different mechanisms. The primary (and recommended) way to configure access control is using Azure role-based access control (Azure RBAC), which is accessible through the Access control (IAM) blade. Azure RBAC only works if you want to secure data plane access using the Microsoft Entra tenant associated with your subscription. If you wish to use a different tenant, the Azure API for FHIR offers a local FHIR data plane access control mechanism. The configuration options aren't as rich when using the local RBAC mechanism. For details, choose one of the following options:

Enable diagnostic logging

You may want to enable diagnostic logging as part of your setup to be able to monitor your service and have accurate reporting for compliance purposes. For details on how to set up diagnostic logging, see our how-to-guide, which also provides some sample queries.

Use custom headers to add data to audit logs

In the Azure API for FHIR, you may want to include additional information in the logs, which comes from the calling system. To include this information, you can use custom headers.

You can use custom headers to capture several types of information, including the following.

  • Identity or authorization information
  • Origin of the caller
  • Originating organization
  • Client system details (electronic health record, patient portal)

To add this data to your audit logs, see the Use Custom HTTP headers to add data to Audit Logs how-to-guide.

Next steps

In this how-to guide, you set up additional settings for the Azure API for FHIR.

Next check out the series of tutorials to create a web application that reads FHIR data.

Note

FHIR® is a registered trademark of HL7 and is used with the permission of HL7.