Azure Health Data Services

GraphQL and RBAC for Azure Health Data Services

Fire Arrow Core is the stateless edition. It authenticates the caller, resolves them to a FHIR identity, applies authorization rules, and forwards permitted requests to your existing FHIR service. No FHIR data lives in Core.

Read Fire Arrow Core docs

Who this is for

Azure-native healthcare teams that already use or plan to use Azure Health Data Services.

Clinical applicability

An enterprise can keep PHI in Azure Health Data Services while a patient app uses Core's GraphQL endpoint to read scoped data, and a clinician app uses GraphQL writes against the same authorization layer.

Where Core sits in the request path

Client app calls Core. Core validates the OAuth token, resolves the identity to a FHIR resource, runs the rules, and either rejects the request or forwards it to the upstream FHIR service. Core also exposes a GraphQL endpoint that supports both reads and writes (in contrast to Server's read-only GraphQL). Pre-request, post-request, and pre-response hooks let you add custom validators or enrich responses without modifying the upstream server.

Operational profile: a Docker container of about 100-200 MB resident memory per instance. No database. No state. Works with Azure Health Data Services, HAPI FHIR, or any FHIR R4-compliant server.

What Core does and does not do

Core handles authentication, identity resolution, role-based authorization, GraphQL, and webhook-based custom logic. It does not store FHIR data, materialize CarePlans into Tasks, host FHIR Subscriptions internally, or issue durable API tokens. Those features require Fire Arrow Server, where the data layer is part of the deployment.

Property filters on Core run through webhook filter chains rather than directly on validation rules. The validator set on Core covers `Allowed`, `Forbidden`, all compartment validators, `GeneralPractitioner`, `OrganizationCompartment`, and `LegitimateInterest`, with one inclusion parameter per resource per validator.

Related docs

Related pages

FAQ

Is Fire Arrow Core an Azure marketplace extension?

No. Core is a deployable container that you run in your own Azure subscription (or any other environment). It connects to Azure Health Data Services like any other FHIR client would.

Do I have to use Azure Health Data Services?

No. Core works with any FHIR R4-compliant server. Azure Health Data Services is one common upstream choice; HAPI FHIR or a vendor FHIR service are equally valid.

Can I switch from Core to Server later?

Yes. The authorization model is the same. Migrating means moving FHIR data into Server's HAPI JPA store and adopting the workflow features (scheduling, subscriptions, API tokens) that Server adds.