Luke Stevens, Murdoch Children's Research Institute https://www.mcri.edu.au

https://github.com/lsgs/redcap-redcap-rest

An external module enabling REDCap to send outbound API calls when saving data entry or survey forms and specified conditions are met. This can facilitate copying of data from your REDCap project to another application via its API, or to another REDCap project in either the same or a different instance of REDCap.

v1.4.0 introduces the facility for configuring sensitive configuration such as API or Autorization tokens at system level rather than hard-coding tokens into project module configuration. Use the placeholder [token-ref:someref] in place of your sensitive configuration value, and have your system administrator configure someref at system level. Tokens configured this way are also masked in logging.

• Initial implementation is of outbound API calls only.
• Initial implementation does not facilitate authentication mecahnisms like OAuth2.

Multiple outbound API messages can be configured via the External Modules Configure dialog.

Enabled?

• Check to enable a message.

Trigger form(s)

• One or more instruments for which the current message will be triggered.

Trigger condition

• Optional: REDCap logic expression that must evaluate to true for the current record in order for the message to be generated. Leave empty to always send on saving the trigger form(s).

Destination URL

• The URL of the endpoint the message will be sent to. Piping supported.

https://consentmgt.ourplace.org/api/record/[record_id]

Payload

• Optional: Textarea for specifying the form of the payload in JSON format. Piping supported, including of references to system-level token configuration.

{
  "consent": [consent],
  "consent_date": "[consentdt]"
}

Content Type

• Optional Option to specify an alternative to 'application/json'.

Additional Headers

• Optional Additional headers along with Content-Type and Content-Length. Piping supported.

cURL Options

• Optional Key-value pairs for cURL settings, one pair per line in the notes box. Piping supported.

Capture of Return Data

API response data can be captured into fields within the same event as the triggering form.

Result Field

• Optional Select a field (e.g. a Notes-type field) in which to store the entire response (useful for debugging or for extracting values from complex reposnses using JavaScript).

Response HTTP Code

• Optional Record the HTTP code of the response to this field (useful for controlling behaviour based on success or otherwise of the API call).

Map JSON Response Data to Fields

• Optional, Repeating For JSON reponses, enter a property value to find in the response and a corresponding field name into which the property's value will be stored.

Call a REDCap API endpoint to obtain the value of field [fieldtogetvaluefor] for the record id piped in from field [recordtofind]:

• Destination URL: https://redcap.someplace.edu/api/
• HTTP Method: POST
• Payload form: token=[token-ref:my-project-123-token]&content=record&type=flat&format=json&records=[recordtofind]&fields[]=record_id&fields[]=fieldtogetvaluefor
• Content Type: application/x-www-form-urlencoded (note not application/json)

Obtain published details of a clinical trial identified using its ANZCTR ID (piped into paylod using [anzctrid]):

• Destination URL: https://www.anzctr.org.au/WebServices/AnzctrWebservices.asmx
• HTTP Method: POST
• Payload form:

<?xml version="1.0" encoding="utf-8"?>
<soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
  <soap12:Body>
    <AnzctrTrialDetails xmlns="http://anzctr.org.au/WebServices/AnzctrWebServices">
      <ids>[anzctrid]</ids>
    </AnzctrTrialDetails>
  </soap12:Body>
</soap12:Envelope>

• Content Type: application/soap+xml; charset=utf-8

Send a payload to an API endpoint secured with Basic Auth, uncluding an encoded token as an HTTP header:

• Destination URL: https://deep.thought.org/endpoint/
• HTTP Method: POST
• Payload form:

{ "answer":42 }

• Content Type: application/json
• Additional headers: Authorization: Basic SWYgdGhhdCdzIHRoZSBhbnN3ZXIsIHdoYXQgaXMgdGhlIHF1ZXN0aW9uPw== or, better:
• Additional headers: Authorization: Basic [token-ref:my-basic-auth-token]

Configure sensitive configuration such as API or Autorization tokens at system level rather than hard-coding tokens into project module configuration. Use the placeholder [token-ref:someref] in place of your sensitive configuration value, and have your system administrator configure someref at system level. Tokens configured this way are also masked in logging.

Token Reference

• Arbitrary unique reference or key for each token. Reference in project module settings in piping-style form as [token-ref:xyz] where xyz matches this reference.

Token Destination URL

• Token will only be used for requests to the specified URL. (Helps prevent exposure of token by directing requests to an arbitrary URL.)

Token Lookup Option

• Choose whether to specify the sensitive value or look up an API token for a project and user in the current instance of REDCap.
• Lookup: Read the token belonging to the specified user in the specified project.
• Specify: Enter the sensitive value directly.

Token Lookup Option "Lookup": Project

• The project to read a REDCap API token from.

Token Lookup Option "Lookup": Username

• The user to read a REDCap API token from.

Token Lookup Option Specify

• The specific value to utilise where configured, e.g. a token for Basic Authentication with an external API.