FHIR Error API Policy

(1 review)
Policy to add OperationOutcome to error messages



The FHIR Error API custom policy is a component of MuleSoft Accelerator for Healthcare.

MuleSoft Accelerator for Healthcare enables healthcare providers to unlock critical patient data to build a patient 360, faster and easier than ever before. The solution also provides a library of United States Core Data for Interoperability (USCDI) and FHIR R4 resources to help healthcare developers adhere to interoperability needs and jumpstart the development of healthcare digital transformation initiatives.

This FHIR Error API policy can be used to capture error responses and format them in an FHIR OperationOutcome-compliant format. This policy can also be used with other out-of-the-box API policies provided in Anypoint Platform, such as OAuth or JWT.

Why is this policy required?

Anypoint Platform's out-of-the-box (OOTB) policies do not provide error messages in an FHIR-compliant format. For example, when an authentication/authorization failure occurs, the OAuth Access Token Enforcement Policy returns the following message:

There was an authentication error

Since this is not OperationOutcome-compliant, you can instead use this policy to send FHIR-compliant responses from other OOTB policies.

Sample response

   "resourceType": "OperationOutcome",
   "issue": [
         "severity": "error",
         "code": "security",
         "details": {
            "text": "There was an authentication error"

Publishing the policy

  1. Log into the Anypoint Platform.
  2. Navigate to Anypoint Exchange.
  3. Locate the FHIR Error API Policy.
  4. Click the 'Download as Custom file' option:resources/image-87fbf466-bb21-4c15-8fcd-3639a816ba91.png
  5. Unzip the asset to an empty directory.
  6. Using the command line, open the unzipped folder.
  7. Ensure the local maven settings.xml file has a server entry corresponding to exchange-server, which should enlist a user with Anypoint Exchange Contributor permissions:
    exchange-server platform\_user password
  8. Run the script provided by providing the Exchange organization id as the parameter:
    ./deploy.sh some-org-id-value


If additional error types need to be handled by this custom policy, modify the policy's template.xml file.

Chain policies in API Manager

API Manager can be used to chain policies to return OperationOutcome format errors from other OOTB policies. The FHIR Error API Policy should be applied first, followed by other authentication/quality of service policies to achieve the required goal.


We encourage you to explore these assets and let us know what you think. If you have any questions or feedback, email us at solutions-hc-questions@mulesoft.com. You can also engage with other users on the MuleSoft Forum, and submit ideas in the Ideas Portal.


Published by
MuleSoft Organization
Published onSep 18, 2020
Asset overview

Asset versions for 1.0.x

Asset versions