Integrating Electronic Medical Records (EMRs) with other software systems has long been a frustrating experience. Many EMRs offer only the bare minimum of API access– just enough to meet regulatory requirements, and almost exclusively read only. Need to fetch deeper insights? You’ll likely face rigid, complex APIs. Want to write data back into the EMR? Good luck.
But it doesn’t have to be this way.
At Canvas, we believe software should empower healthcare organizations– not hold them back. That’s why we’re continuously expanding the capabilities of our industry-leading platform, making it easier to integrate tools, automate workflows, and build seamless digital experiences.
Now, with the latest enhancement to the Canvas SDK, you can define and manage your own custom HTTP API endpoints – right within your Canvas instance. This means you’re no longer restricted to predefined APIs. You can now read and write data in ways that fit your workflows without extra infrastructure or workarounds.
Why Custom API Endpoints Matter
Healthcare organizations rely on a growing ecosystem of digital tools including internal apps, external systems, automation platforms, and more. When working with most EMRs, organizations do not have any ability to write data into the EMR through an API. They have to jump through hoops or use some very confusing, non-scalable proprietary solution.
Canvas on the other hand offers more writeable FHIR endpoints than almost all other EMRs but the reality is FHIR can be hard to use and not all systems use FHIR-based APIs. FHIR is a powerful interoperability standard but it’s not always the right tool for every interface, data format, or workflow. The intention behind the design of FHIR was for system synchronization. It can be overly rigid for transactional use cases between disparate systems of record. Again, organizations often have to build and maintain separate services just to translate data between formats.
With custom API endpoints in the Canvas SDK, you can launch a serverless application inside your Canvas instance. This means:
✅ No infrastructure overhead – Reduce costs and complexity by running APIs without managing servers.
✅ Faster development cycles – Deploy and iterate quickly without worrying about hosting or scaling.
✅ Flexibility in data models – Work with the structure that best fits the application, without being tied to FHIR’s opinionated format or some other standard.
With custom API endpoints in Canvas, you’re no longer locked into a one-size-fits-all approach. You can define APIs that work the way your organization needs - without extra infrastructure or unnecessary constraints.
How It Works
With the Canvas SDK, you can define secure, authenticated API endpoints using standard HTTP methods (GET, POST, PUT, DELETE, PATCH).
Creating an API endpoint is as simple as writing a few lines of code:
from canvas_sdk.effects.simple_api import JSONResponse, Response
from canvas_sdk.handlers.simple_api import APIKeyCredentials, SimpleAPIRoute
class HelloWorldAPI(SimpleAPIRoute):
PATH = "/hello-world"
def authenticate(self, credentials: APIKeyCredentials) -> bool:
return credentials.key == self.secrets["my-api-key"]
def get(self) -> list[Response]:
return [JSONResponse({"message": "Hello world!"})]
Once deployed, this endpoint is securely accessible and returns a JSON response.
A Real-World Example
Let’s say your CRM flags a patient’s email as undeliverable. Instead of manually handling this, you can configure your CRM to notify Canvas via a custom webhook. Canvas can then automatically create a task for the care team to verify the patient’s contact info:
import arrow
from canvas_sdk.effects.simple_api import JSONResponse, Response
from canvas_sdk.handlers.simple_api import APIKeyCredentials, SimpleAPIRoute
from canvas_sdk.v1.data import Patient
from canvas_sdk.effects.task import AddTask, TaskStatus
class EmailBounceAPI(SimpleAPIRoute):
PATH = "/crm-webhooks/email-bounce"
def authenticate(self, credentials: APIKeyCredentials) -> bool:
return credentials.key == self.secrets["my-api-key"]
def post(self) -> list[Response]:
patient = Patient.objects.get(mrn=self.request.json()['mrn'])
five_days_from_now = arrow.utcnow().shift(days=5).datetime
task_effect = AddTask(
patient_id=patient.id,
title="Please confirm contact information.",
due=five_days_from_now,
status=TaskStatus.OPEN,
labels=["CRM"],
)
return [task_effect.apply(), JSONResponse({"message": "Task Created"})]
With this setup, the care team is automatically alerted to follow up with the patient– no manual tracking required.
Security & Authentication
When it comes to healthcare data, security is a top priority. The Canvas SDK provides built-in authentication mechanisms, including:
🔒 API key authentication
🔒 Basic authentication
🔒 Bearer authentication
Developers can also use secrets stored in Canvas or integrate with external authentication providers to meet specific security needs.
Unlock the Full Potential of Canvas
By enabling custom API endpoints, Canvas now gives organizations the power to:
✅ Build custom front-end applications that securely interact with EMR data.
✅ Enable real-time data exchange with external systems.
✅ Automate workflows to reduce administrative burden and improve efficiency.
This is a game-changer for care delivery organizations looking to innovate– without being held back by legacy API limitations.
Ready to get started? Check out our documentation to access a sandbox and start building your own custom API endpoints today.
You may be wondering, 'If a plugin using SimpleAPI can return JSON, can it return other types of content, like, say, HTML?' Of course it can. In a future blog post, we'll show how you can develop and deploy an entire web application within your Canvas plugin. Yes, an entire web application. Why would anyone want to deploy an entire web application within Canvas? Don’t worry, we have some thoughts. Stay tuned!
