Reviving The Health Revolution » Python

PutThings for OfflineAccess

vaibhavb — Wed, 20 Aug 2008 16:46:57 +0000

Folks trying to talk through raw xml layer with HealthVault have asked this a few times – so i thought I’ll put it up here, thanks to Rob for digging the XML.

The key to do a PutThings for an application in offline mode is the following snippet in the auth-session:


11111111-1111-1111-1111-111111111111

An application with OfflineAccess is ready to publish data in a users record once it successfully does the CreateAuthenticateSession call. Here is a sample PutThings call:



Ax4hxwu+7BAkrH62g8tUvjNzpEQ=


PutThings
1
22210250-3d35-4170-bffa-514e12e7f925

ASAAAEJsFrdImoBPhEuDFRUObCKOvcbsicri3tSAaYRo+dQIg1Rsl9/Au7pM2YYfTdN2z0VlRnz4G5iCaSjXIFQGiG98qmaKy8IMt63b1FMahGKC13JVjpBA7LOAvKgpOkv7GJm7xrUlEyQWwSL39dzMTcuiyLB12hugNYIBB9r8pYOJhlLcD/Y0lEDHMTH+XbqZXSdF0SAoq60OWEXkPhTeaKrN8fNq
11111111-1111-1111-1111-111111111111

en
US
2008-08-13T00:24:58.126-07:00
60
0.0.0.1

v08Nd7MFCdO8aDwIOFJvU/0TpWw=




3d34d87e-7fc1-4153-800f-f56592cb0d17


200881302458777777

Related Article: Whats Under the hood of HealthVault SDK

Lighting it up!

vaibhavb — Mon, 02 Jun 2008 10:24:19 +0000

Alrite now that you have the firewood (application auth token) and the firestarter (user auth token) how can we start the fire (get details user’s record).

Well first of all congratulations! most of the hard part is done!! Just a few more nitty gritty tricks though! In order to get the details about a user’s health record, you need to use a method GetPersonInfo.

The XML for GetPersonInfo look like this:



  da9WYaQGEoseAYDOhJv2cwNIEVg=


GetPersonInfo
1

ASAAADNt1Jwbx85MgH9vkWzAINBxBWQFCtQ+osTzGw/I0Ty27OhKFCXUb83dxI5/M2mtGYymc1gKx6qwsWEtw31ZV/tyscJwmc5dNT2o2nYJcFTf1vfi/L4R5V68ckxFrd48Rz4jhU9Yg6lDhNTymCsJSDiVJCKLqKwcHcr/QSTsytRpVXBK7LpAVBicjC3OPGCEg4XE/UGwM7ZDAXlR4AR+emiHBaPOzSQD9iYMYxAyDBYZPde8N+rDv58zFw9pjDLJJIwvhXOOLahhFvX/n5DqwAb+BpdTlE19x5P/B67kKie/zDtEYWHEXHMhX+KNdvrxdm17l5pwt8JShIGimbXgAcZEFTiPVOW77mCgDxpc0U2ykcG7RVqXKTA3Gqt42OZf9aCuzq/J0wHOTLQvdx1ZYVOxo7+1TpMaW+13Fz5/jgOHR7hJZ/DPUIcKfCYdHS7phQ3r60nOReUl2qeq7rDvDmGQBWPjcCrT7CuQRSgZlyUpAav4DiFJtKh9U5DbJ5VW80dUAqcxamulklTxSR75Sb6v0X4T8B2zbfmVl+HtcupUIuz66Q==
ASAAAE57vlXwS8VDupO6/FSWlMZR+OL02JQyhWvlesegc/J6f7XGgJq4xRW1WIWc7ZXufY9U1cAFeQMDF9pAvmNG1/1KGlp7FFFBdrUMk7gJLPpdTYkQeDMdp8UXcXNht+U6hJzpI7plchQKvpBMFeBj1XMOC15fLXRyfRFpD3RaIF66awgUVw==

en
US
2008-06-01T02:44:16.73Z
1800
0.9.1712.2902

1mWxpY+leClypXQzPvDBLFIBDpI=

So now do we go about concoting the seemingly complicated xml above. Well we already have the token and wctoken from our previous CreateAuthenticatedSession and Shell -redirect. Use the token for the auth-token in line 9 and the wctoken as user-token in line 10.

Most of the elements in the header section are straight forward. The one to comment about is hash-data (line 18). The hash in this case is SHA-1 hash of the info section. Matter of fact our info section is empty so that make sure that the SHA-1 hash is done right. In ruby i do it the following way (using OpenSSL):

  def self.doSha1(text)
    Base64.encode64(OpenSSL::Digest::SHA1.digest(text)).chomp
  end

Now the interesting part – whats this auth on line 2? Well auth is a HMAC of header (line 5-20) section. Remember we generated the shared secret in CreateAutheticatedSession method? Now use that secret to do a HMAC digest for the header. In ruby i do it the following way:

  def self.doHmac(secret, payload)
    key = Base64.decode64(secret)
    hashmac = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA1.new(key), key, payload)
    Base64.encode64(hashmac).chomp
  end

secret is the shared secret used for createauthenticationtoken.

Now the fun part,caveats:

Don’t leave any white spaces between you xml tags. HealthVault behaves weird sometime when their is white space.
If you are getting an error saying code 3 (which implied invalid xml) and you are sure that your xml is correct, then most likely your auth section or your hash-data section are not proper. Which in turn implies that your HMAC-ing or SHA-1 hashing is a little off. The best way to actually resolve this is to first write tiny parts which make sure that the HMAC /SHA-1 is same for a known successfully call. You can get the xml for such a call from HealthVault SDK, the process is described here. However for ease of testing i’m appending know good calls below.

PLEASE NOTE: Remove all the white-space between tags before testing your crypto functions to match the result seen here. I have put the white space for readability.

CreateAuthenticatedSessionToken (for SharedSecret)



CreateAuthenticatedSessionToken
1
05a059c9-c309-46af-9b86-b06d42510550
en
US
2008-06-01T02:44:16.21Z
1800
0.9.1712.2902



05a059c9-c309-46af-9b86-b06d42510550

b2uCbONZDGj8jDYhz3e5PcJfugPQTHOsOvpZ6kA9uG5XzQXV+EHtXtTDAbwHbFyNozC1uR7uZwgi44pfgw4NyQp8LO2PwI9E7pOx/Ho7+6siY41sjI5+frhq2fcj8iljpG8EK07WGDuf4JeFg5yc8IWjHHtUwabpdPVJWYLi18+Gk7AaFfCuM1iQwFbBSWWMyckCe3V48JaCZcNVcS/XuJJovFdsM9QnZ1CwrQaaBB/evf1u1YGM3fXpVeCjVWPXpHiu3WWVVsJ5aURtCzGvXJe9R7Gh10sYDSG6wC/CJvcBSJlRCpacA1qds2gcMCBwO+iDCPY3I15+FbM0E9D+Qw==

05a059c9-c309-46af-9b86-b06d42510550
RXziN4RDYIu89cu+cOp4POLhKUCSUb0sPsV9yaz8m6BfJxjpDNUBRUF5MU3OJMJ7DH0FPXg8HFuahbvSz1HxG1Q6MlahpHAmUkXNBJ0zcrKvcH3+NiS3qD26FkpLXsvzjNv/QSxwqRMpYnDhY11RkUkOvz2M2Ybg9H5aEe7RpfYCYwEAudpj05J2KEFMP2WO1Q6Kz8hjIhf2QdswgzvLueUQ2ajG8Al9DvpGWLKl4dGNqnY1/FUnJOZq/nPivTYHYOcH/qpC5euWIt7bU6hXRehAIC9IYTbHG32jLBoIxhM79Wtj2sRdn4j3SBk/QVqQNXyPrAgFIzmtR7CSaN393A==

OpenSSL and working with HealthVault

admin — Wed, 26 Mar 2008 01:42:32 +0000

This is my first post in an N-series indulgence in trying to evaluate HealthVault to work with Ruby On Rails or Pythons DJango. As you know we HealthVault released a Java library – and it works in a platform independant fashion on most of platforms. I will attempt to outline some of the challenges here lets starting with -

Step 1: Authentication & Authorization -

Support for Crytography – RSA and Hash Method Authenticaion Code (SHA1/ SHA256)
- The Java library comes with Sun’s implementation of the above Java.Security. However in LAMP/R world the only respectable alterative is OpenSSL.
- While Java is everywhere but you might have to install your flavor of OpenSSL in addition to the web-framework. However having a robust framework makes rest of work easy.
Exporting the private key from Windows generated pfx certificate to be used with one of the offerings.
- While in theory it should just work but their are some format issues which will need to be dealt with getting key material to be used with the above option.

I’m going to try the Step 1 with Python & OpenSSL and lets see where I go with it.

Next Part: Talking to the public methods of healthvault platform.

Querying HealthVault with "Where" clauses!

admin — Thu, 27 Dec 2007 04:20:00 +0000

HealthVault give me all height measures greater than 1.7m

One can use the XPath attribute of the filter to do the specific queries on the healthvault search items.

Here is an example, which gives you all the height items greater than 1.7 m :

HealthRecordSearcher searcher = PersonInfo.SelectedRecord.CreateSearcher()
HealthRecordFilter filter = new HealthRecordFilter(typeID);
filter.XPath = "/thing/data-xml/height/value/m[.>=1.7]";
searcher.Filters.Add(filter);
HealthRecordItemCollection items = searcher.GetMatchingItems()[0];

Please note that the XPath tag doesnot support recursive XPath queries.

Easiest way to construct the queries is first find the HealthRecordItem you want to filter, identify its XML via the GetItemXml() and then use that structure to construct your XPath query. The following is the Xml for Height -


a891edda-48c3-4783-83d7-c3594a514739

40750a6a-89b2-455c-bd8d-b420a4cb500b
Active  2007-12-26T19:43:14Z                              2007          12          26                          19          43          14              

        1.9405395758527

Hope this helps, I’ll post more on this in case there is interest.

Update: Eric wrote a tool to help with this, more details are here.