AidboxTopicSubscription NATS tutorial

Last updated 6 hours ago

Was this helpful?

Objectives

Learn how to integrate Aidbox with the NATS message broker
Understand the difference between core NATS and NATS JetStream
Master basic publish/subscribe scenarios with NATS
Set up JWT-based authorization for NATS
Use JetStream for reliable message delivery

What is NATS?

is a high-performance, open-source messaging broker designed for communication between services and microservices. It provides simple and fast message delivery using the publish/subscribe (pub/sub) pattern and supports various interaction scenarios between applications.

JetStream vs Core NATS

Core NATS (nats-core) is a lightweight pub/sub system where messages are delivered to subscribers only at the moment of publishing (best-effort delivery). If a subscriber is offline, the message is lost.

JetStream is an extension of NATS that provides message persistence, replay, and acknowledgment (at-least-once delivery). JetStream allows you to create streams, store messages, manage consumers, and ensure that important events are not lost even in case of failures.

This tutorial explains how to use Aidbox with :

Basic usage.
JWT authorization.
NATS JetStream.

Setting up

Create a directory structure.

Install NATS CLIs: nats-server and nsc.

Start Aidbox.

Now, in AidboxUI, go to FHIR Packages -> io.healthsamurai.topic and make sure that NATS profiles are present.

Basic Usage

Start NATS.

Subscribe to the foo subject.

Check that publishing and subscribing work.

Go to AidboxUI and create a topic that triggers if Patient.name exists.

Create AidboxTopicDestination with http://aidbox.app/StructureDefinition/aidboxtopicdestination-nats-core-best-effort profile.

Create a patient with a name.

See the output in your terminal that the Patient is created.

NATS JetStream

Change working directory.

Create stream.

Publish a message to the stream.

Check the stream saves the message.

The output:

Create AidboxTopicDestination with http://aidbox.app/StructureDefinition/aidboxtopicdestination-nats-jetstream-at-least-once profile.

Create a patient.

Create a stream consumer.

Pull the first available message.

It is our message published from CLI:

Pull next message.

It is the message from Aidbox:the

JWT authentication

Turn off the previous nats-server (Ctrl+C).
Change working directory.

Set up NATS operator to use the generated signing key:

Create APP account and generate a new signed key for it.

Create server.conf and resolver.conf files

Now the server config includes your operator, accounts, and JWT resolver settings.

Upload your APP account to the NATS server, so NATS knows what APP is.

Create user joe and save it in the APP. Joe can publish to subjects that start with "joe".

Do the same to pam. Pam can publish to subjects that start with "pam".

Create user admin that can do everything.

Move creds next to docker-compose.yaml file to mount them to use in Aidbox.

Start NATS server.

Try to push to joe.message using Joe's credentials.

Try to push to pam.message using Joe's credentials.

Access denied, the error:

Create joe-to-pam AidboxTopicDestination. Note that Aidbox, as a Client, has no idea about rights in best-effort mode.

Use Joe's credentials to publish to joe subject.

From your terminal, subscribe to joe.message from admin.

You can try to subscribe to the subject using Joe's or Pam's credentials, but they do not have the right to do so.

Post the patient with a name.

See the output in the terminal. The error from joe-pam TopicDestination trying to publish without rights:

Last updated 6 hours ago

Was this helpful?