HTTP Destination

The HTTP destination sends processed messages to any HTTP or REST endpoint. It supports multiple authentication schemes, configurable retry policies, and mutual TLS — making it suitable for everything from internal microservices to external FHIR servers.

Configuration

Add an HTTP destination to a channel in intu.yaml:

destinations:
  - name: fhir-server
    type: http
    properties:
      url: "https://fhir.example.com/Patient"
      method: POST
      headers:
        Content-Type: "application/fhir+json"
        X-Correlation-Id: "${messageId}"
      timeout_ms: 30000

Properties

Property	Type	Default	Description
url	string	(required)	Target URL. Supports ${VAR} environment variable substitution.
method	string	POST	HTTP method — GET, POST, PUT, PATCH, DELETE.
headers	map	{}	Key-value pairs sent as request headers. Values support ${VAR} substitution.
timeout_ms	integer	30000	Request timeout in milliseconds.

Authentication

Configure authentication under the auth block. Four schemes are supported.

Basic

auth:
  type: basic
  username: "${HTTP_USER}"
  password: "${HTTP_PASS}"

Bearer Token

auth:
  type: bearer
  token: "${API_TOKEN}"

API Key

auth:
  type: api_key
  header: X-API-Key
  value: "${API_KEY}"

OAuth 2.0 — Client Credentials

auth:
  type: oauth2
  token_url: "https://auth.example.com/oauth2/token"
  client_id: "${OAUTH_CLIENT_ID}"
  client_secret: "${OAUTH_CLIENT_SECRET}"
  scopes:
    - "system/Patient.write"
    - "system/Observation.write"

Intu automatically fetches and caches the access token, refreshing it before expiry.

Tip

Use the OAuth 2.0 client credentials grant for FHIR server-to-server integrations. Most SMART Backend Services implementations require this flow.

TLS

Property	Type	Default	Description
insecure_skip_verify	boolean	false	Skip server certificate verification. Not recommended for production.
ca_cert	string	—	Path to a custom CA certificate file (PEM).
client_cert	string	—	Path to the client certificate for mutual TLS.
client_key	string	—	Path to the client private key for mutual TLS.

tls:
  ca_cert: "/etc/intu/certs/ca.pem"
  client_cert: "/etc/intu/certs/client.pem"
  client_key: "/etc/intu/certs/client-key.pem"

Retry

Configure retry behaviour under the retry block.

Property	Type	Default	Description
max_attempts	integer	3	Total number of attempts (including the initial request).
backoff	string	exponential	Strategy: constant, linear, or exponential.
initial_delay_ms	integer	1000	Delay before the first retry.
max_delay_ms	integer	30000	Upper bound on delay between retries.
jitter	boolean	true	Add random jitter to avoid thundering-herd effects.
retry_on	list	[500, 502, 503, 504]	HTTP status codes that trigger a retry.
no_retry_on	list	[]	Status codes that should never be retried, even if they appear in retry_on.

Complete Example

An HTTP destination with OAuth 2.0 authentication and custom retry policy:

destinations:
  - name: fhir-patient-feed
    type: http
    properties:
      url: "https://fhir.hospital.org/r4/Patient"
      method: POST
      headers:
        Content-Type: "application/fhir+json"
        Accept: "application/fhir+json"
      timeout_ms: 15000
    auth:
      type: oauth2
      token_url: "https://auth.hospital.org/oauth2/token"
      client_id: "${FHIR_CLIENT_ID}"
      client_secret: "${FHIR_CLIENT_SECRET}"
      scopes:
        - "system/Patient.write"
    tls:
      ca_cert: "/etc/intu/certs/hospital-ca.pem"
    retry:
      max_attempts: 5
      backoff: exponential
      initial_delay_ms: 500
      max_delay_ms: 15000
      jitter: true
      retry_on: [500, 502, 503, 504, 429]