1 of 75

9.x

Introduction

Snow Owl® is a highly scalable terminology server with revision-control capabilities and collaborative authoring platform features. It allows you to store, search, and author high volumes of terminology artifacts quickly and efficiently.

Example use cases

You work in the healthcare industry and are interested in using a terminology server for browsing, accessing, and distributing components of various terminologies and classifications to third-party consumers. In this case, you can use Snow Owl to load the necessary terminologies and access them via FHIR and proprietary APIs.
You are responsible for maintaining and publishing new versions of a particular terminology. In this case, you can use Snow Owl to access collaboratively and author the terminology content and at the end of your release schedule publish it with confidence and zero errors.
You have an Electronic Health Record system and would like to capture, maintain, and query clinical information in a structured and standardized manner. Your Snow Owl terminology server can integrate with your EHR server via standard APIs to provide the necessary access for both terminology binding and data processing and analytics.

Generic core functionality and SNOMED CT tooling are open-source, all other features require a license.

Features

Revision-controlled authoring and distribution

Maintains multiple versions (including unpublished and published) for each terminology artifact and provides APIs to access them all
Independent work branches offer work-in-progress isolation, external business workflow integration, and team collaboration

SNOMED CT and others

SNOMED CT terminology support
- RF2 Release File Specification as of 2024-05-01
- Support for Relationships with concrete values
- Official and Custom Reference Sets
With its modular design, the server can maintain multiple terminologies (including local codes, mapping sets, and value sets)

Various sets of APIs

Dedicated SNOMED CT, ATC, ICD-10, LOINC, Local Code System, Value Set, and Concept Map APIs

Highly extensible and configurable

Simple to use plug-in system makes it easy to develop and add new terminology tooling/API or any other functionality

Full-text search and data storage

- Connect to your existing cluster or use the embedded instance (supports up to Elasticsearch 8.x)
- All the power of Elasticsearch is available (monitoring, analytics, and many more)

Acknowledgments

Numerous other organizations have directly or indirectly contributed to Snow Owl, including:

Singapore Ministry of Health
American Dental Association
University of Nebraska Medical Center (USA)
Federal Public Service of Public Health (Belgium)
Danish Health Data Authority
Health and Welfare Information Systems Centre (Estonia)
Department of Health (Ireland)
New Zealand Ministry of Health
Norwegian Directorate of eHealth
Integrated Health Information Systems (Singapore)
National Board of Health and Welfare (Sweden)
eHealth Suisse (Switzerland)
National Library of Medicine (USA)

Quick Start

This guide shows you how to quickly set up a Snow Owl deployment using docker to store, search, and edit any healthcare terminology data. Start here if you are interested in evaluating its core features.

TL;DR

Here is how to deploy Snow Owl in less than a minute:

Prerequisites

To initiate a Snow Owl deployment, the only requirements are:

a terminal

Supported architectures

Start your deployment

Once the clone is finished find the directory containing the compose example:

While in this directory start the services using docker compose:

The service snowowl listens on localhost:8080 while it talks to the elasticsearch service over an isolated Docker network.

To stop the application, type docker compose down. Data volumes/mounts will remain on disk, so it's possible to start the application again with the same data using docker compose up.

A default user is configured to experiment with features that would require authentication and authorization. The username is test and its password is the same.

Here is the full content of the compose file:

Change memory settings

Reducing the memory settings of the docker stack is feasible when Snow Owl is assessed with limited terminologies and basic operations such as term searches. An applicable minimum value should be no less than 2 GB for each service.

The memory settings of Elasticsearch can be changed by adapting the following line in the docker-compose.yml file to e.g.:

The memory settings of Snow Owl can be changed by adapting the following line in the docker-compose.yml file to e.g.:

Check the healthiness of the service

Snow Owl's status is exposed via a health REST API endpoint. To see if everything went well, run the following command:

The expected response is

The response contains the installed version along with a list of repositories, their overall health (eg. "snomed" with health "GREEN"), and their associated indices and status (eg. "snomed-relationship" with status "GREEN").

Create your first Resource

Snow Owl is now running but does not contain any content whatsoever. To be able to import or author terminology data a resource has to be created beforehand. There are three major resource types in the system:

Code Systems (e.g. SNOMED CT, ATC, LOINC, ICD-10)
Value Sets
Concept Maps

For the sake of this quick start guide, we will follow along the path of how to create a SNOMED CT code system, import content and query concepts based on different criteria.

Create a Code System

If we take a look at eg. the list of known code systems, we get an empty result set:

To import SNOMED CT content, we have to create a code system first using the following request:

The request body includes:

The code system identifier (SNOMEDCT)
Various pieces of metadata offering a human-readable title, status, contact information, URL and OID for identification, etc.
The tooling identifier snomed that points to the repository that will store content
Additional code system settings stored as key-value pairs

If the request succeeds the server returns a "204 No Content" response. We can verify that the code system has been registered correctly with the following request:

The expected response is:

In addition to the submitted values, you will find that additional administrative properties also appear in the output. One example is branchPath which specifies the working branch of the code system within the repository.

The code system now exists but is empty. To verify this claim, we can list concepts using either Snow Owl's native API tailored for SNOMED CT or the standardized FHIR API for a representation that is uniform across different kinds of code systems – for the sake of simplicity, we will use the former in this example.

The following request can be used to list all available concepts in a SNOMED CT code system:

The expected response is:

At this point, we can either import or create content in the SNOMED CT code system. Follow the instructions on the next page to import your SNOMED CT RF2 release into Snow Owl.

Import SNOMED CT

Curl will display the entire interaction between it and the server, including many request and response headers. We are interested in these two (response) rows in particular:

The first one indicates that the file was uploaded successfully and a resource has been created to track the progress of the import job, while the second row indicates the location of this resource.

Depending on the size and type of the RF2 package, hardware, and Snow Owl configuration, RF2 imports might take a few hours to complete (but usually less). Official SNAPSHOT distributions can be imported in less than 30 minutes by allocating 6 GB of heap size to Snow Owl and configuring it to use a solid-state disk for the data directory.

The process itself is asynchronous and its status can be checked by periodically sending a GET request to the location returned in the response header:

The expected response while the import is running:

Upon completion, you should receive a different response that lists component identifiers visited during the import as well as any defects encountered in uploaded release files:

Find concepts by ID or term

Search by identifier

curl -u "test:test" 'http://localhost:8080/snowowl/snomedct/SNOMEDCT/concepts/138875005?expand=pt()&pretty'

The response should look something like this:

{
  "id": "138875005",
  "released": true,
  "active": true,
  "effectiveTime": "20020131",
  "moduleId": "900000000000207008",
  "iconId": "snomed_rt_ctv3",
  "score": 0.0,
  "memberOf": [ "900000000000497000" ],
  "activeMemberOf": [ "900000000000497000" ],
  "definitionStatus": {
    "id": "900000000000074008"
  },
  "subclassDefinitionStatus": "NON_DISJOINT_SUBCLASSES",
  "pt": {
    "id": "220309016",
    "term": "SNOMED CT Concept",
    "concept": {
      "id": "138875005"
    },
    "type": {
      "id": "900000000000013009"
    },
    "typeId": "900000000000013009",
    "conceptId": "138875005",
    "acceptability": {
      "900000000000509007": "PREFERRED",
      "900000000000508004": "PREFERRED"
    }
  },
  "ancestorIds": [ ],
  "parentIds": [ "-1" ],
  "statedAncestorIds": [ ],
  "statedParentIds": [ "-1" ],
  "definitionStatusId": "900000000000074008"
}

We used the expand query parameter to include the concept's Preferred Term (PT) in the response. The concept in question is the root concept of the SNOMED CT hierarchy.

Search by term

Snow Owl also allows users to retrieve concepts matching a specific search term or phrase. See what happens if we try to find the concepts associated with the condition "Méniere's disease":

curl -u "test:test" 'http://localhost:8080/snowowl/snomedct/SNOMEDCT/concepts?term=M%C3%A9niere%27s%20disease&expand=pt()&pretty'

This time more than one concept can be present in the response, so we receive a collection of items. Results are sorted by relevance, indicated by the field score:

{
  "items": [ {
    "id": "13445001",
    "released": true,
    "active": true,
    "effectiveTime": "20020131",
    "moduleId": "900000000000207008",
    "iconId": "disorder",
    "score": 3.9305625,
    "memberOf": [ "447562003", "733073007", "900000000000497000" ],
    "activeMemberOf": [ "447562003", "733073007", "900000000000497000" ],
    "definitionStatus": {
      "id": "900000000000074008"
    },
    "subclassDefinitionStatus": "NON_DISJOINT_SUBCLASSES",
    "pt": {
      "id": "178783019",
      "term" : "Ménière's disease",
      "concept": {
        "id": "13445001"
      },
      "type": {
        "id": "900000000000013009"
      },
      "typeId": "900000000000013009",
      "conceptId": "13445001",
      "acceptability": {
        "900000000000509007": "PREFERRED",
        "900000000000508004": "PREFERRED"
      }
    },
    "ancestorIds": [ "-1", "20425006", ..., "1279550006" ],
    "parentIds": [ "50438001" ],
    "statedAncestorIds": [ "-1", "64572001", "138875005", "404684003" ],
    "statedParentIds": [ "50438001" ],
    "definitionStatusId": "900000000000074008"
  }, {
    ...
  } ],
  "searchAfter": "AoIFQAd5LmITGo8wMTA4OTA5MTAwMDExOTEwNQ==",
  "limit": 50,
  "total": 27
}

The total number of matching concepts is shown in the property named total.

Find concepts using ECL

In this example, we list the direct descendants of the root concept using the ECL expression <!138875005 (via the ecl query parameter), and also limit the result set to a single item using the limit query parameter:

curl -u "test:test" 'http://localhost:8080/snowowl/snomedct/SNOMEDCT/concepts?ecl=%3C!138875005&limit=1&pretty'

As no query parameter in this request would make Snow Owl differentiate between "better" and "worse" results (eg. a search term to match), concepts in the response will be sorted by identifier.

The item returned is, indeed, one of the top-level concepts in SNOMED CT: 105590001 |Substance|

{
  "items": [ {
    "id": "105590001",
    "released": true,
    "active": true,
    "effectiveTime": "20020131",
    "moduleId": "900000000000207008",
    "iconId": "substance",
    "score": 0.0,
    "memberOf": [ "723560006", "733073007", "900000000000497000" ],
    "activeMemberOf": [ "723560006", "733073007", "900000000000497000" ],
    "definitionStatus": {
      "id": "900000000000074008"
    },
    "subclassDefinitionStatus": "NON_DISJOINT_SUBCLASSES",
    "ancestorIds": [ "-1" ],
    "parentIds": [ "138875005" ],
    "statedAncestorIds": [ "-1" ],
    "statedParentIds": [ "138875005" ],
    "definitionStatusId": "900000000000074008"
  } ],
  "searchAfter": "AoEpMTA1NTkwMDAx",
  "limit": 1,
  "total": 19
}

The number 19 in property total suggests that additional matches exist that were not included in the response this time.

Next steps

Now that we have our instance up and running, the next step is to understand how to communicate with it. Fortunately, Snow Owl provides very comprehensive and powerful APIs to interact with your instance.

REST API

Among the few things that can be done with the API are as follows:

Perform CRUD (Create, Read, Update, and Delete) and search operations against your terminology resources
Execute advanced search operations such as paging, sorting, filtering, scripting, aggregations, and many others
Administer your instance data
Check your instance health, status, and statistics

Conclusion

Snow Owl is both a simple and complex product. We’ve so far learned the basics of what it is, how to look inside of it, and how to work with it using some of the available APIs. Hopefully, this tutorial has given you a better understanding of what Snow Owl is and more importantly, inspired you to further experiment with the rest of its great features!

Setup and Administration

This guide contains all the necessary details for installing the Snow Owl Terminology Server in a production environment. The following sections will guide you on how to:

Plan your deployment

Technology stack

The technology stack behind the Terminology Server consists of the following components:

The Terminology Server application
Elasticsearch as the data layer
Optional: Authentication/Authorization service
- Either an OpenID Connect/OAuth2.0 compatible external service with JSON Web Token support
- Or an LDAP-compliant directory service
Optional: A reverse proxy handling the requests towards the REST API

Terminology Server

Outgoing communication from the Terminology Server goes via:

HTTP(s) towards Elasticsearch and to the external OpenID Connect/OAuth2 authorization server
LDAP(s) towards the A&A service

Incoming communication is handled through the HTTP port 8080.

A selected reverse proxy channels all incoming traffic through to the Terminology Server.

Elasticsearch

Elasticsearch versions supported by each major version of Snow Owl:

The Elasticsearch cluster can either be:

a co-located, single-node, self-hosted cluster

A&A service

Reverse proxy

With a preconfigured domain name and DNS record, the default installation package can take care of requesting and maintaining the necessary certificates for secure HTTP. See the details of this in the Configuration section.

For simplifying the initial setup process we are shipping the Terminology Server with a default configuration of a co-located Elasticsearch cluster, a pre-populated OpenLDAP server, and an NGINX reverse proxy with the ability to opt-in for an SSL certificate.

Hardware requirements

Snow Owl with a co-located Elasticsearch cluster

For installations where Snow Owl and Elasticsearch are co-located, we recommend the following hardware specifications:

Snow Owl & co-located ES

Cloud

Dedicated

vCPU

Memory

32 GB

I/O performance

>= 5000 IOPS SSD

Disk space

200 GB

Snow Owl with a managed Elasticsearch cluster

Snow Owl

Cloud

Dedicated

vCPU

8 (compute optimized)

Memory

16 GB

I/O performance

OS: balanced disk

TS file storage: local SSD

OS: HDD / SSD

TS file storage: SSD

Disk space

OS: 20 GB

TS file storage: 100 GB

OS: 20 GB

TS file storage: 100 GB

Elasticsearch @ elastic.co

vCPU

8 (compute optimized)

Memory

4 GB

I/O performance

handled by elastic.co

Disk space

180 GB

In case Snow Owl is planned to be used with resource-intensive workloads (large code system upgrades, frequent classification of terminologies, bulk authoring) an 8 vCPU / 4 GB Elasticsearch cluster might not be sufficient. Consider increasing the size of the hosted Elasticsearch instance gradually, so that finding the sweet spot will be straightforward.

Cloud VMs

Here are a few examples of which Virtual Machine types could be used for hosting the Terminology Server at the three most popular Cloud providers (including but not limited to):

Cloud Provider

VM type

GCP

AWS

Azure

Software requirements

Operating System

Here is the list of distributions that we suggest in the order of recommendation:

Ubuntu LTS releases
Debian LTS releases
CentOS 7 (deprecated)

It is possible to install the server release package on other distributions but bear in mind that there might be limitations.

Software packages

Before starting the production deployment of the Terminology Server make sure that the following packages are installed and configured properly:

Docker Engine
ability to execute bash scripts

Firewall

In case a reverse proxy is used, the Terminology Server requires two ports to be opened either towards the intranet or the internet (depending on usage):

http: port 80
https: port 443

In case there is no reverse proxy installed, the following port must be opened to be able to access the server's REST API:

http: port 8080

Configuration

Release package

Terminology Server releases are shared with customers through custom download URLs. The downloaded artifact is a Linux (tar.gz) archive that contains:

an initial folder structure
the configuration files for all services
a docker-compose.yml file that brings together the entire technology stack to run and manage the service
the credentials required to pull our proprietary docker images

As a best practice, it is advised to extract the content of the archive under /opt. So the deployment folder will be /opt/snow-owl. The docker-compose setup will rely on this path, however, if required it can be changed by editing the ./snow-owl/docker/.env file later on (see DEPLOYMENT_FOLDER environment variable).

When decompressing the archive it is important to use the --same-owner and --preserve-permissions options so the docker containers can access the files and folders appropriately.

The next page will describe the content of the release package in more detail.

Folder structure

Here is the list of files and folders extracted from the release package and their role are described below.

snow-owl/
├── backup
├── docker
│   ├── configs
│   │   ├── cert
│   │   │   ├── conf.d
│   │   │   ├── docker-compose-cert.yml
│   │   │   ├── docker-compose.yml
│   │   │   ├── init-certificate.sh
│   │   │   └── nginx.conf
│   │   ├── elasticsearch
│   │   │   ├── elasticsearch.yml
│   │   │   └── synonym.txt
│   │   ├── ldap-bootstrap
│   │   │   ├── 100_groups.ldif
│   │   │   └── 200_users.ldif
│   │   ├── nginx
│   │   │   ├── conf.d
│   │   │   │   └── snowowl.conf
│   │   │   └── nginx.conf
│   │   └── snowowl
│   │       ├── snowowl.yml
│   │       └── users
│   ├── docker-compose.yml
│   ├── docker_login.txt
│   └── .env
├── ldap
├── logs
└── resources
    ├── attachments 
    └── indexes

/docker

Contains every configuration file used for the docker stack, including docker-compose.yml.

In Docker, this directory serves as the context, implying that when executing commands, one needs to either explicitly reference the configuration file or run docker compose commands directly within this directory.

E.g. to verify the status of the stack there are two approaches:

Execute the command inside ./snow-owl/docker:

[root@host docker]# docker compose ps -a

Execute the command from somewhere else then ./snow-owl/docker:

[root@host ~]# docker compose --file /opt/snow-owl/docker/docker-compose.yml ps -a

/docker/configs/cert

This folder contains the files necessary to acquire an SSL certificate. None of the files should be changed here ideally.

/docker/configs/elasticsearch

There is one important file here, elasticsearch.yml which can be used for fine-tuning the Elasticsearch cluster. However, this is not necessary by default, only if an advanced configuration is required.

/docker/configs/ldap-bootstrap

This folder contains the files used upon the first start of the OpenLDAP server. The files within describe a set of groups and users to set up an initial user access model. User credentials for the test users can be found in the file called 200_users.ldif.

/docker/configs/nginx

Location of all configuration files for NGINX. By default, a non-secure HTTP configuration is assumed. If there is no need for an SSL certificate, then the files here will be used. If an SSL certificate was acquired, then the main configuration file of NGINX (nginx.conf) will be overwritten with the one under /docker/cert/nginx.conf.

/docker/configs/snowowl

snowowl.yml: this file is the default configuration file of the Terminology Server. It does not need any changes by default either.

users: list of users for file-based authentication. There is one default user called snowowl for which the credentials can be found under ./docker/.env.

/docker/docker-compose.yml

The main configuration file for the docker stack. This file is replaced in case an SSL certificate was acquired (with file /docker/cert/docker-compose.yml). This is where volumes, ports, or environment variables can be configured.

/docker/docker_login.txt

The credentials to use for authenticating with the B2i private docker registry.

/docker/.env

The collection of environment variables for the docker-compose.yml file.

This is the file to configure most of the settings of the Terminology Server. Including java heap size, Snow Owl or Elasticsearch version, passwords, or folder structure.

/ldap

The location where the OpenLDAP server stores its data.

/logs

Log files of the Terminology Server

/resources

Location of Elasticsearch and Snow Owl resources.

/resources/indexes

This directory serves as the data folder for Elasticsearch, where datasets should be extracted.

/resources/attachments

Snow Owl's local file storage. Import and export artifacts are stored here.

/cert (optional)

In case an SSL certificate is acquired, all the files used by certbot and NGINX are stored here. This folder is automatically created by the certificate retrieval script.

/backup (optional)

This is the initial folder of all backup artifacts. This should be configured as a network mount to achieve data redundancy.

Get SSL certificate (optional)

Having secure HTTP in case the Terminology Server is a public-facing instance is definitely a must. For such cases, we are providing a pre-configured environment and a convenience script to acquire the necessary SSL certificate.

To be able to obtain an SSL certificate the following requirements must be met:

docker and docker compose are installed
the server instance has a public IP address
a DNS A record is configured for the desired domain name routing to the server's IP address

For the sake of example let's say the target domain name is snow-owl.b2ihealthcare.com .

Go to the sub-folder called ./snow-owl/docker/configs/cert. Make sure the init-certificate.sh script has permission to be executable and get some details about its parameters:

[root@host]# pwd
/opt/snow-owl/docker/configs/cert

[root@host]# chmod +x init-certificate.sh
[root@host]# ./init-certificate.sh -h
  DESCRIPTION:

     Get certificate for the specified domain name using Let's Encrypt and certbot

  OPTIONS:
     -h
        Show this help
     -d domain
        Define the domain name to get the certificate for
     -e email (optional)
        The email address to use for the certificate registration

  EXAMPLES:

     ./init-certificate.sh -d mywebsite.com -e example@mail.com
     ./init-certificate.sh -d example.com

As you can see -d is used for specifying the domain name, and -e is used for specifying a contact email address (optional). Now execute the script with our example parameters:

Script execution will overwrite the files under ./snow-owl/docker/docker-compose.yml and ./snow-owl/docker/configs/nginx/nginx.conf. Make a note of any changes if required.

./init-certificate.sh -d snow-owl.b2ihealthcare.com -e domain@b2ihealthcare.com

After successful execution, a new folder is created ./snow-owl/cert which contains all the certificate files required by NGINX. The docker-compose.yml file is also amended with a piece of code that guarantees automatic renewal of the certificate:

  nginx:
    image: nginx:stable
    container_name: nginx
    volumes:
      - ./configs/nginx/conf.d/:/etc/nginx/conf.d/
      - ./configs/nginx/nginx.conf:/etc/nginx/nginx.conf
      - ${CERT_FOLDER}/conf:/etc/letsencrypt
      - ${CERT_FOLDER}/www:/var/www/certbot
    depends_on:
      - snowowl
    ports:
      - "80:80"
      - "443:443"
    # Reload nginx config every 6 hours and restart
    command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
    restart: unless-stopped
  certbot:
    image: certbot/certbot:latest
    container_name: certbot
    volumes:
      - ${CERT_FOLDER}/conf:/etc/letsencrypt
      - ${CERT_FOLDER}/www:/var/www/certbot
    # Check for SSL cert renewal every 12 hours
    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
    restart: unless-stopped

At this point everything is prepared for having secure HTTP, let's see what else needs to be configured before spinning up the service.

Preload dataset (optional)

In certain cases, a pre-built dataset is also shipped together with the Terminology Server. This is to ease the initial setup procedure and get going fast.

This method is only applicable to deployments where the Elasticsearch cluster is co-located with the Terminology Server.

To load data into a managed Elasticsearch cluster, there are several options:

use Snow Owl to rebuild the data to the remote cluster

These datasets are the compressed form of the Elasticsearch data folder which follows the same structure. Except for having a top folder called indexes . This is the same folder as in ./snow-owl/resources/indexes . So to be able to load the dataset one should just extract the contents of the dataset archive to this path.

Make sure to validate the file ownership of the indexes folder after decompression. Elasticsearch requires UID=1000 and GID=0 to be set for its data folder.

Configure Elastic Cloud (optional)

The release package contains everything that is required to use a co-located Elasticsearch instance by default. Only proceed with these steps if a remote Elasticsearch cluster is required.

To configure the Terminology Server to work with a managed Elasticsearch cluster two settings require attention.

Configure Terminology Server

First, the local Elasticsearch container and all its configurations should be removed from the docker-compose.yml file. Once that is done, we have to tell the Terminology Server where to find the cluster. This can be set in the file ./snow-owl/docker/configs/snowowl/snowowl.yml:

repository:
  index:
    socketTimeout: 60000
    clusterUrl: https://my-es-cluster.elastic-cloud.com:9243
    clusterUsername: my-es-cluster-user
    clusterPassword: my-es-cluster-pwd

Configure Elastic Cloud

The Snow Owl Terminology Server leverages Elasticssearch's synonym filters. To have this feature work properly with a managed Elasticsearch cluster our custom dictionary has to be uploaded and configured. The synonym file can be found in the release package under ./snow-owl/docker/configs/elasticsearch/synonym.txt. This file needs to be compressed as an zip archive by following this structure:

.
└── analysis
    └── synonym.txt

Once the bundle is configured and the cluster is up we can (re)start the docker stack. In case there are any troubles the Terminology Server will refuse to initialize and let you know what the problem is in its log files.

System settings

Some settings may require attention before moving to production. While the steps below may not necessitate any action, there are cases where the host running both Snow Owl and Elasticsearch will require fine-tuning.

Configure your host for Elasticsearch requirements

Some system-level settings need to be checked before deploying your own Elasticsearch in production.

Configure your host for Snow Owl requirements

Set permissions for folders and files appropriately

By default, Snow Owl runs inside the container as user snowowl using uid:gid 1000:1000.

If you are bind-mounting a local directory or file:
- ensure it is readable by the user mentioned above
- ensure that settings, data and log directories are writable as well

A good strategy is to grant group access to gid 1000 or 0 for the local directory.

Bind-mount Snow Owl's temporary working folder

In case the file system of the docker service on the host is different from what the Snow Owl deployment uses, it could be worthwhile to bind-mount Snow Owl's temporary working folder to a path that has excellent I/O performance. E.g.:

the root file system / is backed by a block storage that purposefully has lower I/O performance, this is the file system used by the docker service.
the deployment folder /opt/snow-owl is backed by a fast local SSD

The definition of the snowowl service in the docker compose file should be amended like this:

Upgrade Snow Owl

When a new Snow Owl Terminology Server release is available we recommend performing the following steps.

New releases are going to be distributed the same way: a docker stack and its configuration within an archive.

It is advised to decompress the new release files to a temporary folder and compare the contents of ./snow-owl/docker .

[root@host]# diff /opt/snow-owl/docker/ /opt/new-snow-owl-release/snow-owl/docker/
Common subdirectories: /opt/snow-owl/docker/configs and /opt/new-snow-owl-release/snow-owl/docker/configs
diff /opt/snow-owl/docker/.env /opt/new-snow-owl-release/snow-owl/docker/.env
10c10
< ELASTICSEARCH_VERSION=7.16.3
---
> ELASTICSEARCH_VERSION=7.17.1
24c24
< SNOWOWL_VERSION=8.1.0
---
> SNOWOWL_VERSION=8.1.1

The changes usually are restricted to version numbers in the .env file. In such cases, it is equally acceptable to overwrite the contents of the ./snow-owl/docker folder as is or cherry-pick the necessary modifications by hand.

Once the new version of the files is in place it is sufficient to just issue the following commands, an explicit stop of the service is not even required (in the folder ./snow-owl/docker):

docker compose pull
docker compose up -d

Backup and restore

Backup

This method is only applicable to deployments where the Elasticsearch cluster is co-located with the Snow Owl Terminology Server.

The Terminology Server release package contains a built-in solution to perform rolling and permanent data backups. The docker stack has a specialized container (called snow-owl-backup) that is responsible for creating scheduled backups of:

the Elasticsearch indices
the OpenLDAP database (if present)

The OpenLDAP database is backed up by compressing the contents of the folder under ./snow-owl/ldap. Filenames are generated using the name of the corresponding Elasticsearch snapshot. E.g. snowowl-daily-20220324030001.tar.gz.

Backup Window: when a backup operation is running the Terminology Server blocks all write operations on the Elasticsearch indices. This is to prevent data loss and have consistent backups.

Backup Duration: the very first backup of an Elasticsearch cluster takes a bit more time (depending on the size and I/O performance but between 20 minutes - 40 minutes), subsequent backups should take significantly less: 1 - 5 minutes.

Daily backups

Daily backups are rolling backups, scheduled, and cleaned up based on the settings specified in the ./snow-owl/docker/.env file. Here is a summary of the important settings that could be changed.

BACKUP_FOLDER

To store backups redundantly it is advised to mount a remote file share to a local path on the host. By default, this folder is configured to be at ./snow-owl/backup. It contains:

the snapshot files of the Elasticsearch cluster
the backup files of the OpenLDAP database
extra configuration files

Make sure the remote file share has enough free space to store around double the ./snow-owl/resources/indexes folder.

CRON_DAYS, CRON_HOURS, CRON_MINUTES

Backup jobs are scheduled by cron, so cron expressions can be defined here to specify the time a daily backup should happen.

NUMBER_OF_DAILY_BACKUPS_TO_KEEP

This is used to tell the backup container how many daily backups must be kept.

Example daily backup config

Let's say we have an external file share mounted to /mnt/external_folder. There is a need to create daily backups after each working day, during the night at 2:00 am. Only the last two-weeks-worth of data should be kept (assuming 5 working days each week).

BACKUP_FOLDER=/mnt/external_folder
NUMBER_OF_DAILY_BACKUPS_TO_KEEP=10

CRON_DAYS=Tue-Sat
CRON_HOURS=2
CRON_MINUTES=0

One-off backups

It is also possible to perform backups occasionally, e.g. before versioning an important SNOMED CT release or before a Terminology Server version upgrade. These backups are kept until manually removed.

To create such backups the following command needs to be executed using the backup container's terminal:

root@host:/# docker exec -it backup bash
root@ad36cfb0448c:/# /backup/backup.sh -l my-backup-label

The script will create a snapshot backup of the Elasticsearch data with a label snowowl-my-backup-label-20220405030002 and an archive that contains the database of the OpenLDAP server with the name snowowl-my-backup-label-20220405030002.tar.gz.

Restore

Using the custom backup container it is possible to restore:

the Elasticsearch indices
the OpenLDAP database (if present)

To restore any of the data the following steps have to be performed:

stop Snow Owl, Elasticsearch, and the OpenLDAP containers (in the folder ./snow-owl/docker):

docker compose stop snowowl elasticsearch ldap

(re)move the contents of the old Elasticsearch data folder:

mv -t /tmp ./snow-owl/resources/indexes/nodes

restart the Elasticsearch container only (keep Snow Owl stopped):

docker compose start elasticsearch

use the backup container's terminal and execute the restore script:
- without any parameters, if only the Elasticsearch indices have to be restored
```
root@host:/# docker exec -it backup bash
root@ad36cfb0448c:/# /backup/restore.sh
```
- with parameter -l in case the Elasticsearch indices and the OpenLDAP database have to be restored at the same time
```
root@host:/# docker exec -it backup bash
root@ad36cfb0448c:/# /backup/restore.sh -l
```
the script will list all available backups and prompts for selection:

root@ad36cfb0448c:/# /backup/restore.sh

################################
Snow Owl restore script STARTED.

#### Verify Elasticsearch snapshot repository ####

Checking existence of repository 'snowowl-snapshots' ...
Repository with name 'snowowl-snapshots' is present, verifying repository state ...
Repository 'snowowl-snapshots' is functional

#### Select backup to restore ####

Found 10 available backups under '/backup'
Please select the backup to restore by choosing the right number in the menu below (hit Enter when the selection was made)

 1) snowowl-daily-20220323030001
 2) snowowl-daily-20220324030001
 3) snowowl-daily-20220325030002
 4) snowowl-daily-20220326030002
 5) snowowl-daily-20220329030001
 6) snowowl-daily-20220330030001
 7) snowowl-daily-20220331030002
 8) snowowl-daily-20220401030002
 9) snowowl-daily-20220402030001
10) snowowl-daily-20220405030002

#?

enter the numerical identifier of the backup to restore and wait until the process finishes
exit the backup container and restart all containers:

root@ad36cfb0448c:/# exit
root@host:/# docker compose up -d

In case only the contents of the OpenLDAP server have to be restored, it is sufficient to just extract the contents of the backup archive to ./snow-owl/ldap and restart the container.

User management

The Snow Owl Terminology Server employs two distinct methods for user management. The primary authentication and authorization service is the LDAP Directory Server, while a secondary option is a file-based database strictly utilized for administrative purposes. The following methods can be applied when granting or revoking user access.

LDAP-based identity provider

This is only applicable to the default deployment setup where a co-located OpenLDAP server is used alongside the Terminology Server.

Apache Directory Studio is an open-source, free application. It is available for different platforms (Windows, macOS, and Linux).

The OpenLDAP server uses port 389 for communication. This is the port that needs to be tunneled through the SSH connection. Here is what the final configuration looks like in PuTTY:

Once the SSH tunnel works, it's time to set up our connection in Apache DS. Go to File -> New -> LDAP Connection and set the following:

Hit the "Check Network Parameter" button to verify the network connection.

Go to the next page of the wizard and provide your credentials. The default Bind DN and Bind password can be found in the Terminology Server release package under ./snow-owl/docker/.env.

Hit the "Check Authentication" button to verify your credentials. Hit Finish to complete the setup procedure.

All users and groups should be browseable now through the LDAP Browser view:

Grant user access

To grant access to a new user an LDAP entry has to be created. Go to the LDAP Browse view and right-click on the organization node, then New -> New Entry:

It is the easiest to use an existing entry as a template:

Leave everything as is on the Object Classes page, then hit Next. Fill in the new user's credentials:

On the final page, double-click on the userPassword row and provide the user's password:

Hit Finish to add the user to the database.

Now we need to assign a role for the user. Before going forward, get ahold of the user's DN using the LDAP Browser view:

Select the desired role group in the Browser view and add a new attribute:

Select the attribute type uniqueMember and hit Finish:

Paste the user's DN as the value of the attribute and hit Enter to make your changes permanent:

Revoke user access

To revoke access the user has to be deleted from the list of users:

And also has to be removed from the role group:

Change credentials

To change either the first or last name, or the password of a user, just edit any of the attributes in the user editor:

File-based identity provider

There is a configuration file ./snow-owl/docker/configs/snowowl/users that contains the list of users with their credentials encrypted. This method of authentication should be used for testing or internal purposes only, users added here will have elevated privileges.

To apply any changes made to the users file the Terminology Server has to be restarted afterward.

Grant user access

To grant access the users file has to be amended with the new user and its credentials. There are several ways to encrypt a password but here is one that is easy and available on most of the Linux variants. The package called htpasswd has to be installed:

htpasswd -nBC 10 my-new-username | head -n1 | sed 's/$2y/$2a/g' >> ./snow-owl/docker/configs/snowowl/users

It will prompt for the password and will amend the file with the new user at the end.

Revoke user access

Simply remove the user's line from the file and restart the service.

Change credentials

Advanced installation methods

This section includes information on how to set up Snow Owl and get it running using standalone installation methods

Java (JVM) Version

Snow Owl is built using Java and requires at least Java 17 to run. Only Oracle’s Java and the OpenJDK are supported.

We recommend installing the latest version in the Java 17 release series. We recommend using a supported LTS version of Java.

The version of Java that Snow Owl will use can be configured by setting the JAVA_HOME environment variable.

Install Snow Owl

Snow Owl is provided in the following package formats:

Using an archive

Snow Owl is provided as a .zip and as a .tar.gz package. These packages can be used to install Snow Owl on any system.

Download and install the `zip` package

The .zip archive for Snow Owl can be downloaded and installed as follows:

wget https://github.com/b2ihealthcare/snow-owl/releases/download/<version>/snow-owl-oss-<version>.zip
wget https://github.com/b2ihealthcare/snow-owl/releases/download/<version>/snow-owl-oss-<version>.zip.sha512
shasum -a 512 -c snowowl-oss-<version>.zip.sha512 # compares the SHA of the downloaded archive, should output: `snowowl-oss-<version>.zip: OK.`
unzip snowowl-oss-<version>.zip
cd snowowl-oss-<version>/ # This directory is known as `$SO_HOME`

Download and install the `.tar.gz` package

The .tar.gz archive for Snow Owl can be downloaded and installed as follows:

wget https://github.com/b2ihealthcare/snow-owl/releases/download/<version>/snow-owl-oss-<version>.tar.gz
wget https://github.com/b2ihealthcare/snow-owl/releases/download/<version>/snow-owl-oss-<version>.tar.gz.sha512
shasum -a 512 -c snowowl-oss-<version>.tar.gz.sha512 # compares the SHA of the downloaded archive, should output: `snowowl-oss-<version>.tar.gz: OK.` 
tar -xzf snowowl-oss-<version>.tar.gz
cd snowowl-oss-<version>/ # This directory is known as `$SO_HOME`

Running Snow Owl from the command line

Snow Owl can be started from the command line as follows:

./bin/startup

By default, Snow Owl runs in the foreground, prints its logs to the standard output (stdout), and can be stopped by pressing Ctrl-C.

Checking that Snow Owl is running

You can test that your instance is running by sending an HTTP request to Snow Owl's status endpoint:

curl http://localhost:8080/snowowl/info

which should give you a response like this:

{
  "version": "<version_number>",
  "description": "You Know, for Terminologies",
  "repositories": {
    "items": [
      {
        "id": "snomedStore",
        "health": "GREEN"
      }
    ]
  }
}

Running in the background

You can send the Snow Owl process to the background using a combination of nohup and the & character:

nohup ./bin/startup > /dev/null &

Log messages can be found in the $SO_HOME/serviceability/logs/ directory.

To shut down Snow Owl, you can kill the process ID directly:

kill <pid>

or using the provided shutdown script:

./bin/shutdown

Directory layout of `.zip` and `.tar.gz` archives:

The .zip and .tar.gz packages are entirely self-contained. All files and directories are, by default, contained within $SO_HOME — the directory created when unpacking the archive.

This is very convenient because you don’t have to create any directories to start using Snow Owl, and uninstalling Snow Owl is as easy as removing the $SO_HOME directory. However, it is advisable to change the default locations of the config directory, the data directory, and the logs directory so that you do not delete important data later on.

Type

Description

Default Location

Setting

home

Snow Owl home directory or $SO_HOME

Directory created by unpacking the archive

bin

Binary scripts including startup/shutdown to start/stop the instance

$SO_HOME/bin

conf

Configuration files including snowowl.yml

$SO_HOME/configuration

data

The location of the data files and resources.

$SO_HOME/resources

path.data

logs

Log files location.

$SO_HOME/serviceability/logs

System configuration

Ideally, Snow Owl should run alone on a server and use all of the resources available to it. To do so, you need to configure your operating system to allow the user running Snow Owl to access more resources than allowed by default.

The following settings must be considered before going to production:

Configuring system settings

Where to configure systems settings depends on which package you have used to install Snow Owl, and which operating system you are using.

When using the .zip or .tar.gz packages, system settings can be configured:

When using the RPM or Debian packages, most system settings are set in the system configuration file. However, systems that use systemd require that system limits are specified in a systemd configuration file.

ulimit

On Linux systems, ulimit can be used to change resource limits temporarily. Limits usually need to be set as root before switching to the user that will run Snow Owl. For example, to set the number of open file handles (ulimit -n) to 65,536, you can do the following:

The new limit is only applied during the current session.

You can consult all currently applied limits with ulimit -a.

/etc/security/limits.conf

On Linux systems, persistent limits can be set for a particular user by editing the /etc/security/limits.conf file. To set the maximum number of open files for the snowowl user to 65,536, add the following line to the limits.conf file:

This change will only take effect the next time the snowowl user opens a new session.

Ubuntu and limits.conf

Ubuntu ignores the limits.conf file for processes started by init.d. To enable the limits.conf file, edit /etc/pam.d/su and uncomment the following line:

Sysconfig file

When using the RPM or Debian packages, system settings and environment variables can be specified in the system configuration file, which is located in:

However, for systems that use systemd, system limits need to be specified via systemd.

Systemd configuration

When using the RPM or Debian packages on systems that use systemd, system limits must be specified via systemd.

The systemd service file (/usr/lib/systemd/system/snowowl.service) contains the limits that are applied by default.

To override them, add a file called /etc/systemd/system/snowowl.service.d/override.conf (alternatively, you may run sudo systemctl edit snowowl which opens the file automatically inside your default editor). Set any changes in this file, such as:

Once finished, run the following command to reload units:

Number of threads

Snow Owl uses a number of thread pools for different types of operations. It is important that it is able to create new threads whenever needed. Make sure that the number of threads that the Snow Owl user can create is at least 4096.

This can be done by setting ulimit -u 4096 as root before starting Snow Owl, or by setting nproc to 4096 in /etc/security/limits.conf.

The package distributions when run as services under systemd will configure the number of threads for the Snow Owl process automatically. No additional configuration is required.

FHIR API

Introduction

HL7's Fast Healthcare Interoperability Resources (FHIR) standard describes data types, resources, interactions, coded values and their associated code systems that are used to represent and exchange structured clinical data.

Thanks to its pluggable and extensible architecture, Snow Owl TS is able to expose clinically relevant resources like code systems, value sets and concept maps in a format that can be consumed by third-party FHIR clients. Additionally, Snow Owl's revision model allows concurrent management of resource versions.

Interactive documentation

Navigate to http://<host>:8080/snowowl/ and select "FHIR API" from the category dropdown to see the full list of FHIR requests supported by Snow Owl TS:

Request/response formats

JSON and XML formats are both supported; resources in Turtle RDF format are not accepted (nor produced) by the server. The MIME type for these formats can appear in the Accept and Content-Type headers. These are the following:

XML
- application/fhir+xml
- application/xml
- text/xml
JSON
- application/fhir+json
- application/json
- text/json

Unless explicitly stated in the MIME type, the server accepts and responds in the R5 format. To select an explicit FHIR version format the fhirVersion argument can be used along with the fhir+json/xml media types. For example:

Accept: application/fhir+json;fhirVersion=4.0.1

All declared and provided FHIR endpoints support the following FHIR Specification versions:

Common request parameters

Override response format

Clients can override the desired output format by using the _format query parameter, if they have limited access to request headers. In this case shorthand values like xml and json are also permitted (Content-Type must still be set correctly if the request includes a body):

GET /snowowl/fhir/CodeSystem/SNOMEDCT?_format=xml&_pretty=true

[Response headers]
Content-Type: application/fhir+xml

<CodeSystem xmlns="http://hl7.org/fhir">
  <id value="SNOMEDCT"/>
  <meta>
    <lastUpdated value="2023-10-17T15:03:40.942Z"/>
  </meta>
  <language value="en"/>
  <text>
    <status value="empty"/>
    <div xmlns="http://www.w3.org/1999/xhtml"></div>
  </text>
  <url value="http://snomed.info/sct/900000000000207008"/>
  <name value="SNOMEDCT"/>
  <title value="SNOMED CT International Edition"/>
  <status value="active"/>
  [...]

Snow Owl returns a 406 Not Acceptable response if the client requested a response format it does not support. Conversely, if the request body is in a format it does not recognize, a 415 Unsupported Media Type response is emitted.

Pretty-printing

For development purposes, responses returned from the server can be formatted so they are more pleasing to the human eye. The example above already includes the query parameter that controls this behavior; it is named _pretty. Setting its value to true results in pretty-printed output.

Resource summary

The query parameter _summary controls whether a subset of the elements should be returned for a resource. Supported values are:

true -> return a pre-defined subset of elements from the resource (these are marked as "summary" in the FHIR specification)
false -> return all elements of the resource
text -> return text, id, meta and top-level elements marked as "mandatory" in the FHIR specification (to ensure that the response remains a valid FHIR resource representation)
data -> remove the text element that contains a human-readable rendering of the resource, in the form of eg. an XHTML snippet
count -> return hit count without the accompanying list of matching resources (applicable in resource search interactions only)

When summary mode is enabled, returned resources are marked with a SUBSETTED code to indicate that certain elements were left out:

GET /snowowl/fhir/CodeSystem/SNOMEDCT?_summary=text

[Response headers]
Content-Type: application/fhir+json

{
  "resourceType": "CodeSystem",
  "id": "SNOMEDCT",
  "meta": {
    "lastUpdated": "2023-10-17T15:03:40.942Z",
    "tag": [{
      "system": "http://terminology.hl7.org/CodeSystem/v3-ObservationValue",
      "code": "SUBSETTED",
      "display": "As requested, resource is not fully detailed."
    }]
  },
  "text": {
    "status": "empty",
    "div": "<div xmlns=\"http://www.w3.org/1999/xhtml\"></div>"
  },
  "status": "active",
  "content": "not-present"
}

Element selection

If none of the _summary modes listed above are appropriate for a use case, clients can select individual elements for inclusion via the _elements query parameter. Its value should be a comma-separated list of element names. Elements marked as "mandatory" are always returned.

As above, the returned resource's meta.tag element will also include a SUBSETTED Coding to indicate that some information has been left out.

Sorting and paging

Clients can indicate the preferred number of results to return on a single page via the _count query parameter. Paging via offsets is not supported, but the response usually includes a link of type "next" to retrieve the next page:

GET /snowowl/fhir/CodeSystem?_count=5

[Response headers]
Content-Type: application/fhir+json

{
  "resourceType": "Bundle",
  "id": "codesystems",
  "meta": {
    "lastUpdated": "2023-11-28T18:37:52.057338Z"
  },
  "type": "searchset",
  "link": [{ 
    "relation": "next",
    "url": "https://<host>/snowowl/fhir/CodeSystem?_count=5&_after=AoIhMDg2dlE2dHd4YkRDNnZHWjUxNGYzWlplR2M="
  }],
  "total": 1676,
  "entry": [
    {
      "fullUrl": "https://<host>/snowowl/fhir/CodeSystem/resource_1",
      "resource": {
        "resourceType": "CodeSystem",
        "id": "resource_1",
        "meta": {
          "lastUpdated": "2023-10-19T13:21:52.216Z"
        },
        "name": "resource_1",
        "title": "First resource",
        ...
      }
    },
    ...
  ]
}

As can be seen from the example, the paging mechanism uses an additional state tracking parameter called _after.

Resource types

Snow Owl only supports a small subset of FHIR's 150+ resource types – the ones that are relevant from a terminology service perspective. These are described on separate pages in detail:

Resource identifiers

The id element of each resource is assigned by Snow Owl in create interactions; the assigned value never changes once it has been set and is unique across resource types. Update interactions that use an identifier which did not exist previously will create a new resource – in this case the identifier is checked for potential collisions first.

Snow Owl represents versioned content as standalone resources when accessed via the FHIR API (the version part is separated from the resource identifiers by a / character which is not allowed to be used in "regular" FHIR identifiers):

GET /snowowl/fhir/CodeSystem/SNOMEDCT/2021-01-31

[Response headers]
Content-Type: application/fhir+json

{
  "resourceType": "CodeSystem",
  "id": "SNOMEDCT/2021-01-31",
  "meta": {
    "lastUpdated": "2023-10-17T14:59:31.529Z"
  },
  "url": "http://snomed.info/sct/900000000000207008/version/20210131",
  "version": "2021-01-31",
  "name": "SNOMEDCT/2021-01-31",
  "title": "SNOMED CT International Edition",
  "status": "active",
  "date": "2021-01-31T00:00:00Z",
  "publisher": "SNOMED International",
  "content": "not-present",
  "count": 481509,
  ...
}

If there are no versions present for a given resource, or the requested identifier does not include a version part, the latest development version is returned which may include "in-progress" changes. Therefore it is recommended to always query a specific version of any terminology content to get consistent results, especially when the same terminology server instance is being used for both authoring and distribution.

Response status

The following HTTP status codes are used by Snow Owl's FHIR API to indicate the success or failure of an interaction:

HTTP Status

Reason

200

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

500

Internal Error

If an error occurs, a response containing an OperationOutcome resource may be returned to include additional details about the problem at hand:

GET /snowowl/fhir/CodeSystem/abc

[Response headers]
Content-Type: application/fhir+xml

<OperationOutcome>
  <resourceType>OperationOutcome</resourceType>
  <issue>
    <severity>error</severity>
    <code>not_found</code>
    <diagnostics>
      Code System with identifier 'abc' could not be found.
    </diagnostics>
    <details>
      <text>Resource Id 'abc' does not exist</text>
      <coding>
        <code>msg_no_exist</code>
        <system>http://hl7.org/fhir/operation-outcome</system>
        <display>Resource Id 'abc' does not exist</display>
      </coding>
    </details>
    <location>abc</location>
  </issue>
</OperationOutcome>

Content syndication

With content syndication, data can be seamlessly moved between different Snow Owl Terminology Server deployments.

This functionality is useful when content created in a central deployment (upstream) needs to be distributed to one or more read-only downstream instances. The resource distribution is designed to be uni-directional and semi-automated where an actor has to configure any new downstream instances to be able to receive data from the central unit.

Configure upstream

To be able to access the upstream server and its content the following items are required:

the HTTP port of Elasticsearch has to be accessible for the downstream Snow Owl and Elasticsearch instances (configured via the http.port property, the default is 9200)
the REST API of Snow Owl has to be accessible for the downstream Snow Owl servers
an Elasticsearch API key with sufficient privileges for authentication and authorization
a Snow Owl API key with sufficient privileges for authentication and authorization
configure selected terminology resources as distributable

Access Elasticsearch

In case Snow Owl uses a self-hosted Elasticsearch instance the HTTP port can be opened by modifying the container settings in the docker-compose.yml file. Make sure to remove the localhost IP prefix from the port declaration:

docker-compose.yml

...
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:${ELASTICSEARCH_VERSION}
    container_name: elasticsearch
...
    ports:
-      - "127.0.0.1:9200:9200"
+      - "9200:9200"

When opening up a self-hosted Elasticsearch make sure to use strengthened security with secure HTTP and username/password access.

In the case of a hosted Elasticsearch instance there is nothing to do, it will already be accessible from outside.

Access Snow Owl

The default reverse proxy configuration (shipped in the released package) exposes the Snow Owl REST API via the URL: http(s)://upstream-snow-owl-url/snowowl

Other than that no additional configuration is needed.

Obtain an Elasticsearch API key

Creating a new API key for Elasticsearch is either possible through its Api Key API or - in the case of a hosted instance - from within Kibana.

The content syndication operation requires the following permissions:

cluster privilege: monitor
index privilege: read

Here is an example request body for the Api Key API:

POST /_security/api_key
{
  "name": "syndication-api-key",
  "expiration": "30d",
  "role_descriptors": { 
    "syndicate-role": {
      "cluster": [
        "monitor"
      ],
      "indices": [
        {
          "names": [
            "*"
          ],
          "privileges": [
            "read"
          ]
        }
      ]
    }
  }
}

This request will return with the following response:

{
  "id" : "<token_id>",
  "name" : "syndication-api-key",
  "expiration" : 0,
  "api_key" : "<api_key>",
  "encoded" : "<encoded_api_key>"
}

Take note of the encoded API Key, which is the one that will be used later on.

Obtain a Snow Owl API Key

To request an API key from the upstream Snow Owl Terminology Server the following REST API endpoint must be used:

To request an API key

POST https://upstream-snow-owl-url/snowowl/token

Request Body

Name

Type

Description

username*

String

The username to authenticate with

password*

String

The password belonging to the username

token

String

Previous token to re-new

expiration

String

Expiration interval, e.g. 1d or 2h

permissions

List<String>

List of permissions

{
    token: "<snow-owl-api-key>"
}

Select distributable resources

All three major terminology resource types can be configured as distributable. Resources have a settings map that can be updated via their specific REST API endpoints:

PUT /codesystems/{codeSystemId}
PUT /valuesets/{valueSetId}
PUT /conceptmaps/{conceptMapId}

A setting called distributable has to be set with a value of either true or false. Here is an example update request to make the 'Example Code System' distributable:

PUT /codesystems/example_codesystem_id
{
  "settings": {
    "distributable": true
  }
}

Configure downstream

Elasticsearch

There is one configuration property that must be set before provisioning a new downstream Snow Owl Terminology Server.

Any potential upstream Elasticsearch instance must be listed as an allowed source of information for the downstream Elasticsearch instances via a configuration parameter in the elasticsearch.yml file.

The property is called reindex.remote.whitelist :

elasticsearch.yml

...
http.port: 9200
...
reindex.remote.whitelist: ["upstream-elasticsearch-url.com:9200", "other-upstream-elasticsearch-url.com:9200"]

The whitelisted URL must contain the upstream HTTP port and must not contain the scheme.

Provision a new downstream server

Provisioning a new downstream server has the following prerequisites:

start with an empty dataset
collect all terminology resource identifiers that need to be syndicated
get all the necessary credentials to communicate with upstream
initiate the resource syndication and verify the result

Collect terminology resources for syndication

To populate a downstream server with terminology resources via an upstream source, one must collect the required resource identifiers or resource version identifiers beforehand.

Resource identifiers must be in their simple form, e.g.:

SNOMED-CT
ICD-10
LOINC

Resource version identifiers must be in the following form: <resource_id>/<version_id>, e.g.:

SNOMED-CT/2020-01-31
ICD-10/v2019
LOINC/v2.72

To determine which resources are available for syndication, the following upstream REST API endpoint can be used. It returns an atom feed that consists of resource versions from where one can collect the required identifiers.

Retrieve syndication resource feed

GET https://upstream-snow-owl-url/snowowl/syndication/feed.xml

Retrieves the feed of all distributable resources

Query Parameters

Name

Type

Description

resource

List<String>

The resource identifier(s) to include in the feed

resourceType

List<String>

The types of resources to include in the feed (e.g. conceptmaps, valuesets, codesystems)

resourceUrl

List<String>

The URLs of the resources to include in the feed

packageTypes

List<String>

The types of packages to include in the feed. Only BINARY is supported at the moment

effectiveTime

String

The effective time value to match (yyyyMMdd) or an effective time range value to match (yyyyMMdd...yyyyMMdd), inclusive range

createdAt

Long

Exact match filter for the resource version created at field

createdAtFrom

Long

Greater than equal to filter for the resource version created at field

createdAtTo

String

Less than equal to filter for the resource version created at field

limit*

int

The maximum number of items to return

<?xml version="1.0" encoding="UTF-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
  <id>urn:uuid:ddce3cd6-2efe-3142-9cce-62e73d3031ca</id>
  <title>Snow Owl® Terminology Server Syndication Feed</title>
  ...
  <entry>
    <id>valuesets/1234/V1.0</id>
    ...
    <title>Valueset example</title>
    <category term="BINARY" scheme="https://b2ihealthcare.com/snow-owl/syndication/binary/1.0.0" label="Binary index"/>
    ...
  </entry>
</feed>

It is not required to list all resource version identifiers for an already selected resource. E.g.:

If SNOMED-CT is selected as a resource, it is not required to select all its versions among the version resource identifiers.
If a specific version is selected (SNOMED-CT/2020-01-31) and the resource is not listed among the selected resources, then only versions created until 2020-01-31 will be syndicated

Syndicate resources

To kick off a syndication process the following parameters are required:

the list of resource identifiers
the list of resource version identifiers
the upstream Snow Owl URL without its REST API root context:
- e.g. https://upstream-snow-owl-url.com
the API key to authenticate with the upstream Snow Owl server
the upstream Elasticsearch URL, including the scheme and port:
- e.g. https://upstream-elasticsearch-url.com:9200
the API key to authenticate with the upstream Elasticsearch

When there are no existing resources on the downstream server yet, at least one resource identifier or one resource version identifier must be selected.

Snow Owl will resolve all resource dependencies and will handle syndication requests rigorously. If e.g. a Value Set depends on a specific SNOMED CT version and that version is not among the selected resources - or does not exist on the downstream server yet - the syndication run will fail to note that there is a missing dependency. It is always required to list all dependencies that the selected resources have for a given syndication run.

The above parameters should be fed to the following downstream Snow Owl REST API endpoint:

Syndicate resource(s)

POST https://downstream-snow-owl-url/snowowl/syndication/syndicate

Syndicate resources from a remote Snow Owl instance. In case no resource identifiers are provided, all existing resources will be syndicated to their latest version.

Request Body

Name

Type

Description

resource

List<String>

List of resource identifiers

version

List<String>

List of version resource identifiers

upstreamUrl*

String

The URL of the upstream Snow Owl

upstreamToken*

String

API key for the upstream Snow Owl

upstreamDataUrl*

String

The URL of the upstream Elasticsearch

upstreamDataToken*

String

API key for the upstream Elasticsearch

The syndication process starts in the background as an asynchronous job. It can be tracked by calling the following endpoint using the job identifier returned in the Location:

Retrieve syndication job

GET https://downstream-snow-owl-url/snowowl/syndication/{id}

Returns the specified syndication run's configuration and status.

Path Parameters

Name

Type

Description

id*

String

The identifier of a syndication run

{
    // Response
}

The returned result object will contain all information related to the given syndication run:

status of the run (RUNNING, FINISHED, FAILED)
list of successfully syndicated resource versions
additional details about created or updated Elasticsearch indices

Examples of resource selection

Code Systems

There is a need to syndicate the SNOMED-CT US extension. It depends on the SNOMED CT International version 2021-01-31. Provide the following resource identifier and resource version identifier configuration:

{
  "resource": "SNOMED-CT-US",
  "version": "SNOMED-CT/2021-01-31"
}

This will syndicate all versions of SNOMED-CT-US and all international versions until 2021-01-31.

If the configuration is changed to:

{
  "resource": "SNOMED-CT-US, SNOMED-CT"
  "version": ""
}

This will syndicate all versions of SNOMED-CT-US and SNOMED-CT international, including all international versions even after 2021-01-31.

Value Sets

There is a Value Set with an identifier of VS and members from SNOMED-CT/2020-07-31:

{
  "resource": "VS"
  "version": "SNOMED-CT/2020-07-31"
}

Concept Maps

There is a Concept Map with an identifier of CM mapping concepts between LOINC/v2.72 and ICD-10/v2019:

{
  "resource": "CM"
  "version": "LOINC/v2.72, ICD-10/v2019"
}

Keeping a downstream server up-to-date

If a given downstream server already contains the desired resources and the goal is to keep the content up-to-date, it is not required to fill in the resource and resource version identifiers for the syndication request.

One can call the POST /syndication/syndicate endpoint with all the credentials and URLs but without specifying any resource or version identifier. The server will automatically determine - based on the set of existing downstream resources - if there are any new resource versions available for syndication.

To check whether there are any updates available, there is an endpoint that can be called:

Retrieve a list of resource versions which are available for syndication

GET https://downstream-snow-owl-url/snowowl/syndication/list

Returns the full list of resource versions to be syndicated based on the search criteria. If no filters are provided updates are calculated for all existing resources.

Query Parameters

Name

Type

Description

resource

List<String>

The resource identifier(s) to syndicate, e.g. SNOMEDCT (== latest version)

version

List<String>

The version identifier(s) to syndicate, e.g. SNOMEDCT/2022-07-31

upstreamUrl*

String

The URL of the upstream Snow Owl server

upstreamToken*

String

The token to authenticate with the upstream Snow Owl server

limit*

int

The number of resource versions to return if there are any

{
    "items": [
        {
            "id": "SNOMED-CT/2022-01-31",
            "version": "2022-01-31",
            "description": "2022-01-31",
            "effectiveTime": "2022-01-31",
            "resource": "codesystems/SNOMED-CT"
        },
        {
            "id": "SNOMED-CT/2022-07-31",
            "version": "2022-07-31",
            "description": "2022-07-31",
            "effectiveTime": "2022-07-31",
            "resource": "codesystems/SNOMED-CT"
        }
    ]
    "limit": 50,
    "total": 2
}

If there are any updates this endpoint will return a list of versions, if there are none it will return an empty result.

CodeSystem

Tooling support

Snow Owl TS differentiates between certain "families" (toolings) of code system resources. Each tooling uses an internal representation for its terminology components that can be searched and edited more effectively. These components are converted to a FHIR-compatible form when a read or search interaction happens, and back when new a CodeSystem resource is created via the FHIR API (or an existing resource receives an update).

SNOMED CT

SNOMED CT and its extensions are effectively read-only from the FHIR API's point of view – they can not be created via a create interaction, nor can content be loaded or updated from an RF2 archive. Only Snow Owl's native API has provisions for doing so.

As SNOMED CT code systems contain a considerable amount of concepts, resource responses for this tooling do not include a concept array and content is always set to not-present to highlight this fact:

GET /snowowl/fhir/CodeSystem/SNOMEDCT-US?_pretty=true

[Response headers]
Content-Type: application/fhir+xml

<CodeSystem xmlns="http://hl7.org/fhir">
  <id value="SNOMEDCT-US"/>
  <meta>
    <lastUpdated value="2023-10-18T01:52:16.04Z"/>
  </meta>
  <language value="en"/>
  ...
  <url value="http://snomed.info/sct/731000124108"/>
  ...
  <name value="SNOMEDCT-US"/>
  <title value="SNOMED CT US Extension"/>
  <status value="active"/>
  <publisher value="NIH - National Library of Medicine"/>
  ...  
  <content value="not-present"/>
  <count value="513765"/>
  ...

All SNOMED CT resources behave like editions, which means lookup operations succeed for any concept that can be found within eg. the International Edition's content, or in any other extension the resource depends on:

GET /snowowl/fhir/CodeSystem/$lookup?system=http://snomed.info/sct/731000124108&code=138875005&_pretty=true

[Query parameters (repeated for clarity)]
system: http://snomed.info/sct/731000124108
code: 138875005
_pretty: true

[Response headers]
Content-Type: application/fhir+xml

<Parameters xmlns="http://hl7.org/fhir">
  <parameter>
    <name value="name"/>
    <valueString value="SNOMEDCT-US"/>
  </parameter>
  <parameter>
    <name value="display"/>
    <valueString value="SNOMED CT Concept"/>
  </parameter>
</Parameters>

Filters

The following filters are supported in value set compose statements, should they reference a SNOMED CT code system:

code: expressionoperator: =value: <ECL expression>
- matches concepts using the Expression Constraint Language
code: expressionsoperator: =value: <true|false>
- specifies whether Post-Coordinated Expressions should be included in the filtered result set or not (even though the filter is recognized, Snow Owl currently does not store PCEs)
code: conceptoperator: is-avalue: <conceptId>
- matches the descendants of the specified parent concept
code: conceptoperator: invalue: <refsetId>
- matches concepts that are members of the specified reference set

Properties

All SNOMED CT relationship types are supported and can be returned along with concept data if requested. An example can be seen below:

code: 288556008 (the attribute concept's ID) type: code URI: http://snomed.info/id/288556008description: Before

In addition to these (and the common properties that are applicable to all code systems), Snow Owl can also return the following set of SNOMED CT-specific concept properties:

code: inactivetype: booleanURI: http://snomed.info/field/Concept.inactive
- The concept's active RF2 property (inverted)
code: moduleIdtype: codeURI: http://snomed.info/field/Concept.moduleId
- The concept's moduleId RF2 property
code: effectiveTimetype: stringURI: http://snomed.info/field/Concept.effectiveTime
- The concept's effectiveTime RF2 property (in yyyyMMdd format)
code: sufficientlyDefinedtype: booleanURI: http://snomed.info/field/Concept.sufficientlyDefined
- A boolean value derived from the concept's definitionStatusId (set to true if the original value is 900000000000073002|Defined|, false otherwise)

ICD-10 and its national variants can be imported from XML release files using the ClaML format in the paid edition of Snow Owl, however this functionality is not exposed via FHIR requests; neither can such a code system be created using a create interaction.

Similarly to SNOMED CT resources, the concept array remains unpopulated with content set to not-present in the response. ICD-10 concepts can still participate in lookup, validation or subsumption testing operations.

In the paid edition the official release archive can be used to populate the code system's contents. It is available over the FHIR API in a read-only fashion as the previous two toolings.

In Snow Owl's paid edition FHIR code system resources submitted as part of a create or update interaction (if no resource existed with the same ID earlier) become members of the LCS tooling. Custom properties may be defined when submitting the creation request and added to concepts of the code system.

The code system URL can be set upon creation and is checked for uniqueness.

The concept array is fully populated in LCS responses and content is set to complete.

Properties

User-defined properties listed in the top-level property elements of the resource get included in the LCS schema. The cardinality is set to [0..*], which means concepts can have any number of properties associated with the same type code.

Interactions

read (instance)

Standard GET requests that include the identifier as the final path segment(s) return the code system's current (or versioned) state:

GET /snowowl/fhir/CodeSystem/SNOMEDCT-UK-CL/2023-08-02

[Response headers]
Content-Type: application/fhir+json

{
  "resourceType": "CodeSystem",
  "id": "SNOMEDCT-UK-CL/2023-08-02",
  "meta": {
    "lastUpdated": "2023-10-17T15:44:27.568Z"
  },
  "language": "en",
  "text": {
    "status": "empty",
    "div": "<div xmlns=\"http://www.w3.org/1999/xhtml\"></div>"
  },
  "url": "http://snomed.info/sct/999000011000000103",
  ...  
  "name": "SNOMEDCT-UK-CL/2023-08-02",
  "title": "SNOMED CT UK Clinical Extension",
  "status": "active",
  "date": "2023-08-02T00:00:00Z", // Versioned resources include the "date" property
  "publisher": "NHS England",
  "contact": [ {
    "telecom": [ {
      "system": "url",
      "value": "https://www.england.nhs.uk/"
    } ]
  } ],
  "description": "SNOMED CT UK Clinical Extension",
  ...
}

Common parameters like _format, _summary, _elements and _pretty are also applicable. These are described on the previous page: Common request parameters

update (instance)

PUT requests that include a resource identifier update an existing (local) code system or create a new instance:

PUT /snowowl/fhir/CodeSystem/example-lcs-1

[Request headers]
X-Effective-Date: 2023-11-29
X-Author: user@host.domain
X-Owner: owner@host.domain
X-Owner-Profile-Name: Resource Owner
X-Bundle-Id: parent-bundle-id
Content-Type: application/fhir+json

[Request body]
{
  "resourceType": "CodeSystem",
  "id": "example-lcs-1",
  "text": {
    "status": "empty",
    "div": "<div xmlns=\"http://www.w3.org/1999/xhtml\"></div>"
  },
  "url": "https://b2ihealthcare.com/codesystems/example-lcs-1",
  "name": "example-lcs-1",
  "version": "v1",
  "title": "Example LCS",
  "status": "draft",
  "content": "complete",
  "count": 2,
  "concept": [
    {
      "code": "C00",
      "display": "Parent concept"
    },
    {
      "code": "C00-1",
      "display": "Child concept",
      "property": [ {
          "code": "parent",
          "valueCode": "C00"
      } ]
    }
  ]
}

The response code is 201 Created if the resource did not exist previously, and the URL is included in the Location response header. Existing code systems are updated and a 200 OK response is returned instead.

If an error occurs during the update, a 400 Bad Request response with an OperationOutcome resource as the response body is emitted instead.

The following non-standard request headers can be used to control certain aspects of the commit process:

X-Effective-Date -> the effective date to use if a version identifier is present in the resource without a corresponding date element
X-Author -> sets the user identifier that the commit should be attributed to (defaults to the authenticated user)
X-Owner -> sets the owner of the resource, for access control purposes in external systems (defaults to the author or the authenticated user if the former is not set)
X-Owner-Profile -> sets the human-readable name of the owner of the resource, for presentation purposes in external systems
X-Bundle-Id -> specifies the parent bundle's resource identifier (defaults to the root bundle if not set)

delete (instance)

A DELETE request removes an existing code system:

DELETE /snowowl/fhir/CodeSystem/example-lcs-1?force=true

[Request headers]
X-Author: user@host.domain

[Response]
204 No Content

Successful removal of a code system resource results in a 204 No Content response. Code systems that have been published can not be removed without adding the force=true query parameter to signal a forced deletion – this option in turn is only available to administrators.

create (type)

POST requests are very similar to the instance-level update interactions with the following important difference: the identifier included in the request body is ignored and a new, random one is generated from scratch. The request path should also omit the path segments corresponding to the resource identifier:

POST /snowowl/fhir/CodeSystem

[Request headers]
X-Effective-Date: 2023-11-29
X-Author: user@host.domain
X-Owner: owner@host.domain
X-Owner-Profile-Name: Resource Owner
X-Bundle-Id: parent-bundle-id
Content-Type: application/fhir+json

[Request body]
{
  "resourceType": "CodeSystem",
  // "id": "..." is not used by the server
  "text": {
    "status": "empty",
    "div": "<div xmlns=\"http://www.w3.org/1999/xhtml\"></div>"
  },
  "url": "https://b2ihealthcare.com/codesystems/example-lcs-1",
  "name": "example-lcs-1",
  "version": "v1",
  "title": "Example LCS",
  "status": "active",
  "content": "complete",
  "count": 2,
  "concept": [
    {
      "code": "C00",
      "display": "Parent concept"
    },
    {
      "code": "C00-1",
      "display": "Child concept",
      "property": [ {
          "code": "parent",
          "valueCode": "C00"
      } ]
    }
  ]
}

[Response]
201 Created

[Response headers]
Location: http://<host>/snowowl/fhir/CodeSystem/ExWn1g2gdIIQ

The response code is 201 Created if the interaction is successful. As mentioned above, the resource URL that can be used in eg. follow-up read interactions is included in the Location response header.

search (type)

GET requests targeting the endpoint corresponding to the resource type return all code systems that satisfy the specified search criteria, in the form of query parameters. The following example uses the count summary mode to determine the total number of code systems registered in the system, without returning any of the matches:

GET /snowowl/fhir/CodeSystem?_summary=count

[Response headers]
Content-Type: application/fhir+json

{
  "resourceType": "Bundle",
  "id": "codesystems",
  "meta": {
    "lastUpdated": "2023-11-29T16:15:36.187124Z"
  },
  "type": "searchset",
  "total": 1685
}

The specification allows search interactions to be initiated via a POST request to /fhir/CodeSystem/_search using name=value parameter pairs encoded with MIME type x-www-form-urlencoded, however this is unsupported in Snow Owl and results in a 405 Method Not Allowed response.

The following search parameters are supported:

_id -> matches code systems by logical identifier
name -> matches code systems by name (in Snow Owl this is set to the logical identifier)
title -> matches code systems by title (Snow Owl uses exact, phrase and prefix matching during its lexical search activities)
url -> matches code systems by their assigned url value
version -> matches code systems by their version value
status -> matches code systems by resource status (eg. draft, active, etc.)

Operations

$lookup

Both GET as well as POST HTTP methods are supported. Concepts are queried based on code, version, system or Coding. Designations are included as part of the response as well as supported concept properties when requested. Date parameters are not supported.

The following example request retrieves details about the SNOMED CT concept 128927009|Procedure by method|, including properties "inactive" and "Method" (a SNOMED CT attribute), using the latest version of the code system:

GET /snowowl/fhir/CodeSystem/$lookup?system=http://snomed.info/sct&code=128927009&property=inactive&property=http://snomed.info/id/260686004

[Query parameters (repeated for clarity)]
system: http://snomed.info/sct
code: 128927009
property: inactive
property: http://snomed.info/id/260686004

[Response headers]
Content-Type: application/fhir+json

{
  "resourceType": "Parameters",
  "parameter": [
    {
      "name": "name",
      "valueString": "SNOMEDCT" // The code system name (resolved from the URL)
    },
    {
      "name": "display",
      "valueString": "Procedure by method" // The concept's display name
    },
    {
      "name": "property",
      "part": [
        {
          "name": "code",
          "valueCode": "inactive"
        },
        {
          "name": "value",
          "valueBoolean": false // The value for the concept property "inactive"
        },
        {
          "name": "description",
          "valueString": "inactive"
        }
      ]
    },
    {
      "name": "property",
      "part": [
        {
          "name": "code",
          "valueCode": "260686004" // The SCTID of the attribute "Method"
        },
        {
          "name": "value",
          "valueCode": "129264002" // The SCTID of the destination concept, "Action"
        }
      ]
    }
  ]
}

$validate-code

Both GET as well as POST HTTP methods are supported.

The example request below validates that 128927009|Procedure by method| is present in SNOMED CT, selecting the resource to use for validation using a versioned identifier (an instance-level invocation):

GET /snowowl/fhir/CodeSystem/SNOMEDCT/2021-07-31/$validate-code?code=128927009

[Response headers]
Content-Type: application/fhir+json

{
  "resourceType": "Parameters",
  "parameter": [
    {
      "name": "result",
      "valueBoolean": true
    }
  ]
}

$subsumes

Both GET as well as POST HTTP methods are supported.

Subsumption testing is supported for all terminologies, including SNOMED CT. The example uses version 2022-02-28 of code system SNOMED CT (via the URL in the system query parameter) to determine whether 409822003|Domain Bacteria| is an ancestor of 112283007|Escherichia coli| (type-level invocation):

GET /snowowl/fhir/CodeSystem/$subsumes?codeA=409822003&codeB=112283007&system=http://snomed.info/sct/900000000000207008/version/20220228

[Query parameters (repeated for clarity)]
codeA: 409822003
codeB: 112283007
system: http://snomed.info/sct/900000000000207008/version/20220228

[Response headers]
Content-Type: application/fhir+json

{
  "resourceType": "Parameters",
  "parameter": [
    {
      "name": "outcome",
      "valueCode": "subsumes"
    }
  ]
}

The response is positive (and encouraging). Changing the role of the two codes gives us a subsumed-by result instead.

Concepts

Introduction

SNOMED CT concepts represent ideas that are relevant in a clinical setting and have a unique concept identifier (a SNOMED CT identifier or SCTID for short) assigned to them. The terminology covers a wide set of domains and includes concepts that represent parts of the human body, clinical findings, medicinal products and devices, among many others. SCTIDs make it easy to refer unambiguously to the described ideas in eg. an Electronic Health Record or prescription, while SNOMED CT's highly connected nature allows complex analytics to be performed on aggregated data.

The three component types mentioned above (also called core components) have a distinct set of attributes which together form the concept's definition. As an example, each concept includes an attribute (the definition status) which states whether the definition is sufficiently defined (and so can be computationally processed), or relies on a (human) reader to come up with the correct meaning based on the associated descriptions.

Terminology services exposed by Snow Owl allows clients to create, retrieve, modify or remove concepts from a SNOMED CT code system (concepts that are considered to be already published to consumers can only be removed with an administrative operation). Concepts can be retrieved by SCTID or description search terms; results can be further constrained via Expression Constraint Language (ECL for short) expressions.

Resource format

A concept resource without any expanded properties looks like the following:

Properties

id
effectiveTime
active
moduleId
definitionStatusId

It also contains the following supplementary information:

parentIds, ancestorIds

These arrays hold a set of SCTIDs representing the concept's direct and indirect ancestors in the inferred taxonomy. The (direct) parents array contains all destinationIds from active and inferred IS A relationships where the sourceId matches this concept's SCTID, while the ancestor array contains all SCTIDs taken from the parent and ancestor array of direct parents. The arrays are sorted by SCTID. A value of -1 means that the concept is a root concept that does not have any concepts defined as its parent. Typically, this only applies to 138875005|Snomed CT Concept| in SNOMED CT content.

See the following example response for a concept placed deeper in the tree:

Compare the output with a rendering from a user interface, where the concept appears in two different places after exploring alternative routes in the hierarchy. Parents are marked with blue, while ancestors are highlighted with orange:

statedParentIds, statedAncestorIds

Same as the above, but for the stated taxonomy view.

released

A boolean value indicating whether this concept was part of at least one SNOMED CT release. New concepts start with a value of false, which is set to true as part of the code system versioning process. Released concepts can only be deleted by an administrator.

iconId

administration_method, assessment_scale, attribute, basic_dose_form, body_structure, cell, cell_structure, clinical_drug, disorder, disposition, dose_form, environment, environment_location, ethnic_group, event, finding, geographic_location, inactive_concept, intended_site, life_style, link_assertion, linkage_concept, medicinal_product, medicinal_product_form, metadata, morphologic_abnormality, namespace_concept, navigational_concept, observable_entity, occupation, organism, owl_metadata_concept, person, physical_force, physical_object, procedure, product, product_name, qualifier_value, racial_group, record_artifact, regime_therapy, release_characteristic, religion_philosophy, role, situation, snomed_rt_ctv3, social_concept, special_concept, specimen, staging_scale, state_of_matter, substance, supplier, transformation, tumor_staging, unit_of_presentation

In the metadata hierarchy, the use of a hierarchy tag alone would not distinguish concepts finely enough, as lots of them will have eg. "foundation metadata concept" set as their tag. In these cases, concept identifiers may be used as the icon identifier.

subclassDefinitionStatus

The default value is NON_DISJOINT_SUBCLASSES where no such assumption is made.

Property expansion

Core component information related to the current concept can be attached to the response by using the expand query parameter, allowing clients to retrieve more data in a single roundtrip. Property expansion runs the necessary requests internally, and attaches results to the original response object.

Expand options are expected to appear in the form of propertyName1(option1: value1, option2: value2, expand(...)), propertyName2() where:

propertyNameN stands for the property to expand;
optionN: valueN are key-value pairs providing additional filtering for the expanded property;
optionally, expands can be nested, and the options will apply to the components returned under the parent property;
when no expand options are given, an empty set of () parentheses need to be added after the property name.

Supported expandable property names are:

`referenceSet()`

If a corresponding reference set was already created for an identifier concept (a subtype of 900000000000455006|Reference set), information about the reference set will appear in the response:

To retrieve reference set members along with the reference set in a single request, use a nested expand property named members:

`preferredDescriptions()`

Expands descriptions with preferred acceptability.

Returns all active descriptions that have at least one active language reference set member with an acceptabilityId of 900000000000548007|Preferred|, in compact form, along with the concept. Preferred descriptions are frequently used on UIs when a display label is required for a concept.

This information is also returned when expand options pt() or fsn() (described later) are present.

`semanticTags()`

Returns hierarchy tags extracted from FSNs.

An array containing the hierarchy tags from all Fully Specified Name-typed descriptions of the concept is added as an expanded property if this option is present:

`inactivationProperties()`

Collects information from concept inactivation indicator and historical association reference set members referencing this concept.

Members of 900000000000489007|Concept inactivation indicator attribute value reference set| and subtypes of 900000000000522004 |Historical association reference set| hold information about a reason a concept is being retired in a release, as well as suggest potential replacement(s) for future use.

The concept stating the reason for inactivation is placed under inactivationProperties.inactivationIndicator.id (a short-hand property exists without an extra nesting, named inactivationProperties.inactivationIndicatorId). It is expected that only a single active inactivation indicator exists for an inactive concept.

Historical associations are returned under the property inactivationProperties.associationTargets as an array of objects. Each object includes the identifier of the historical association reference set and the target component identifier, in the same manner as described above – as an object with a single id property and as a string value.

While most object values where a single id key is present indicate that the property can be expanded to a full resource representation, this is currently not supported for inactivation properties; an expand option of inactivationProperties(expand(inactivationIndicator())) will not retrieve additional data for the indicator concept.

`members()`

Expands reference set members referencing this concept.

Note that this is different from reference set member expansion on a reference set, ie. referenceSet(expand(members())), as this option will return reference set members where the referencedComponentId property matches the concept SCTID, from multiple reference sets (if permitted by other expand options). Inactivation and historical association members can also be returned here, in their entirety (as opposed to the summarized form described in inactivationProperties() above).

Compare the output with the one returned when inactivation indicators were expanded. The last two reference set members correspond to the historical association and the inactivation reason, respectively:

The following expand options are supported within members(...):

active: true | false

Controls whether only active or inactive reference set members should be returned.

refSetType: "{type}" | [ "{type}"(,"{type}")* ]

The reference set type(s) as a string, to be included in the expanded output; when multiple types are accepted, values must be enclosed in square brackets and separated by a comma.

expand(...)

Allows nested expansion of reference set member properties.

SIMPLE - simple type
SIMPLE_MAP - simple map type
LANGUAGE - language type
ATTRIBUTE_VALUE - attribute-value type
QUERY - query specification type
COMPLEX_MAP - complex map type
DESCRIPTION_TYPE - description type
CONCRETE_DATA_TYPE - concrete data type (vendor extension for representing concrete values in Snow Owl)
ASSOCIATION - association type
MODULE_DEPENDENCY - module dependency type
EXTENDED_MAP - extended map type
SIMPLE_MAP_WITH_DESCRIPTION - simple map type with map target description (vendor extension for storing a descriptive label with map targets, suitable for display)
OWL_AXIOM - OWL axiom type
OWL_ONTOLOGY - OWL ontology declaration type
MRCM_DOMAIN - MRCM domain type
MRCM_ATTRIBUTE_DOMAIN - MRCM attribute domain type
MRCM_ATTRIBUTE_RANGE - MRCM attribute range type
MRCM_MODULE_SCOPE - MRCM module scope type
ANNOTATION - annotation type
COMPLEX_BLOCK_MAP - complex map with map block type (added for national extension support)

See the following example for combining reference set member status filtering and reference set type restriction:

`module()`

Expands the concept's module identified by property moduleId, and places it under the property module. As the returned resource is a concept itself, property expansion can apply to modules as well by using a nested expand() option.

Property module does not appear in compact form (with a single id key) in the standard representation.

`definitionStatus()`

Expands the definition status concept identified by the property definitionStatusId, and places it under the property definitionStatus. When this property is not expanded, a smaller placeholder object with a single id property is returned in the response. Nested expand() options work the same way as in the case of module().

`pt()` and `fsn()`

In addition to the standard locales like en-US, Snow Owl uses an extension to allow referring to language reference sets by identifier, in the form of {language code}-x-{language reference set ID}. "Traditional" language tags are resolved to language reference set IDs as part of executing the request by consulting the code system settings:

An example response pair demonstrating cases where the PT is different in certain dialects:

`descriptions()`

The collection resource's limit and total values are set to the same value (the number of descriptions returned for the concept) because a description fetch limit can not be set via a property expand option.

The following expand options are supported within descriptions(...):

active: true | false

Controls whether only active or inactive descriptions should be included in the response. (If both are required, do not set any value for this expand property.)

typeId: "{expression}"

sort: "{field}(:{asc | desc})?"(, "{field}(:{asc | desc})")*

Items in the collection resource are sorted based on the sort configuration given in this option. A single, comma-separated string value is expected; field names and sort order must be separated by a colon (:) character. When no sort order is given, ascending order (asc) is assumed.

expand(...)

Allows nested expansion of description properties.

`relationships()`

limit and total values on relationships are set to the same value (the number of relationships returned for the concept) because a relationship fetch limit can not be set via an expand option.

The following expand options are supported within relationships(...):

active: true | false

Controls whether only active or inactive relationships should be included in the response. (If both are required, do not set any value for this expand property.)

characteristicTypeId: "{expression}"

An ECL expression that restricts the characteristicTypeId property of each returned relationship. As an example, when this value is set to "<<900000000000006009", both stated and inferred relationships will be returned, as their characteristic type concepts are descendants of 900000000000006009|Defining relationship|.

typeId: "{expression}"

An ECL expression that restricts the typeId property of each returned relationship.

destinationId: "{expression}"

An ECL expression that restricts the destinationId property of each returned relationship.

sort: "{field}(:{asc | desc})?"(, "{field}(:{asc | desc})")*

expand(...)

Allows nested expansion of relationship properties.

`inboundRelationships()`

Retrieves all "inbound" relationships, where the destinationId property matches the SCTID of the concept(s), adding them to property inboundRelationships.

limit and total values on inboundRelationships are set to the same value (the number of inbound relationships returned for the concept), but differently from options above, a fetch limit is applied when it is specified.

destinationId: "{expression}"

This option is not supported on inboundRelationships; all destination IDs match the concept's SCTID.

sourceId: "{expression}"

An ECL expression that restricts the sourceId property of each returned relationship.

limit: {limit}

Limits the maximum number of inbound relationships to be returned. Not recommended for use when the expand option applies to a collection of concepts, not just a single one, as the limit is not applied individually for each concept.

`descendants()` / `statedDescendants()`

Depending on which direct setting is used, retrieves all concepts whose [stated]parentIds and/or [stated]AncestorIds array contains this concept's SCTID. Results are added to property descendants or statedDescendants, based on the option name used.

Only active concepts are returned, as these are expected to have active "IS A" relationships or OWL axioms that describe the relative position of the concept within the terminology graph.

The following options are available:

direct: true | false (required)

Controls whether only direct descendants should be collected or a transitive closure of concept subtypes.

When set to true, property [stated]parentIds will be searched only, otherwise both [stated]parentIds and [stated]AncestorIds are used. The presence or absence of the "stated" prefix in the search field depends on the option name.

limit: 0

Applicable only when a single concept's properties are expanded. Collects the number of descendants in an efficient manner, and sets the total property of the returned collection resource without including any concepts in it. Not used when a collection of concepts are expanded in a single request, or any other value is given.

expand(...)

Allows nested expansion of concept properties on each collected descendant.

`ancestors()` / `statedAncestors()`

Depending on which direct setting is used, retrieves all concepts that appear in this concept's [stated]parentIds and/or [stated]AncestorIds array. Results are added to property ancestors or statedAncestors, based on the option name used.

The following options are available:

direct: true | false (required)

Controls whether only direct ancestors should be collected or a transitive closure of concept supertypes.

When set to true, property [stated]parentIds will be used only for concept retrieval, otherwise the union of [stated]parentIds and [stated]AncestorIds are collected (the special placeholder value "-1" is ignored). The presence or absence of the "stated" prefix in the search field depends on the option name.

limit: 0

Collects the number of ancestors in an efficient manner, and sets the total property of the returned collection resource without including any concepts in it. Not used when any other value is given (however, this property expansion supports cases where multiple concepts' ancestors need to be returned).

expand(...)

Allows nested expansion of concept properties on each collected ancestor.

Operations

Read concept (GET)

A GET request that includes a concept identifier as its last path parameter will return information about the concept in question:

Query parameters

expand={options}

field={field1}[,{fieldN}]*

Restricts the set of fields returned from the index. Results in a smaller response object when only specific information is needed.

Supported names for field selection are the following:

active
activeMemberOf
ancestors - controls the appearance of ancestorIds as well
definitionStatusId
doi
effectiveTime
exhaustive
iconId
id - always included in the response, even when not present as a field parameter
mapTargetComponentType
memberOf
moduleId
namespace
parents - controls the appearance of parentIds as well
preferredDescriptions
refSetType
referencedComponentType
released
score
semanticTags
statedAncestors - controls the appearance of statedAncestorIds as well
statedParents - controls the appearance of statedParentIds as well
created and revised - these fields are associated with revision control, and even though they are listed as supported fields, they do not appear in the response even when explicitly requested.

Specifying any other field name results in a 400 Bad Request response:

Fields with a value of null do not appear in the response, even if they are selected for inclusion.

Request headers

Accept-Language: {language-range}[;q={weight}](, {language-range}[;q={weight}])*

Specifying an unknown language or dialect results in a 400 Bad Request response:

Find concepts (GET)

A GET request that ends with concepts as its last path parameter will search for concepts matching all of the constraints supplied as query parameters. By default (when no query parameter is added) it returns all concepts.

The response consists of a collection of concept resources, a searchAfter key (described in section "Query parameters" below), the limit used when computing response items and the total hit count:

Query parameters

definitionStatus={eclExpression} | {id1}[,{idN}]*

An ECL expression or enumerated list that describes the allowed set of SCTIDs that must appear in matching concepts' definitionStatusId property. Since there are only two values used, 900000000000074008|Primitive| and 900000000000073002|Defined| for primitive and fully defined concepts, respectively, a single SCTID is usually entered here.

ecl={eclExpression}

As ECL syntax uses special symbols, query parameters should be encoded to URL-safe characters. The examples in this section are using the cleartext form for better readability.

statedEcl={eclExpression}

semanticTag={tag1}[,{tagN}]*

Filters concepts by a comma-separated list of allowed hierarchy tags. Matching concepts can have any of the supplied tags present (at least one) on their Fully Specified Names.

term={searchTerm}

Matching concepts must have an active description whose term matches the string specified here. The search is executed in "smart match" mode; the following examples show which search expresssions match which description terms:

descriptionType={eclExpression} | {id1}[,{idN}]*

Restricts the result set by description type; matches must have at least one active description whose typeId property is included in the evaluated ECL result set or SCTID list. It is typically used in combination with term (see above) to control which type of descriptions should be matched by term.

parent={id1}[,{idN}]*
statedParent={id1}[,{idN}]*
ancestor={id1}[,{idN}]*
statedAncestor={id1}[,{idN}]*

Filters concepts by hierarchy. All four query parameters accept a comma-separated list of SCTIDs; the result set will contain direct descendants of the specified values in the case of parent and statedParent, and a transitive closure of descendants for ancestor and statedAncestor (including direct children). Parameters starting with stated... will use the stated IS A hierarchy for computations.

doi=true | false

Controls whether relevance-based sorting should take Degree of Interest (DOI for short) into account. When enabled, concepts that are used frequently in a clinical environment are favored over concepts with a lower likelihood of use.

namespace={namespaceIdentifier}
namespaceConceptId={id1}[,{idN}]*

isActiveMemberOf={eclExpression} | {id1}[,{idN}]*

This filter accepts either a single ECL expression, or a comma-separated list of reference set SCTIDs. For each matching concept at least one active reference set member must exist where the referenceComponentId points to the concept and the referenceSetId property is listed in the filter, or is a member of the evaluated ECL expression's result set.

effectiveTime={yyyyMMdd} | Unpublished

Filters concepts by effective time. The query parameter accepts a single effective time in yyyyMMdd (short) format, or the literal Unpublished when searching for concepts that have been modified since they were last published as part of a code system version.

Note that only the concept's effective time is taken into account, not any of its related core components (descriptions, relationships) or reference set members. If the concept's status, definition status or module did not change since the last release, its effective time will not change either.

When searching for Unpublished concepts, the effectiveTime property will not appear on returned concept resources, as the value is null for all unpublished components.

active=true | false

Filters concepts by status. When set to true, only active concepts are added to the resulting collection, while a value of false collects inactive concepts only. (If both active and inactive concepts should be returned, do not add this parameter to the query.)

module={eclExpression} | {id1}[,{idN}]*

Filters concepts by moduleId. The query parameter accepts either a single ECL expression, or a comma-separated list of module SCTIDs; concepts must have a moduleId property that is included in the ID list or the evaluated ECL result.

id={id1}[,{idN}]*

Filters concepts by SCTID. The parameter accepts a comma-separated list of IDs; matching concepts must have an id property that matches any of the specified identifiers.

sort: "{field}(:{asc | desc})?"(, "{field}(:{asc | desc})")*

Sorts returned concept resources based on the sort configuration given in this parameter. Field names and sort order must be separated by a colon (:) character. When no sort order is given, ascending order (asc) is assumed.

The default behavior is to sort results by id, in ascending order. SCTIDs are sorted lexicographically, not as numbers; this means that eg. 10683591000119104 will appear before 10724008, as their first two digits are the same, but the third digit is smaller in the former identifier.

limit={limit}

Controls the maximum number of items that should be returned in the collection. When not specified, the default limit is 50 items.

searchAfter={searchAfter}

Supports keyset pagination, ie. retrieving the next page of items based on the response for the current page. To use, set limit to the number of items expected on a single page, then run the first search request without setting a searchAfter key. The returned response will include the value to be inserted into the next request:

The process can be repeated until the items array turns up empty, indicating that there are no more pages to return.

expand={options}

field={field1}[,{fieldN}]*

Request headers

Accept-Language: {language-range}[;q={weight}](, {language-range}[;q={weight}])*

Find concepts (POST)

POST requests submitted to concepts/search perform the same search operation as described for the GET request above, but each query parameter is replaced by a property in the JSON request body:

Request headers

Accept-Language: {language-range}[;q={weight}](, {language-range}[;q={weight}])*

Create concept (POST)

POST requests submitted to concepts create a new concept with the specified parameters, then commit the result to the terminology repository.

The resource path typically consists of a single code system identifier for these requests, indicating that changes should go directly to the working branch of the code system, or a direct child of the working branch for isolating a set of changes that can be reviewed and merged in a single request.

The request body needs to conform to the following requirements:

include at least one Fully Specified Name (FSN)
include at least one preferred synonym (Preferred Term, PT)

The SCTID of created components can be specified in two ways:

Explicitly by setting the id property on the component object; the request fails when an existing component in the repository already has the same SCTID assigned to it;
Allowing the server to generate an identifier by leaving id unset and populating namespaceId with the expected namespace identifier, eg. "1000154". Requests using namespaceId should not fail due to an SCTID collision, as generated identifiers are checked for uniqueness.

When a namespaceId is set on the concept level, descriptions and relationships will use this value by default, so in this case neither id nor namespaceId needs to be set on them. The same holds true for moduleId – the concept's module identifier is applied to all related descriptions, relationships and reference set members in the request, unless it is set to a different value on the component object.

Please see the example below for required properties. (Note that it is non-executable in its current form, as the OWL axiom reference set member can not be created without knowing the concept's SCTID in advance.)

A successful commit will result in a 201 Created response; the response header Location can be used to extract the generated concept identifier. Validation errors in the request body cause a 400 Bad Request response.

Request headers

X-Author: {author_id}

Changes the author recorded in the commit message from the authenticated user (default) to the specified user.

Update concept (PUT)

The following properties can be updated on any component. If they are not included in the request, the corresponding component property remains unchanged.

moduleId: string
active: boolean
effectiveTime: string (in YYYYmmdd, "short" format)

Specifying an empty string for inactivationIndicatorId will remove an existing indicator, while an empty array will delete historical association reference set members for the concept. This is handled automatically when the concept is re-activated, so inactivationProperties can be omitted from such requests entirely:

Properties that can be updated on the concept itself are:

definitionStatusId: string
subclassDefinitionStatus: "DISJOINT_SUBCLASSES" | "NON_DISJOINT_SUBCLASSES"

In addition to the above, core components and reference set members related to the concept in question can be updated in a single request by including any of the following properties:

descriptions
relationships
members

If a collection resource property is not included in the update request, the corresponding component type is unchanged. An empty array attempts to delete all existing related components. Otherwise, the components included in the collection are compared by SCTID/UUID to existing components, and it is decided whether:

a new component should be created (if the identifier did not appear previously in the terminology store)
an existing component should be updated (if the identifier existed previously in the terminology store)
an existing component should be deleted (if the identifier does not exist in the request, but existed previously in the terminology store)

Successful updates return 204 No Content from the server. Updates that attempt to modify the state of a missing or deleted concept result in a 404 Not Found response.

Query parameters

force=true | false

Specifies whether updating the effective time of the concept should be allowed. The default value is false; in such cases, supplying an effective time property for the update is disallowed. The component's effective time after an update is computed automatically at all times, when the force property is set to true, this can be overridden externally.

Request headers

X-Author: {author_id}

Changes the author recorded in the commit message from the authenticated user (default) to the specified user.

Delete concept (DELETE)

DELETE requests sent to a URI where the last path parameter is an existing concept ID will remove the concept and all of its associated components (descriptions, relationships, reference set members referring to the concept) from the terminology repository.

Deletes are acknowledged with a 204 No Content response on success. Deletion can be verified by trying to retrieve concept information from the same resource path – a 404 Not Found should be returned in this case.

Note that resource branches maintain content in isolation, and so deleting a concept on eg. a task branch will not remove the concept from the code system's working branch, until work on the task branch is approved and merged into mainline.

Query parameters

force=true | false

Specifies whether deletion of the concept should be allowed, if it has components that were already part of an RF2 release (or code system version). This is indicated by the released property on each component.

The default value is false; with the option disabled, attempting to delete a released component results in a 409 Conflict response:

Only administrators should set this parameter to true. It is advised to delete redundant or erroneous components before they are put in circulation as part of a SNOMED CT RF2 release. In other cases, inactivation should be preferred over removal.

Request headers

X-Author: {author_id}

Changes the author recorded in the commit message from the authenticated user (default) to the specified user.