The FHIR standards sets out a set of standard HTTP operations an implementor can expose on their FHR server to allow others to use the resources. This includes the usual “create, read, update and delete” operations and sets out specific rules on how those should be exposed through standard HTTP verbs on specific paths.
The standard also provides a set of standard search parameters that should be used to search for resources. To search for a patient ID would always look like [BaseURL]/Patient. The standard also provides a range of other mechanisms for more complex to search for a patient by ID would always look like [BaseURL]/Patient?identifier=12345.
The standard also provides a range of other mechanisms for more complex searches or to retrieve groups of related resources in the response returned. Any system would choose how much of this they implement and declare in a capability statement which is also published on their FHIR server.
The FHIR standard provides a mechanism for defining your own custom operations “operation definition”.
This allows a more remote procedure call style of API to be defined. Customising operations can be used along with standard operations. However, customising the operation may limit the flexibility of what the consumer can do with your APIs as they will only be able to use them for the specific operations you have already defined and so may not be suitable for everything.
There are also some complementary standards such as SMART-on-FHIR which show how to use FHIR with OAuth to secure an API.
We are working with INTEROPen to agree a set of NHS England wide care connect profiles to give us a level of consistency in how these resources are represented across FHIR implementations in England.