Bahmni ABDM proxy to Simulate HRP


Bahmni ABDM Proxy simulates HRP (Health Repository Providers) in order to allow sharing ABDM secrets across multiple single tenant bahmni instances running as HIU/HIP.

  1. Individual Bahmni instances (as HIU/HIP) continues to directly call the ABDM gateway using shared secrets

  2. ABDM Gateway responds back onto the ABDM Proxy callback endpoint (common accross all Bahmni HIP/HIU instances).

  3. ABDM Proxy maintains knowledge (map) about HIU/HIP (key) and their corresponding instance url. It extracts the HIU/HIP ID from the request callback header (e.g. X-HIU-ID) and derive the delegate url

  4. It would then forward the request to the delegate url (with headers as-is) in order to have it handled by the designated HIP/HIU instance.


The assumption is that all the Bahmni instances are running within the same Kubernetes cluster (any of the 3 approaches depicted in this document). Also Hosted Zone for target domain (e.g. is already setup along with completing this infra setup.


🔘 Create A record for ABDM Proxy

This A record is to have a unique subdomain for ABDM proxy e.g. Follow this guide for CLI or this for Console (choose Alias to network load-balancer and then select the configured elb from target aws region).


🔘 Apply ABDM proxy ingress in default namespace

Start by forking this repo - change the host in ingress.yaml to the alias that was setup in earlier setup e.g. Apply the configuration in default namespace

Install kubectl CLI and ensure you have the appropirate aws privilege set on your terminal session before running below commands

kubectl apply -f ingress.yaml


🔘 Configure HIU and HIP services on ABDM Gateway

Register individual HIP/HIU as service on the gateway using the shared abdm client secrets


curl --location --request PUT '' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer ENTER_THE_TOKEN' \ --data-raw '{"id":"alpha","name":"Alpha","type":"HIU","active":true,"alias":["Alpha"]}'


curl --location --request PUT '' \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer ENTER_THE_TOKEN' \ --data-raw '{"id":"omega","name":"Omega","type":"HIP","active":true,"alias":["Omega"]}'

Configure the HIU ID and HIP ID registered with the gateway in the values.yaml of umbrella chart and follow this guide to provision the cluster.


🔘 Configure HIU and HIP instance url on Bahmni ABDM Proxy

Bahmni ABDM proxy uses Nginx + NJS to manage the HIU/HIP map and perform the delegation. Change the deligateRepository in njs.ts to represent the bahmni cluster with various instances of bahmni as HIU/HIP. In below example alpha and omega are 2 bahmni instances running as HIP/HIP in different namespace within the same EKS cluster having their own A record defined.

const deligateRepository: { [key: string]: string } = { alpha: '', omega: '', };

alpha and omega are the same id’s that was configured as service on gateway in earlier step

  • Build the project using yarn build

  • Create and publish docker Image: docker build -t yourDockerHubRepo/abdm-callback-proxy . && docker push yourDockerHubRepo/abdm-callback-proxy. It would also require a docker login to target dockerhub account before pushing the image.

Setup a new dockerhub repo to maintain the abdm-callback-proxy image versions prior to building and publishing


🔘 Apply abdm proxy service in default namespace

Replace spec.containers.image in abdm-callback.proxy.yaml with your Dockerhub repo name (instead of bahmniindiadistro/). Apply the abdm-callback-proxy service in default namesapce

kubectl apply -f abdm-callback.proxy.yaml

To apply newer version of latest abdm-callback-proxy image on the cluser, use kubectl rollout restart deployment abdm-callback-proxy


The Bahmni documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)