2 posts tagged with "route"

To ensure high quality of the apps on the App Hub, we have made updates to the App Hub security guidelines for apps that communicate with external services. Apps that connect to external APIs must no longer handle third-party credentials in browser-accessible storage for direct client-side use. Instead, external-service communication should be performed through DHIS2 Routes so that credentials and upstream authentication live on the server side, and access can be controlled through DHIS2 authorization and sharing.

This change is reflected in the updated App Hub Submission Guidelines. The use of hard-coded secrets is discouraged, and server-side synchronization processes are strongly recommended rather than browser-based ones.

We recommend that all app maintainers implement these new security updates by mid-June 2026 (ahead of the DHIS2 Annual Conference). After the annual conference, the DHIS2 Extensibility Team will review all of the apps on the App Hub, and remove all apps that do not follow the updated security guidelines. To help with the migration, we have included an example of the old pattern and how it can be updated using routes.

The DHIS2 core team recently collaborated with MOSIP, HISP Sri Lanka, and Symbionix on an interesting demo of an ID provider integration with DHIS2 that we're excited to share. MOSIP develops open-source ID provider services, a valuable part of digital public infrastructure, and the intention of this project is to show an integration between MOSIP and DHIS2, where both patients and health care providers can verify their identity with a common ID provider service. This demo integration also incorporates a shared electronic health registry (EHR), and demonstrates how using the EHR and a common ID provider across different digital health services can promote continuity of data across the health sector.