# HL7 Version 2 Service

The HL7 Version 2 Service configuration panel is used to enable or disable the sending and receiving of [HL7 Version 2.x](/developers/service-apis/hl7v2.md) messages.

![](/files/lreeTQ8MYdTpMsNalMFr)

<table><thead><tr><th width="216.2676612932232">Setting</th><th width="269.5026452105254">Description</th><th>Example</th></tr></thead><tbody><tr><td>Local Domain</td><td>The local assigning authority for the HL7 Version 2.x receiver. Whenever SanteDB encounters an identifier in this domain, it will assume the CX.1 refers to the UUID / key of the object. </td><td>See: <a href="/pages/-MfxojWUG-yhYeytFB9y#internal-local-authority">SanteDB HL7v2 Implementation</a></td></tr><tr><td>Authentication Mode</td><td>Identifies the method of authenticating HL7 requests. </td><td>See: <a href="/pages/-MjFyhdF6tzwQAFgMig1">SanteDB HL7v2 Authentication </a>notes.</td></tr><tr><td>No Auth Secret</td><td>When not requiring application authentication, all values in the MSH-3 must be registered as a security application with this secret. This is the shared secret which the HL7 authentication layer uses to establish an application identity.</td><td><code>Fluffy_Penguins2</code></td></tr><tr><td>HL7 Services</td><td>Configuration for endpoints, messages, and trigger events for HL7 Services.</td><td>See: <a href="#hl7-service-endpoints">Service Endpoints</a></td></tr><tr><td>Receiving Facility ID</td><td>The UUID of the local receiving facility for HL7v2 messages. The facility information is loaded from the primary data store based on this UUID and used to populate MSH-4 and MSH-5.</td><td>UUID</td></tr><tr><td>SSN Authority</td><td>The identity domain configuration for PID-19 (SSN). If using this field outside of the United States, this is the identity domain information for that field. </td><td>See: <a href="/pages/-MfxojWUG-yhYeytFB9y#pid-19-social-security-resolution">SanteDB HL7v2 Implementation</a> notes.</td></tr><tr><td>Birthplace Types</td><td>A list of valid <code>ClassConcept</code> UUIDs which are used to resolve the PID birthplace. In HL7v2 birthplace is a plain string. This string is used to search for <code>Place</code> for a concrete birthplace relationship.</td><td>UUID</td></tr><tr><td>Identifier Replacement</td><td>When set to <code>AnyInDomain</code> , any attempt to update a patient identifier will remove the existing identifier for that patient in the domain and replace it with the provided value. This has the effect of only allowing one identifier per identity domain from a single sender.</td><td><code>AnyInDomain</code></td></tr><tr><td>Strict Metadata</td><td>When set to TRUE any metadata in any field sent SanteDB must exactly match (place, organizations, etc.) must be matched exactly using the identifier in the XON rather than names.</td><td><code>True</code> (recommended)</td></tr><tr><td>Require Application Authentication</td><td>When true, all HL7 messages must be authenticated as Application + Device identity. When false, a Device Identity is used and the Application authentication comes from the <code>No Auth Secret</code> is used with MSH-3 to authenticate an application identity.</td><td><code>True</code> (recommended)</td></tr><tr><td>Strict CX4</td><td>When true resolution of CX.4 based on MSH values will be disabled and all senders MUST send CX4.1 or CX4.3</td><td></td></tr></tbody></table>

## HL7 Service Endpoints

The HL7 Services configuration property allows administrators to edit one or more IP/Endpoints which can receive HL7v2 messages.

![](/files/zVX9zYfC8O5EyLJIMLcN)

<table><thead><tr><th width="216.2676612932232">Setting</th><th width="269.5026452105254">Description</th><th>Examples</th></tr></thead><tbody><tr><td>Endpoint</td><td>The IP / port to listen for inbound messages for the services. 0.0.0.0 binds the endpoint to all IP addresses, 127.0.0.1 binds to localhost. </td><td><p>Unencrypted Localhost:</p><p><code>llp://127.0.0.1:2100</code></p><p>Encrypted Public:</p><p><code>sllp://0.0.0.0:2200</code></p></td></tr><tr><td>Messages</td><td>Messages (message types and trigger events) which can be processed on this endpoint.</td><td>See: <a href="#messaging-events">Messaging Events</a></td></tr><tr><td>Name</td><td>The name of the endpoint which is shown in logs.</td><td><code>My HL7 Endpoint</code></td></tr><tr><td>Receive Timeout</td><td>The number of milliseconds that the receiving endpoint will hold the connection open before forcably closing it.</td><td><code>20000</code> (20 seconds)</td></tr><tr><td>Transport Option</td><td>When the endpoint uses <code>sllp://</code> as the endpoint binding, the transport binding options.</td><td>See: <a href="#secure-endpoints">Secure Endpoints</a></td></tr></tbody></table>

### Secure Endpoints

When `sllp://` is used as the transport for the HL7 endpoint, the security settings for the endpoint.

![](/files/1MFYAyeMBwpgzhb7EgYs)

<table><thead><tr><th width="216.2676612932232">Setting</th><th width="269.5026452105254">Description</th><th>Examples</th></tr></thead><tbody><tr><td>Check CRL</td><td>When true, the endpoint will attempt to check the Certificate Revocation List.</td><td><p><code>False</code> - For faster performance</p><p><code>True</code> - For more secure transactions</p></td></tr><tr><td>Enable Client Cert Negotiation</td><td>When true, the HL7 endpoint will challenge clients to provide a client certificate.</td><td><code>True</code></td></tr><tr><td>Client CA Certificate</td><td>The root certificate or intermediary certificate where client certificates must be bound to. The certificate chain will be validated against the this CA.</td><td>See: <a href="/pages/Tfnr4N9AjSapiOgSEsQH#certificate-binding">Security Certificate</a></td></tr><tr><td>Server Certificate</td><td>The certificate which the SanteDB iCDR will provide to clients which authenticates the server to clients. This certificate is also used to encrypt traffic with the client.</td><td>See: <a href="/pages/Tfnr4N9AjSapiOgSEsQH#certificate-binding">Security Certificate</a></td></tr></tbody></table>

### Messaging Events

Each HL7 endpoint can support multiple message / trigger events. The messages property of the endpoint specifies which message handlers can be used for which trigger events on the specified endpoint.

![](/files/FEhxVk7Wa84SN20WkNtZ)

<table><thead><tr><th width="216.2676612932232">Setting</th><th width="269.5026452105254">Description</th><th>Examples</th></tr></thead><tbody><tr><td>Message Handler</td><td>The implementation of the message handler which should be used to process messages which have any of the events listed in the events property.</td><td><img src="/files/p7sQ1XUfId9fpw1APMkg" alt=""></td></tr><tr><td>Events</td><td>The trigger events which should be forwarded to the selected message handler.</td><td><code>ADT^A01</code></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.santesuite.org/operations/server-administration/configuration-tool/messaging-settings/hl7-version-2-service.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.