Research: DataRiver Signals Facade (MuleSoft)
| Field | Value |
|---|---|
| Type | Research |
| Status | Active |
| Author | xRED Dev Team |
| Created | 2026-04-08 |
| Source | signals-python-sdk OpenAPI spec (v2.6.3), lem-signals-platform |
| Related ADR | ADR-005 |
| Related Research | Signals Python SDK, LEM Platform Requirements, Signals REST API |
1. What Is the DataRiver Signals Facade?
DataRiver is a Roche integration group that builds and operates API facades on MuleSoft’s Anypoint platform for the Signals ELN. The facade is the mandatory gateway through which all programmatic API communication to Signals should be routed (ADR-005).
The primary API is dia-rnd-experiments-exp (Experiments API, currently v2.6.3).
2. Available Operations (22 use cases)
Experiments
| Method | Path | Operation |
|---|---|---|
| GET | / | Health check |
| GET | /experiments?name= | Get experiment by name |
| POST | /experiments | Create experiment from template |
| GET | /experiments/{eid} | Get experiment by eid |
| GET | /experiments/{eid}/details | Get detailed experiment data with tables |
| POST | /experiments/{eid}/close | Close experiment without signing |
| POST | /experiments/basicSearch | Basic search (sorted by modified date desc) |
| POST | /experiments/search | Full search (returns experiments with tables) |
| GET | /experiments/templates/{templateId} | Get template details |
| GET | /experiments/worksheets/{worksheetId} | Get worksheet data |
Files (Attachments)
| Method | Path | Operation |
|---|---|---|
| GET | /files?eid= | List experiment attachments |
| POST | /files | Upload/attach file (base64) |
| GET | /files/{eid} | Download attachment |
Tables (v2)
| Method | Path | Operation |
|---|---|---|
| GET | /tables/templates/{eid} | Get table template definition |
| POST | /tables | Create table from template |
| GET | /tables/{eid}/rows | Get table rows |
| POST | /tables/{eid}/rows | Add row |
| PATCH | /tables/{eid}/rows/{rowId} | Update row |
| DELETE | /tables/{eid}/rows/{rowId} | Delete row |
| GET | /tables/batch/rows | Batch get rows |
Metadata (External File Links)
| Method | Path | Operation |
|---|---|---|
| GET | /metadata | Get table content by template name |
| POST | /metadata | Add file link to experiment table |
| PATCH | /metadata/{rowId} | Update file link row |
| DELETE | /metadata/{rowId} | Delete file link row |
Templates
| Method | Path | Operation |
|---|---|---|
| GET | /templates | Search templates by keyword/type |
3. What Is NOT in the Facade
The facade covers a subset of the native Signals REST API. Notable gaps:
| Missing Capability | Native Signals Endpoint | Impact |
|---|---|---|
| Experiment signing | Various signing endpoints | Cannot sign experiments programmatically |
| Property updates | PUT /entities/{eid}/properties | Cannot update experiment metadata fields |
| User/group management | /users, /groups (SCIM 2.0) | Cannot manage users programmatically |
| Notifications | /notifications | Cannot subscribe to push/pull events |
| Experiment creation without template | POST /entities | Must always use a template |
| Entity search (full) | POST /entities/search | Facade search is limited to experiments |
| Bulk operations | Various | Only tables/batch/rows exists |
| External Actions config | Admin API | Not exposed |
| Sample management | /samples | Not exposed |
| Inventory operations | Various | Not exposed |
For operations not covered by the facade, the LEM API Proxy (Route 2 in ADR-005) provides direct Signals API access — but requires LEM approval.
4. Environments
| Environment | MuleSoft URL |
|---|---|
| DEV | https://dev-de-c1.apis.roche.com:443/dia-rnd-experiments-exp-dev/v2 |
| STAGE | https://stage-de-c1.apis.roche.com:443/dia-rnd-experiments-exp-stage/v2 |
| PROD | https://prod-de-c1.apis.roche.com:443/dia-rnd-experiments-exp/v2 |
See Signals Python SDK — AutoLab environment mapping for the full AutoLab-to-Signals mapping.
5. Authentication
Dual-layer authentication:
| Layer | Mechanism | Purpose |
|---|---|---|
| MuleSoft | Client ID + Secret in Authorization: Basic header + client certificate | Identifies the consuming application |
| Signals | User Bearer Token in ?token= query parameter | Establishes user identity for audit trail |
The MuleSoft client credentials and certificate are typically stored in AutoLab’s Vault (for AAB consumers) or in the consuming application’s secret store.
6. Rate Limits and SLA
| Metric | Value |
|---|---|
| MuleSoft facade rate limit | 300 calls per hour |
| Signals tenant rate limit | 1,000 calls per minute (shared across all consumers) |
| Availability | 98% |
| Disaster Recovery RTO | < 4 hours |
| Disaster Recovery RPO | < 4 hours |
The 300 calls/hour MuleSoft limit is per client application. The 1,000 calls/min is tenant-wide across all consumers (xRED, ORCA, LEM, etc.).
7. API Contract Requirements
There is no single formal API contract template. Instead, the LEM team requires a combination of artifacts before granting access to the DataRiver facade:
Integration Design Questionnaire
Must be completed before implementation begins. Covers three views:
User view: Personas, user journeys, expected daily/peak user counts, success metrics.
System view: All systems involved, integration ports (APIs, message streams), how ports are secured, protocols, network accessibility (RCN only?), user context handling, key limits, test scenarios.
Data view: Data objects involved, expected flows with provider/consumer/direction, flow type (sync/async/batch), frequency, connection method, source of truth per field, data governance, data classification (C1-C4).
See LEM Platform Requirements — Integration Design Questionnaire for the full questionnaire.
Delivery Checklist (mandatory for all integration types)
12 deliverables required before go-live — documented requirements, test report, verification procedure, ops plan, TOP, SRA, credential management, change management. See LEM Platform Requirements — Delivery Checklist.
OpenAPI Specification
The ORCA architecture repo (code.roche.com/orca/architecture, /api-contracts/)
contains example API contracts in OpenAPI 3.x format:
arvados-lookup-contract.json— source lookup table APIhistlims-api-contract.json— HITSLIMS project lookupsignals-reference-presenter-service.yaml— Signals references API
These serve as templates for what an API contract looks like:
- Info block with title, description, contact
- Functional and non-functional requirements in the description
- Path definitions with typed parameters
- Response schemas with all fields
- Standard HTTP error responses (400, 403, 404, 500, 503)
- Security scheme (SSL client cert + client ID/secret or
Ms-Client-Idheader)
Interface Summary Table (part of the SAD)
For each integration, the SAD must include an Interface Summary Table:
| Field | Description |
|---|---|
| Consumer application | Which system consumes the interface |
| Producer application | Which system provides the interface |
| Producer interface type | REST, HTTP, gRPC, etc. |
| Integration approach | Middleware used (MuleSoft, Gravitee, etc.) |
| Information entities | What data objects are exchanged |
| Message volume | Expected calls per hour/day |
| Message size | Average payload size |
8. Onboarding Process for Facade Access
- Fill out the Integration Design Questionnaire (user/system/data views)
- Joint assessment with LEM team on integration design and ownership
- Engage DataRiver — mandatory for public APIs or multi-system orchestration
- Client ID registration on the Signals tenant for your application
- MuleSoft application creation — via Proxify tool or DataRiver team
- Security setup — SSL client certificates, Basic Auth, or OAuth2 client credentials
- Fulfill the Delivery Checklist before go-live
- Deployment — requires approvals from Service Owner, Application Support Manager, and Validation Lead (up to 6 working days for non-dev environments)
Requesting new facade operations
From the LEM offerings document:
If there are identified gaps in the current DataRiver Signals API offering, the LEM team may, on a case-by-case basis, onboard developers for direct exploration of the native Signals API on a DEV environment. The purpose is to identify necessary endpoints and propose additions to the DataRiver offering.
DataRiver involvement is mandatory for integration use cases involving orchestration of more than two systems, or if the integration is intended to be a reusable public API within the SnR domain.
9. Future Vision
The lem-signals-platform documentation describes a planned expansion beyond the current
experiments-only facade:
- Cache layer — reduce load on Signals for frequently accessed data
- Data lake — store Signals data for analytics and reporting
- Event streams — publish Signals events for downstream consumers
- SQL API — query Signals data via SQL interface
- Exporter — bulk data export capabilities
This would significantly expand the DataRiver offering from a simple API proxy to a full data platform around Signals.
10. Relevance to xRED ELN
What xRED can do today through the facade
- Create experiments from templates
- Attach files to experiments
- Read/write table rows
- Search experiments
- Close experiments (without signing)
What xRED cannot do through the facade
- Sign experiments programmatically
- Update experiment metadata properties directly
- Manage users or groups
- Subscribe to notifications/events
- Perform bulk operations beyond table batch reads
Key constraint: 300 calls/hour
The MuleSoft rate limit of 300 calls/hour is very restrictive for interactive applications. A scientist actively working in an External Action that reads and writes back to Signals could exhaust this budget quickly. This reinforces the need for caching (ADR-009).