diff --git a/specification/components/stu3/schemas/endpoints/a013-accept-referral.yaml b/specification/components/stu3/schemas/endpoints/a013-accept-referral.yaml index 074909dca..aa508169d 100644 --- a/specification/components/stu3/schemas/endpoints/a013-accept-referral.yaml +++ b/specification/components/stu3/schemas/endpoints/a013-accept-referral.yaml @@ -6,11 +6,18 @@ description: | ## Supported security patterns - Healthcare worker, user-restricted access + - Application-restricted, unattended access ## Pre-requisites + ### Healthcare worker, user-restricted access In order to use this endpoint you must be an authenticated e-RS user and use one of the following e-RS roles: - `SERVICE_PROVIDER_CLINICIAN` - `SERVICE_PROVIDER_CLINICIAN_ADMIN` + + ### Application-restricted, unattended access + In order to use this endpoint you must be an authenticated e-RS calling application, working in the context of a Service Provider Organisation. + + To access this endpoint in application-restricted, unattended mode, you will be required to submit your use case for review. ## Important notes @@ -41,9 +48,9 @@ tags: - Review referral requests parameters: - $ref: '../headers/request/BearerAuthorization.yaml' - - $ref: '../headers/request/OdsCode.yaml' - - $ref: '../headers/request/BusinessFunctionOBO.yaml' - - $ref: '../headers/request/OnBehalfOfUserID.yaml' + - $ref: '../headers/request/OdsCodeOnlyUserRestricted.yaml' + - $ref: '../headers/request/BusinessFunctionOnlyUserRestricted.yaml' + - $ref: '../headers/request/OnBehalfOfUserIDOnlyUserRestricted.yaml' - $ref: '../headers/request/CorrelationID.yaml' - $ref: '../pathParameters/Ubrn.yaml' - $ref: '../headers/request/IfMatch.yaml' diff --git a/specification/e-referrals-service-api.yaml b/specification/e-referrals-service-api.yaml index 2e7976c37..b439f9010 100644 --- a/specification/e-referrals-service-api.yaml +++ b/specification/e-referrals-service-api.yaml @@ -59,7 +59,7 @@ info: | Access mode | Authentication via | Functions | Availability | | ----------------------------- | -------------------------- | ----------------------- | ------------------------------- | - | Application-restricted,
unattended access | [[HYPERLINK_SIGNED_JWT]] | | [[HYPERLINK_PRODUCTION]] | + | Application-restricted,
unattended access | [[HYPERLINK_SIGNED_JWT]] | | [[HYPERLINK_PRODUCTION]] | | Healthcare worker,
user-restricted access | [[HYPERLINK_CIS_AUTH_SHORT]] | All Endpoints | [[HYPERLINK_PRODUCTION]] | ##### Application-restricted, unattended access @@ -67,7 +67,11 @@ info: This access mode has been introduced to allow a Partner application which has been [registered with us](https://portal.developer.nhs.uk/create-a-developer-account) and [authenticated via signed JWT](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/application-restricted-restful-apis-signed-jwt-authentication) to interact with a subset of e-RS FHIR API endpoints in an unattended and read-only fashion. Application-restricted, unattended access should only be used when authenticating a human user (for example via smartcard) is not possible. - Write operations are currently only supported by [[HYPERLINK_A028]] for non-clinical use cases. You will be required to submit your use case for review when using this endpoint via application-restricted, unattended access. + Write operations are currently supported for specific use cases via: + - [[HYPERLINK_A028]] + - [[HYPERLINK_A013]] + + You will be required to submit your use case for review when using this endpoint via application-restricted, unattended access. ##### Healthcare worker, user-restricted access @@ -122,6 +126,7 @@ info: - [[HYPERLINK_A006]] - [[HYPERLINK_A007]] - [[HYPERLINK_A008]] + - [[HYPERLINK_A013]] - [[HYPERLINK_A024]] - [[HYPERLINK_A025]] - [[HYPERLINK_A028]]