Skip to content

Feature/erssup 89265 #2413

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nhsd-jack-wainwright merged 1 commit into from
Aug 12, 2025
Merged

Feature/erssup 89265 #2413

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 10 additions & 3 deletions specification/components/stu3/schemas/endpoints/a013-accept-referral.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,18 @@ description: |

## Supported security patterns
- Healthcare worker, user-restricted access
- Application-restricted, unattended access

## Pre-requisites
### Healthcare worker, user-restricted access
In order to use this endpoint you must be an authenticated e-RS user and use one of the following e-RS roles:
- `SERVICE_PROVIDER_CLINICIAN`
- `SERVICE_PROVIDER_CLINICIAN_ADMIN`

### Application-restricted, unattended access
In order to use this endpoint you must be an authenticated e-RS calling application, working in the context of a Service Provider Organisation.

To access this endpoint in application-restricted, unattended mode, you will be required to submit your use case for review.

## Important notes

Expand Down Expand Up @@ -41,9 +48,9 @@ tags:
- Review referral requests
parameters:
- $ref: '../headers/request/BearerAuthorization.yaml'
- $ref: '../headers/request/OdsCode.yaml'
- $ref: '../headers/request/BusinessFunctionOBO.yaml'
- $ref: '../headers/request/OnBehalfOfUserID.yaml'
- $ref: '../headers/request/OdsCodeOnlyUserRestricted.yaml'
- $ref: '../headers/request/BusinessFunctionOnlyUserRestricted.yaml'
- $ref: '../headers/request/OnBehalfOfUserIDOnlyUserRestricted.yaml'
- $ref: '../headers/request/CorrelationID.yaml'
- $ref: '../pathParameters/Ubrn.yaml'
- $ref: '../headers/request/IfMatch.yaml'
Expand Down
9 changes: 7 additions & 2 deletions specification/e-referrals-service-api.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,15 +59,19 @@ info:

| Access mode | Authentication via | Functions | Availability |
| ----------------------------- | -------------------------- | ----------------------- | ------------------------------- |
| Application-restricted,<br/>unattended access | [[HYPERLINK_SIGNED_JWT]] | <ul><li>[[HYPERLINK_A004]]</li><li>[[HYPERLINK_A005]]</li><li>[[HYPERLINK_A006]]</li><li>[[HYPERLINK_A007]]</li><li>[[HYPERLINK_A008]]</li><li>[[HYPERLINK_A024]]</li><li>[[HYPERLINK_A025]]</li><li>[[HYPERLINK_A028]]</li><li>[[HYPERLINK_A029]]</li><li>[[HYPERLINK_A033]]</li><li>[[HYPERLINK_A035]]</li><li>[[HYPERLINK_A037]]</li><li>[[HYPERLINK_A043]]</li></ul> | [[HYPERLINK_PRODUCTION]] |
| Application-restricted,<br/>unattended access | [[HYPERLINK_SIGNED_JWT]] | <ul><li>[[HYPERLINK_A004]]</li><li>[[HYPERLINK_A005]]</li><li>[[HYPERLINK_A006]]</li><li>[[HYPERLINK_A007]]</li><li>[[HYPERLINK_A008]]</li><li>[[HYPERLINK_A013]]</li><li>[[HYPERLINK_A024]]</li><li>[[HYPERLINK_A025]]</li><li>[[HYPERLINK_A028]]</li><li>[[HYPERLINK_A029]]</li><li>[[HYPERLINK_A033]]</li><li>[[HYPERLINK_A035]]</li><li>[[HYPERLINK_A037]]</li><li>[[HYPERLINK_A043]]</li></ul> | [[HYPERLINK_PRODUCTION]] |
| Healthcare worker,<br/>user-restricted access | [[HYPERLINK_CIS_AUTH_SHORT]] | All Endpoints | [[HYPERLINK_PRODUCTION]] |

##### Application-restricted, unattended access

This access mode has been introduced to allow a Partner application which has been [registered with us](https://portal.developer.nhs.uk/create-a-developer-account) and [authenticated via signed JWT](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/application-restricted-restful-apis-signed-jwt-authentication) to interact with a subset of e-RS FHIR API endpoints in an unattended and read-only fashion.
Application-restricted, unattended access should only be used when authenticating a human user (for example via smartcard) is not possible.

Write operations are currently only supported by [[HYPERLINK_A028]] for non-clinical use cases. You will be required to submit your use case for review when using this endpoint via application-restricted, unattended access.
Write operations are currently supported for specific use cases via:
- [[HYPERLINK_A028]]
- [[HYPERLINK_A013]]

You will be required to submit your use case for review when using this endpoint via application-restricted, unattended access.

##### Healthcare worker, user-restricted access

Expand Down Expand Up @@ -122,6 +126,7 @@ info:
- [[HYPERLINK_A006]]
- [[HYPERLINK_A007]]
- [[HYPERLINK_A008]]
- [[HYPERLINK_A013]]
- [[HYPERLINK_A024]]
- [[HYPERLINK_A025]]
- [[HYPERLINK_A028]]
Expand Down