NHSDigital · TOEL2 · Mar 4, 2026 · Mar 4, 2026
@@ -14,12 +14,24 @@ resource "aws_api_gateway_resource" "patient_check" {
   path_part   = "patient-check"
 }
 
+resource "aws_api_gateway_resource" "patient_check_perf" {
+  rest_api_id = module.eligibility_signposting_api_gateway.rest_api_id
+  parent_id   = aws_api_gateway_resource.patient_check.id
+  path_part   = "_perf"
+}
+
 resource "aws_api_gateway_resource" "patient" {
   rest_api_id = module.eligibility_signposting_api_gateway.rest_api_id
   parent_id   = aws_api_gateway_resource.patient_check.id
   path_part   = "{id}"
 }
 
+resource "aws_api_gateway_resource" "patient_perf" {
+  rest_api_id = module.eligibility_signposting_api_gateway.rest_api_id
+  parent_id   = aws_api_gateway_resource.patient_check_perf.id
+  path_part   = "{id}"
+}
+
 resource "aws_api_gateway_resource" "patient_check_status" {
   rest_api_id = module.eligibility_signposting_api_gateway.rest_api_id
   parent_id   = aws_api_gateway_resource.patient_check.id
@@ -34,7 +46,8 @@ resource "aws_api_gateway_deployment" "eligibility_signposting_api" {
   triggers = {
     redeployment = sha1(jsonencode([
       aws_api_gateway_integration.get_patient_check.id,
-      aws_api_gateway_integration.get_patient_check_status.id
+      aws_api_gateway_integration.get_patient_check_status.id,
+      aws_api_gateway_integration.get_patient_check_perf.id
     ]))
   }
 

@@ -38,6 +38,40 @@
   ]
 }
 
+resource "aws_api_gateway_method" "get_patient_check_perf" {
+  #checkov:skip=CKV_AWS_59: API is secured via Apigee proxy with mTLS, API keys are not used
+  rest_api_id      = module.eligibility_signposting_api_gateway.rest_api_id
+  resource_id      = aws_api_gateway_resource.patient_perf.id
+  http_method      = "GET"
+  authorization    = "NONE"
+  api_key_required = false
+
+  request_validator_id = aws_api_gateway_request_validator.patient_check_validator.id
+
+  request_parameters = {
+    "method.request.path.id" = true
+  }
+
+  depends_on = [
+    aws_api_gateway_resource.patient_check_perf,
+    aws_api_gateway_resource.patient_perf,
+    aws_api_gateway_resource.patient_check,
+  ]
+}
+
+resource "aws_api_gateway_integration" "get_patient_check_perf" {
+  rest_api_id             = module.eligibility_signposting_api_gateway.rest_api_id
+  resource_id             = aws_api_gateway_resource.patient_perf.id
+  http_method             = aws_api_gateway_method.get_patient_check_perf.http_method
+  integration_http_method = "POST"
+  type                    = "AWS_PROXY"
+  uri                     = module.eligibility_signposting_lambda_function.aws_lambda_invoke_arn
+
+  depends_on = [
+    aws_api_gateway_method.get_patient_check_perf
+  ]
+}
+
 resource "aws_api_gateway_method" "get_patient_check_status" {
   #checkov:skip=CKV_AWS_59: API is secured via Apigee proxy with mTLS, API keys are not used
   #checkov:skip=CKV2_AWS_53: No request parameters to validate for static healthcheck endpoint

@@ -6,6 +6,7 @@
 from typing import Any
 
 from flask import Blueprint, make_response, request
+from aws_xray_sdk.core import xray_recorder
 from flask.typing import ResponseReturnValue
 from wireup import Injected
 
@@ -45,10 +46,15 @@ def api_status() -> ResponseReturnValue:
 
 @eligibility_blueprint.get("/", defaults={"nhs_number": ""})
 @eligibility_blueprint.get("/<nhs_number>")
+@eligibility_blueprint.get("/_perf/<nhs_number>")
 @validate_request_params()
 def check_eligibility(
     nhs_number: NHSNumber, eligibility_service: Injected[EligibilityService], audit_service: Injected[AuditService]
 ) -> ResponseReturnValue:
+
+    if request.path.startswith(f"/{URL_PREFIX}/_perf"):
+        xray_recorder.put_annotation("perf_test", True)
+
     logger.info("checking nhs_number %r in %r", nhs_number, eligibility_service, extra={"nhs_number": nhs_number})
 
     query_params = _get_or_default_query_params()