Product Backlog
This product backlog contains the features we're delivering to realise our API management vision. You can comment on features, upvote features, and suggest new features. If your suggestion relates to our e-Referral service then please complete this form instead. To view e-Referral service requests, see here.
Smartcard authentication internet-facing
Make it possible to authenticate with a smartcard using NHS Identity on the internet i.e. without needing an HSCN connection.
Application registration - self-service
Ability for developers to register applications on the API platform and get their credentials - self-service (although manual approval will be required for production ...
PDS FHIR API - patient access using NHS login
Allow the PDS FHIR API to be accessed by patients. This would require the citizen to have an NHS login account (so they are strongly authenticated) and allow them to ...
Authorisation - NHS Identity - separate authentication and authorisation model
Currently, the only way to complete authorisation for a user-restricted API is using "combined authentication and authorisation" - authentication with NHS Identity ...
Open ID Connect (OIDC) support on the OAuth server
Currently we use OAuth 2.0 to authorise external software to access APIs for healthcare workers. There is no standard way for external software to get the end user's ...
Testing - standardised patient data across APIs
When testing integration across multiple APIs, it would be really helpful to have standardised test patients (NHS numbers) across the APIs.
Onboarding - process re-engineering
Identify process pain points in the onboarding process and re-engineer the process to remove those pain points.
Self-service signed JWT public key set up
Currently, to set up a public key for signed JWT auth, API consumers need to email API management and ask them to do it. This feature would make it self service, just ...
API platform internet-facing
Make our API platform available on the internet, rather than being only available on the HSCN network.
Performance testing capability
Provide something to help API consumers do performance testing. This might be a hosted service or a set of ready-to-go stubs.
Create a building healthcare software guide for the demographics domain
Create a non-technical guide to building software that deals with the demographics within the NHS in England.
Expose APIs as a GraphQL gateway
It would be amazing if you could query a tree of data, then have role based access control to limit what data is returned based on your identity. This means data can ...
Self-service API deployments
Currently, all API deployments have to be done by the API Management central team. This change would allow API producer teams to do their own API deployments at a ...
Self-service testing
Ability to access test environments without needing our help.
Non-NHS Digital API producer teams
Make the API platform available to non-NHS Digital API producer teams. It's not clear what specific use cases this might be for.
Make swagger/OAS files available
IMHO it would be good to provide developers with open-api/swagger.json documentation to allow the generation of http restful clients using open-api tooling for the ...
Training courses / hackathons
Organise formal training courses and / or hackathons for developers to learn how to use our APIs.
Role based access control (RBAC) for APIs
Currently, national APIs such as PDS rely on the calling system to implement role-based access controls (RBAC). This in turn increases the assurance burden on ...
APIs for the API platform itself
Provide APIs that allow API producers and/or API consumers to perform "platform" functions through an API. This might include API deployment, monitoring, analytics, ...
API services versus API standards
NHS Digital has two distinct categories of APIs - API services (an actual callable national service) and API standards (a specification that is intended to aid ...
Using POST instead of GET for search operations
It has been noticed that both the retrieve and search PDS FHIR APIs expect the search parameters as a query string. This means that private data like name, date of ...
Information and training videos
Videos on the developer portal explaining things like how the portal works or tutorials on how to connect to our APIs.
API catalogue - existing APIs documented to a minimum standard
Uplift documentation for all existing APIs to a minimum standard, so that external developers can easily learn what the API does, how to use the API, how to test it, ...
Expose a certificate renewal and download API
Every year 100s, if not 1000s of certificate renewals are performed by a human that requires too many manual steps.
This is costly to the business, it is error ...
Re-usable auth components
Provide auth components that API producer teams can easily plug into their APIs.
Create a building healthcare software guide for patient-facing applications
Create a non-technical guide to building software that deals with patient-facing applications within the NHS in England.
My developer account - improved UX
The developer account is based on a product and has UX pain points. The scope of this feature is to refresh it and bring it more into the NHS Digital look & feel to ...
Onboarding - digitise
Make the onboarding process more online and more self-service.
Create a building healthcare software guide for the workforce domain
Create a non-technical guide to building software that deals with the workforce within the NHS in England.
This might include roster management and more general ...
User researcher capability
User research is really important for APIs, but API producer teams typically don't have a dedicated UR - perhaps because they don't see the value, perhaps because ...
Client libraries and reference implementations
Provide client libraries and / or reference implementations to make it easier for developers to integrate their software with our APIs.
Accessibility - WCAG WAI conformance check
The site is already built largely using WCAG WAI-conformant page templates within the NHS Digital website, but to be sure we need to test conformance and fix any issues.
Create a building healthcare software guide for the vaccinations domain
Create a non-technical guide to building software that deals with vaccinations within the NHS in England.
Capability to transform between FHIR versions
Provide a mechanism to allow (for example) a FHIR V3 resource to be converted to FHIR V4
Change log / release notes / what's new
Add a change log to the developer hub to provide external developers with updates on (a) what's new on the API platform in general and (b) what's new for a given API. ...
Move the Test Data Self Service Portal (TDSSP) to be internet-facing
Currently to generate PDS Test Data on the Test Data Self Service Portal (TDSSP) it requires a HSCN connection. It would make sense for this service to be available ...
Developer forum
Create an open forum where developers can ask questions and answers one another's questions. Curate it.
Healthcare tech overview / beginner's guide
An overview of healthcare tech in the NHS in England, including topics like local systems, national systems, integration, APIs, privacy and security, clinical safety ...
gRPC support
Please consider creating/supporting contract first API protocols like gRPC; gRPC is more performant over other API protocols and has a contract first approach where ...
API specifications - improved look & feel
The MVP API specification page has a number of UX pain points and doesn't fit the NHS Digital brand and styling. This feature is to refresh is and bring it more into ...
Developer guide exemplar - GP software
An online guide containing best practice guidance for developing GP software, including details of how to use NHS Digital APIs for specific use cases.
NHS number card for Apple / Android wallets
Ability to add an NHS card to your Apple or Android wallet. Which would include; name and NHS number.
OAuth support for single page apps
Some of our APIs require the end user to authenticate themselves and/or authorise their software to access them, using the OAuth 2.0 standard. OAuth 2.0 uses ...
Status monitoring
Ability for developers to monitor the status for the platform and APIs
FHIR validation service
Provide a service for validating FHIR message payloads. Possibly, this should be part and parcel of API sandboxes (and to some extent it already is).
API service level documentation
Update our API specifications to include the service level that applies to that API. For example, is the API a "platinum" service which is supported 24x7 or is it ...
Utilise Android OS for personal device CIS2 Authentication
Permit the functionality of iOS user/authentication for CIS2 to be extended (built out) for Android devices, negating the need for the most expensive form of mobile ...
Facility for people interested in an API to be notified of new releases
Historically it has been difficult to stay informed of API updates, particularly if these were not on TRUD.
It would help if developers could subscribe to an Api ...
Add usage patterns to API-M website
I think it would be useful to add the usage pattern to entries in the API catalogue pages - "open access", "application restricted" and "user restricted" as a ...
API finder / wizard
An addition to the API catalogue that allows you to find the API you need based on the user case you're trying to achieve. For example, you might type "search for a ...