Product Backlog

This product backlog contains the features we're delivering to realise our API management vision. You can comment on features, upvote features, and suggest new features.

Smartcard authentication internet-facing

Make it possible to authenticate with a smartcard using NHS Identity on the internet i.e. without needing an HSCN connection.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 25 Nov Comments: 1

Application registration - self-service

Ability for developers to register applications on the API platform and get their credentials - self-service (although manual approval will be required for production ...
Suggested by: API Management Team (11 Jul, '20) Upvoted: 17 Aug Comments: 0

PDS FHIR API - patient access using NHS login

Allow the PDS FHIR API to be accessed by patients. This would require the citizen to have an NHS login account (so they are strongly authenticated) and allow them to ...
Suggested by: API Management Team (11 Jul, '20) Upvoted: 15 Nov Comments: 8

Authorisation - NHS Identity - separate authentication and authorisation model

Currently, the only way to complete authorisation for a user-restricted API is using "combined authentication and authorisation" - authentication with NHS Identity ...
Suggested by: API Management Team (16 Jul, '20) Upvoted: 06 May, '21 Comments: 1

Open ID Connect (OIDC) support on the OAuth server

Currently we use OAuth 2.0 to authorise external software to access APIs for healthcare workers. There is no standard way for external software to get the end user's ...
Suggested by: API Management Team (22 Jul, '20) Upvoted: 02 Sep Comments: 1

Testing - standardised patient data across APIs

When testing integration across multiple APIs, it would be really helpful to have standardised test patients (NHS numbers) across the APIs.
Suggested by: API Management Team (09 Feb, '21) Upvoted: 11 Nov Comments: 7

Onboarding - process re-engineering

Identify process pain points in the onboarding process and re-engineer the process to remove those pain points.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 22 Nov Comments: 5

Self-service signed JWT public key set up

Currently, to set up a public key for signed JWT auth, API consumers need to email API management and ask them to do it. This feature would make it self service, just ...
Suggested by: Tony Heap (15 Mar) Upvoted: yesterday Comments: 1

API platform internet-facing

Make our API platform available on the internet, rather than being only available on the HSCN network.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 20 Jan, '21 Comments: 1

Performance testing capability

Provide something to help API consumers do performance testing. This might be a hosted service or a set of ready-to-go stubs.
Suggested by: API Management Team (26 Jan, '21) Upvoted: 23 Aug Comments: 0
Under consideration make-testing-easier platform

Expose APIs as a GraphQL gateway

It would be amazing if you could query a tree of data, then have role based access control to limit what data is returned based on your identity. This means data can ...
Suggested by: Rich McIntyre (13 Aug, '20) Upvoted: 27 Sep Comments: 4
Under consideration platform

Self-service API deployments

Currently, all API deployments have to be done by the API Management central team. This change would allow API producer teams to do their own API deployments at a ...
Suggested by: Tony Heap (03 Nov, '21) Upvoted: 22 Mar Comments: 2

Non-NHS Digital API producer teams

Make the API platform available to non-NHS Digital API producer teams. It's not clear what specific use cases this might be for.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 14 Feb, '21 Comments: 6

Make swagger/OAS files available

IMHO it would be good to provide developers with open-api/swagger.json documentation to allow the generation of http restful clients using open-api tooling for the ...
Suggested by: Grahame Horner (19 Jan, '21) Upvoted: 13 Jul Comments: 3

Role based access control (RBAC) for APIs

Currently, national APIs such as PDS rely on the calling system to implement role-based access controls (RBAC). This in turn increases the assurance burden on ...
Suggested by: API Management Team (05 Aug, '20) Upvoted: 14 Sep Comments: 0

Self-service testing

Ability to access test environments without needing our help.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 16 Apr, '21 Comments: 0

APIs for the API platform itself

Provide APIs that allow API producers and/or API consumers to perform "platform" functions through an API. This might include API deployment, monitoring, analytics, ...
Suggested by: Tony Heap (10 Nov) Upvoted: 15 Nov Comments: 5

API services versus API standards

NHS Digital has two distinct categories of APIs - API services (an actual callable national service) and API standards (a specification that is intended to aid ...
Suggested by: API Management Team (16 Jul, '20) Upvoted: 22 Sep Comments: 3

Using POST instead of GET for search operations

It has been noticed that both the retrieve and search PDS FHIR APIs expect the search parameters as a query string. This means that private data like name, date of ...
Suggested by: Deepa Sobhana (11 Jan) Upvoted: 11 Jan Comments: 2

Re-usable auth components

Provide auth components that API producer teams can easily plug into their APIs.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 16 Apr, '21 Comments: 1

Training courses / hackathons

Organise formal training courses and / or hackathons for developers to learn how to use our APIs.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 24 Jun Comments: 1

Information and training videos

Videos on the developer portal explaining things like how the portal works or tutorials on how to connect to our APIs.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 14 Nov Comments: 1

API catalogue - existing APIs documented to a minimum standard

Uplift documentation for all existing APIs to a minimum standard, so that external developers can easily learn what the API does, how to use the API, how to test it, ...
Suggested by: API Management Team (11 Jul, '20) Upvoted: 13 May Comments: 1

Onboarding - digitise

Make the onboarding process more online and more self-service.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 16 Apr, '21 Comments: 3

User researcher capability

User research is really important for APIs, but API producer teams typically don't have a dedicated UR - perhaps because they don't see the value, perhaps because ...
Suggested by: Tony Heap (10 Nov, '21) Upvoted: 13 Feb Comments: 2
Under consideration make-building-apis-easier platform

My developer account - improved UX

The developer account is based on a product and has UX pain points. The scope of this feature is to refresh it and bring it more into the NHS Digital look & feel to ...
Suggested by: API Management Team (16 Jul, '20) Upvoted: 19 Nov, '20 Comments: 2

Expose a certificate renewal and download API

Every year 100s, if not 1000s of certificate renewals are performed by a human that requires too many manual steps. This is costly to the business, it is error ...
Suggested by: Bryan Madsen (22 Aug) Upvoted: 27 Sep Comments: 1

Accessibility - WCAG WAI conformance check

The site is already built largely using WCAG WAI-conformant page templates within the NHS Digital website, but to be sure we need to test conformance and fix any issues.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 13 May Comments: 1

Create a building healthcare software guide for the demographics domain

Create a non-technical guide to building software that deals with the demographics within the NHS in England.
Suggested by: SACHIN PATHAK (24 Aug) Upvoted: 11 Oct Comments: 5
Under consideration make-learning-easier platform

Capability to transform between FHIR versions

Provide a mechanism to allow (for example) a FHIR V3 resource to be converted to FHIR V4
Suggested by: Tim Coates (16 Jun, '21) Upvoted: 16 Dec, '21 Comments: 4

Move the Test Data Self Service Portal (TDSSP) to be internet-facing

Currently to generate PDS Test Data on the Test Data Self Service Portal (TDSSP) it requires a HSCN connection. It would make sense for this service to be available ...
Suggested by: Emile Axelrad from Medicus (20 May, '21) Upvoted: 20 May, '21 Comments: 2

Developer forum

Create an open forum where developers can ask questions and answers one another's questions. Curate it.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 25 Nov Comments: 2

Client libraries and reference implementations

Provide client libraries and / or reference implementations to make it easier for developers to integrate their software with our APIs.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 22 Nov, '21 Comments: 2

Change log / release notes / what's new

Add a change log to the developer hub to provide external developers with updates on (a) what's new on the API platform in general and (b) what's new for a given API. ...
Suggested by: Tony Heap (07 Dec, '21) Upvoted: 17 Jan Comments: 1
Under consideration make-building-apis-easier platform

Healthcare tech overview / beginner's guide

An overview of healthcare tech in the NHS in England, including topics like local systems, national systems, integration, APIs, privacy and security, clinical safety ...
Suggested by: Tony Heap (08 May, '21) Upvoted: 17 May, '21 Comments: 1

gRPC support

Please consider creating/supporting contract first API protocols like gRPC; gRPC is more performant over other API protocols and has a contract first approach where ...
Suggested by: Grahame Horner (22 Jan, '21) Upvoted: 05 Jan Comments: 1

API specifications - improved look & feel

The MVP API specification page has a number of UX pain points and doesn't fit the NHS Digital brand and styling. This feature is to refresh is and bring it more into ...
Suggested by: Tony Heap (16 Jul, '20) Upvoted: 17 Sep, '20 Comments: 1

Developer guide exemplar - GP software

An online guide containing best practice guidance for developing GP software, including details of how to use NHS Digital APIs for specific use cases.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 12 Feb, '21 Comments: 1

NHS number card for Apple / Android wallets

Ability to add an NHS card to your Apple or Android wallet. Which would include; name and NHS number.
Suggested by: Andrew Raynes (19 Mar) Upvoted: 14 Aug Comments: 0
Under consideration platform

OAuth support for single page apps

Some of our APIs require the end user to authenticate themselves and/or authorise their software to access them, using the OAuth 2.0 standard. OAuth 2.0 uses ...
Suggested by: API Management Team (12 Aug, '20) Upvoted: 05 Jan, '21 Comments: 0
Under consideration make-building-apis-easier platform

Status monitoring

Ability for developers to monitor the status for the platform and APIs
Suggested by: API Management Team (11 Jul, '20) Upvoted: 18 Mar Comments: 0

FHIR validation service

Provide a service for validating FHIR message payloads. Possibly, this should be part and parcel of API sandboxes (and to some extent it already is).
Suggested by: API Management Team (11 Jul, '20) Upvoted: 28 Jan Comments: 0

API service level documentation

Update our API specifications to include the service level that applies to that API. For example, is the API a "platinum" service which is supported 24x7 or is it ...
Suggested by: Tony Heap (17 Nov, '21) Upvoted: 28 Feb Comments: 1

Utilise Android OS for personal device CIS2 Authentication

Permit the functionality of iOS user/authentication for CIS2 to be extended (built out) for Android devices, negating the need for the most expensive form of mobile ...
Suggested by: Andrew Reavell (22 Jul, '21) Upvoted: 03 Oct, '21 Comments: 1
Under consideration make-building-apis-easier platform

National RBAC role selection UI

Currently, for smartcard users, the Identity Agent will ask the end user to select a role to use for the current session (using the list of nationally-defined roles ...
Suggested by: API Management Team (16 Nov, '20) Upvoted: 18 Nov, '20 Comments: 1

API producer analytics

Ability for API producer teams to see analytics on the use of their API.
Suggested by: API Management Team (31 Jul, '20) Upvoted: 29 Jan, '21 Comments: 1

Test data tool refresh / single sign-on

The test data tool is a little long in the tooth, and also requires a separate account from the developer account, which we have to set up for you (not self service). ...
Suggested by: API Management Team (11 Jul, '20) Upvoted: 28 Oct, '20 Comments: 1

API catalogue - remove obsolete API portals and specifications

Remove obsolete API portals such as those on TRUD and Health Developer Network and redirect them to the new API catalogue. Remove specifications for retired APIs.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 22 Jan, '21 Comments: 1

Online developer portal

Internet-facing web pages with single starting point and general info on getting started with NHS Digital APIs.
Suggested by: API Management Team (28 Jun, '20) Upvoted: 10 Nov Comments: 1

Facility for people interested in an API to be notified of new releases

Historically it has been difficult to stay informed of API updates, particularly if these were not on TRUD. It would help if developers could subscribe to an Api ...
Suggested by: Afzal Mufti (21 Apr, '21) Upvoted: 17 May, '21 Comments: 0