Product Backlog

This product backlog contains the features we're delivering to realise our API management vision. You can comment on features, upvote features, and suggest new features. If your suggestion relates to our e-Referral service then please complete this form instead. To view e-Referral service requests, see here.

Smartcard authentication internet-facing

Make it possible to authenticate with a smartcard using NHS Identity on the internet i.e. without needing an HSCN connection.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 22 Sep Comments: 2

Application registration - self-service

Ability for developers to register applications on the API platform and get their credentials - self-service (although manual approval will be required for production ...
Suggested by: API Management Team (11 Jul, '20) Upvoted: 15 Aug Comments: 0

PDS FHIR API - patient access using NHS login

Allow the PDS FHIR API to be accessed by patients. This would require the citizen to have an NHS login account (so they are strongly authenticated) and allow them to ...
Suggested by: API Management Team (11 Jul, '20) Upvoted: 17 May Comments: 8

Self-service signed JWT public key set up

Currently, to set up a public key for signed JWT auth, API consumers need to email API management and ask them to do it. This feature would make it self service, just ...
Suggested by: Tony Heap (15 Mar, '22) Upvoted: 12 Sep Comments: 2

Authorisation - NHS Identity - separate authentication and authorisation model

Currently, the only way to complete authorisation for a user-restricted API is using "combined authentication and authorisation" - authentication with NHS Identity ...
Suggested by: API Management Team (16 Jul, '20) Upvoted: 06 May, '21 Comments: 1

Open ID Connect (OIDC) support on the OAuth server

Currently we use OAuth 2.0 to authorise external software to access APIs for healthcare workers. There is no standard way for external software to get the end user's ...
Suggested by: API Management Team (22 Jul, '20) Upvoted: 02 Sep, '22 Comments: 1

Testing - standardised patient data across APIs

When testing integration across multiple APIs, it would be really helpful to have standardised test patients (NHS numbers) across the APIs.
Suggested by: API Management Team (09 Feb, '21) Upvoted: 11 Nov, '22 Comments: 7

Onboarding - process re-engineering

Identify process pain points in the onboarding process and re-engineer the process to remove those pain points.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 22 Nov, '22 Comments: 5

API platform internet-facing

Make our API platform available on the internet, rather than being only available on the HSCN network.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 17 May Comments: 3

Create a building healthcare software guide for the demographics domain

Create a non-technical guide to building software that deals with the demographics within the NHS in England.
Suggested by: SACHIN PATHAK (24 Aug, '22) Upvoted: 07 Jun Comments: 5

Performance testing capability

Provide something to help API consumers do performance testing. This might be a hosted service or a set of ready-to-go stubs.
Suggested by: API Management Team (26 Jan, '21) Upvoted: 23 Aug, '22 Comments: 0

Expose APIs as a GraphQL gateway

It would be amazing if you could query a tree of data, then have role based access control to limit what data is returned based on your identity. This means data can ...
Suggested by: Rich McIntyre (13 Aug, '20) Upvoted: 27 Sep, '22 Comments: 4
Under consideration platform platform-phase-3

Self-service API deployments

Currently, all API deployments have to be done by the API Management central team. This change would allow API producer teams to do their own API deployments at a ...
Suggested by: Tony Heap (03 Nov, '21) Upvoted: 22 Mar, '22 Comments: 3

Create a building healthcare software guide for patient-facing applications

Create a non-technical guide to building software that deals with patient-facing applications within the NHS in England.
Suggested by: Mick (05 Dec, '22) Upvoted: 12 Sep Comments: 1

Self-service testing

Ability to access test environments without needing our help.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 09 Jan Comments: 1

Training courses / hackathons

Organise formal training courses and / or hackathons for developers to learn how to use our APIs.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 24 Apr Comments: 1

Non-NHS Digital API producer teams

Make the API platform available to non-NHS Digital API producer teams. It's not clear what specific use cases this might be for.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 14 Feb, '21 Comments: 6

Accessibility - WCAG WAI conformance check

The site is already built largely using WCAG WAI-conformant page templates within the NHS Digital website, but to be sure we need to test conformance and fix any issues.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 17 May Comments: 1

Role based access control (RBAC) for APIs

Currently, national APIs such as PDS rely on the calling system to implement role-based access controls (RBAC). This in turn increases the assurance burden on ...
Suggested by: API Management Team (05 Aug, '20) Upvoted: 10 May Comments: 0

Make swagger/OAS files available

IMHO it would be good to provide developers with open-api/swagger.json documentation to allow the generation of http restful clients using open-api tooling for the ...
Suggested by: Grahame Horner (19 Jan, '21) Upvoted: 13 Jul, '22 Comments: 3

APIs for the API platform itself

Provide APIs that allow API producers and/or API consumers to perform "platform" functions through an API. This might include API deployment, monitoring, analytics, ...
Suggested by: Tony Heap (10 Nov, '22) Upvoted: 15 Nov, '22 Comments: 5

API services versus API standards

NHS Digital has two distinct categories of APIs - API services (an actual callable national service) and API standards (a specification that is intended to aid ...
Suggested by: API Management Team (16 Jul, '20) Upvoted: 22 Sep, '22 Comments: 3

Create a building healthcare software guide for the workforce domain

Create a non-technical guide to building software that deals with the workforce within the NHS in England. This might include roster management and more general ...
Suggested by: Mick (01 Dec, '22) Upvoted: 17 May Comments: 2

Using POST instead of GET for search operations

It has been noticed that both the retrieve and search PDS FHIR APIs expect the search parameters as a query string. This means that private data like name, date of ...
Suggested by: Deepa Sobhana (11 Jan, '22) Upvoted: 11 Jan, '22 Comments: 2

Information and training videos

Videos on the developer portal explaining things like how the portal works or tutorials on how to connect to our APIs.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 14 Nov, '22 Comments: 2

API catalogue - existing APIs documented to a minimum standard

Uplift documentation for all existing APIs to a minimum standard, so that external developers can easily learn what the API does, how to use the API, how to test it, ...
Suggested by: API Management Team (11 Jul, '20) Upvoted: 13 May, '22 Comments: 2

Expose a certificate renewal and download API

Every year 100s, if not 1000s of certificate renewals are performed by a human that requires too many manual steps. This is costly to the business, it is error ...
Suggested by: Bryan Madsen (22 Aug, '22) Upvoted: 30 Dec, '22 Comments: 1

Re-usable auth components

Provide auth components that API producer teams can easily plug into their APIs.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 16 Apr, '21 Comments: 1

My developer account - improved UX

The developer account is based on a product and has UX pain points. The scope of this feature is to refresh it and bring it more into the NHS Digital look & feel to ...
Suggested by: API Management Team (16 Jul, '20) Upvoted: 19 Nov, '20 Comments: 3

Onboarding - digitise

Make the onboarding process more online and more self-service.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 16 Apr, '21 Comments: 3

User researcher capability

User research is really important for APIs, but API producer teams typically don't have a dedicated UR - perhaps because they don't see the value, perhaps because ...
Suggested by: Tony Heap (10 Nov, '21) Upvoted: 13 Feb, '22 Comments: 2

Client libraries and reference implementations

Provide client libraries and / or reference implementations to make it easier for developers to integrate their software with our APIs.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 05 Feb Comments: 2

Healthcare tech overview / beginner's guide

An overview of healthcare tech in the NHS in England, including topics like local systems, national systems, integration, APIs, privacy and security, clinical safety ...
Suggested by: Tony Heap (08 May, '21) Upvoted: 17 May Comments: 1

Create a building healthcare software guide for the vaccinations domain

Create a non-technical guide to building software that deals with vaccinations within the NHS in England.
Suggested by: Mick (01 Dec, '22) Upvoted: 08 Jan Comments: 0

Capability to transform between FHIR versions

Provide a mechanism to allow (for example) a FHIR V3 resource to be converted to FHIR V4
Suggested by: Tim Coates (16 Jun, '21) Upvoted: 16 Dec, '21 Comments: 4

Change log / release notes / what's new

Add a change log to the developer hub to provide external developers with updates on (a) what's new on the API platform in general and (b) what's new for a given API. ...
Suggested by: Tony Heap (07 Dec, '21) Upvoted: 17 Jan, '22 Comments: 2

Move the Test Data Self Service Portal (TDSSP) to be internet-facing

Currently to generate PDS Test Data on the Test Data Self Service Portal (TDSSP) it requires a HSCN connection. It would make sense for this service to be available ...
Suggested by: Emile Axelrad from Medicus (20 May, '21) Upvoted: 20 May, '21 Comments: 2

Developer forum

Create an open forum where developers can ask questions and answers one another's questions. Curate it.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 25 Nov, '22 Comments: 2

gRPC support

Please consider creating/supporting contract first API protocols like gRPC; gRPC is more performant over other API protocols and has a contract first approach where ...
Suggested by: Grahame Horner (22 Jan, '21) Upvoted: 05 Jan, '22 Comments: 1

API specifications - improved look & feel

The MVP API specification page has a number of UX pain points and doesn't fit the NHS Digital brand and styling. This feature is to refresh is and bring it more into ...
Suggested by: Tony Heap (16 Jul, '20) Upvoted: 17 Sep, '20 Comments: 1

Developer guide exemplar - GP software

An online guide containing best practice guidance for developing GP software, including details of how to use NHS Digital APIs for specific use cases.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 12 Feb, '21 Comments: 1

NHS number card for Apple / Android wallets

Ability to add an NHS card to your Apple or Android wallet. Which would include; name and NHS number.
Suggested by: Andrew Raynes (19 Mar, '22) Upvoted: 14 Aug, '22 Comments: 0
Under consideration platform platform-phase-3

OAuth support for single page apps

Some of our APIs require the end user to authenticate themselves and/or authorise their software to access them, using the OAuth 2.0 standard. OAuth 2.0 uses ...
Suggested by: API Management Team (12 Aug, '20) Upvoted: 05 Jan, '21 Comments: 0

Status monitoring

Ability for developers to monitor the status for the platform and APIs
Suggested by: API Management Team (11 Jul, '20) Upvoted: 18 Mar, '22 Comments: 0

FHIR validation service

Provide a service for validating FHIR message payloads. Possibly, this should be part and parcel of API sandboxes (and to some extent it already is).
Suggested by: API Management Team (11 Jul, '20) Upvoted: 28 Jan, '22 Comments: 0

API service level documentation

Update our API specifications to include the service level that applies to that API. For example, is the API a "platinum" service which is supported 24x7 or is it ...
Suggested by: Tony Heap (17 Nov, '21) Upvoted: 28 Feb, '22 Comments: 1

Utilise Android OS for personal device CIS2 Authentication

Permit the functionality of iOS user/authentication for CIS2 to be extended (built out) for Android devices, negating the need for the most expensive form of mobile ...
Suggested by: Andrew Reavell (22 Jul, '21) Upvoted: 03 Oct, '21 Comments: 1

Facility for people interested in an API to be notified of new releases

Historically it has been difficult to stay informed of API updates, particularly if these were not on TRUD. It would help if developers could subscribe to an Api ...
Suggested by: Afzal Mufti (21 Apr, '21) Upvoted: 17 May, '21 Comments: 1

Add usage patterns to API-M website

I think it would be useful to add the usage pattern to entries in the API catalogue pages - "open access", "application restricted" and "user restricted" as a ...
Suggested by: Danny Ruttle (31 Mar, '21) Upvoted: 17 May, '21 Comments: 1

API finder / wizard

An addition to the API catalogue that allows you to find the API you need based on the user case you're trying to achieve. For example, you might type "search for a ...
Suggested by: API Management Team (12 Mar, '21) Upvoted: 15 Mar, '21 Comments: 1