Product Backlog

This product backlog contains the features we're delivering to realise our API management vision. You can comment on features, upvote features, and suggest new features.

PDS FHIR API - application-restricted / smartcardless access

Enhance the PDS FHIR API so it can be accessed without an authenticated end user present (i.e. without the need for a smartcard) - similar to the way PDS Spine Mini ...
Suggested by: API Management Team (11 Jul, '20) Upvoted: 22 Nov Comments: 12

Smartcard authentication internet-facing

Make it possible to authenticate with a smartcard using NHS Identity on the internet i.e. without needing an HSCN connection.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 02 Dec Comments: 2

Authorisation - NHS Identity - separate authentication and authorisation model

Currently, the only way to complete authorisation for a user-restricted API is using "combined authentication and authorisation" - authentication with NHS Identity ...
Suggested by: API Management Team (16 Jul, '20) Upvoted: 06 May, '21 Comments: 1

Open ID Connect (OIDC) support on the OAuth server

Currently we use OAuth 2.0 to authorise external software to access APIs for healthcare workers. There is no standard way for external software to get the end user's ...
Suggested by: API Management Team (22 Jul, '20) Upvoted: 02 Sep Comments: 1

API platform internet-facing

Make our API platform available on the internet, rather than being only available on the HSCN network.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 20 Jan, '21 Comments: 1

Make swagger/OAS files available

IMHO it would be good to provide developers with open-api/swagger.json documentation to allow the generation of http restful clients using open-api tooling for the ...
Suggested by: Grahame Horner (19 Jan, '21) Upvoted: 13 Jul Comments: 3

Role based access control (RBAC) for APIs

Currently, national APIs such as PDS rely on the calling system to implement role-based access controls (RBAC). This in turn increases the assurance burden on ...
Suggested by: API Management Team (05 Aug, '20) Upvoted: 14 Sep Comments: 0

APIs for the API platform itself

Provide APIs that allow API producers and/or API consumers to perform "platform" functions through an API. This might include API deployment, monitoring, analytics, ...
Suggested by: Tony Heap (10 Nov) Upvoted: 15 Nov Comments: 5

Exemplar API - PDS FHIR API - search & retrieve - production

Make the PDS FHIR API available for production use, including the onboarding process.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 16 Oct, '21 Comments: 1

Exemplar API - PDS FHIR API - authentication for healthcare professionals using NHS Identity

Allow the PDS FHIR API to be accessed by healthcare professionals by authenticating with NHS Identity - using a smartcard or more modern alternative.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 19 Feb, '21 Comments: 0

Client libraries and reference implementations

Provide client libraries and / or reference implementations to make it easier for developers to integrate their software with our APIs.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 22 Nov, '21 Comments: 2

gRPC support

Please consider creating/supporting contract first API protocols like gRPC; gRPC is more performant over other API protocols and has a contract first approach where ...
Suggested by: Grahame Horner (22 Jan, '21) Upvoted: 05 Jan Comments: 1

National RBAC role selection UI

Currently, for smartcard users, the Identity Agent will ask the end user to select a role to use for the current session (using the list of nationally-defined roles ...
Suggested by: API Management Team (16 Nov, '20) Upvoted: 18 Nov, '20 Comments: 1

API design guide and process for API producer teams

A design guide for our API producer teams, backed up by a design review process, that will help ensure consistency across APIs.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 11 Jul, '20 Comments: 1

Exemplar API - PDS FHIR API - search & retrieve - sandbox

Build a callable sandbox for the PDS FHIR API search & retrieve endpoints.
Suggested by: API Management Team (11 Jul, '20) Upvoted: 11 Jul, '20 Comments: 1

FHIR policy update

Our FHIR policy hasn't been looked at in a while. The scope of this feature is to revisit it and refresh it, maybe adding further details.
Suggested by: API Management Team (12 Jan, '21) Upvoted: 12 Jan, '21 Comments: 0

Exemplar API - PDS FHIR API - FHIR conformance

Make the PDS FHIR API a FHIR-conformant API
Suggested by: API Management Team (11 Jul, '20) Upvoted: 11 Jul, '20 Comments: 0

Exemplar API - PDS FHIR API - REST conformance

Make the PDS FHIR API a REST conformant API
Suggested by: API Management Team (11 Jul, '20) Upvoted: 11 Jul, '20 Comments: 0