Product Backlog
This product backlog contains the features we're delivering to realise our API management vision. You can comment on features, upvote features, and suggest new features.
If your suggestion relates to our e-Referral service then please complete this form instead. To view e-Referral service requests, see here.
Smartcard authentication internet-facing
Make it possible to authenticate with a smartcard using NHS Identity on the internet i.e. without needing an HSCN connection.
PDS FHIR API - application-restricted / smartcardless access
Enhance the PDS FHIR API so it can be accessed without an authenticated end user present (i.e. without the need for a smartcard) - similar to the way PDS Spine Mini ...
Open ID Connect (OIDC) support on the OAuth server
Currently we use OAuth 2.0 to authorise external software to access APIs for healthcare workers. There is no standard way for external software to get the end user's ...
Authorisation - NHS Identity - separate authentication and authorisation model
Currently, the only way to complete authorisation for a user-restricted API is using "combined authentication and authorisation" - authentication with NHS Identity ...
API platform internet-facing
Make our API platform available on the internet, rather than being only available on the HSCN network.
Client libraries and reference implementations
Provide client libraries and / or reference implementations to make it easier for developers to integrate their software with our APIs.
Role based access control (RBAC) for APIs
Currently, national APIs such as PDS rely on the calling system to implement role-based access controls (RBAC). This in turn increases the assurance burden on ...
Make swagger/OAS files available
IMHO it would be good to provide developers with open-api/swagger.json documentation to allow the generation of http restful clients using open-api tooling for the ...
APIs for the API platform itself
Provide APIs that allow API producers and/or API consumers to perform "platform" functions through an API. This might include API deployment, monitoring, analytics, ...
Exemplar API - PDS FHIR API - search & retrieve - production
Make the PDS FHIR API available for production use, including the onboarding process.
Exemplar API - PDS FHIR API - authentication for healthcare professionals using NHS Identity
Allow the PDS FHIR API to be accessed by healthcare professionals by authenticating with NHS Identity - using a smartcard or more modern alternative.
gRPC support
Please consider creating/supporting contract first API protocols like gRPC; gRPC is more performant over other API protocols and has a contract first approach where ...
National RBAC role selection UI
Currently, for smartcard users, the Identity Agent will ask the end user to select a role to use for the current session (using the list of nationally-defined roles ...
API design guide and process for API producer teams
A design guide for our API producer teams, backed up by a design review process, that will help ensure consistency across APIs.
Exemplar API - PDS FHIR API - search & retrieve - sandbox
Build a callable sandbox for the PDS FHIR API search & retrieve endpoints.
FHIR policy update
Our FHIR policy hasn't been looked at in a while. The scope of this feature is to revisit it and refresh it, maybe adding further details.
Exemplar API - PDS FHIR API - FHIR conformance
Make the PDS FHIR API a FHIR-conformant API
Exemplar API - PDS FHIR API - REST conformance
Make the PDS FHIR API a REST conformant API