Product Backlog

Make it possible to authenticate with a smartcard using NHS Identity on the internet i.e. without needing an HSCN connection.

Ability for developers to register applications on the API platform and get their credentials - self-service (although manual approval will be required for production ...

Allow the PDS FHIR API to be accessed by patients. This would require the citizen to have an NHS login account (so they are strongly authenticated) and allow them to ...

Currently, the only way to complete authorisation for a user-restricted API is using "combined authentication and authorisation" - authentication with NHS Identity ...

Currently we use OAuth 2.0 to authorise external software to access APIs for healthcare workers. There is no standard way for external software to get the end user's ...

When testing integration across multiple APIs, it would be really helpful to have standardised test patients (NHS numbers) across the APIs.

Identify process pain points in the onboarding process and re-engineer the process to remove those pain points.

Currently, to set up a public key for signed JWT auth, API consumers need to email API management and ask them to do it. This feature would make it self service, just ...

Make our API platform available on the internet, rather than being only available on the HSCN network.

Provide something to help API consumers do performance testing. This might be a hosted service or a set of ready-to-go stubs.

It would be amazing if you could query a tree of data, then have role based access control to limit what data is returned based on your identity. This means data can ...

Currently, all API deployments have to be done by the API Management central team. This change would allow API producer teams to do their own API deployments at a ...

Make the API platform available to non-NHS Digital API producer teams. It's not clear what specific use cases this might be for.

IMHO it would be good to provide developers with open-api/swagger.json documentation to allow the generation of http restful clients using open-api tooling for the ...

Currently, national APIs such as PDS rely on the calling system to implement role-based access controls (RBAC). This in turn increases the assurance burden on ...

Ability to access test environments without needing our help.

Provide APIs that allow API producers and/or API consumers to perform "platform" functions through an API. This might include API deployment, monitoring, analytics, ...

NHS Digital has two distinct categories of APIs - API services (an actual callable national service) and API standards (a specification that is intended to aid ...

It has been noticed that both the retrieve and search PDS FHIR APIs expect the search parameters as a query string. This means that private data like name, date of ...

Provide auth components that API producer teams can easily plug into their APIs.

Organise formal training courses and / or hackathons for developers to learn how to use our APIs.

Videos on the developer portal explaining things like how the portal works or tutorials on how to connect to our APIs.

Uplift documentation for all existing APIs to a minimum standard, so that external developers can easily learn what the API does, how to use the API, how to test it, ...

Make the onboarding process more online and more self-service.

User research is really important for APIs, but API producer teams typically don't have a dedicated UR - perhaps because they don't see the value, perhaps because ...

The developer account is based on a product and has UX pain points. The scope of this feature is to refresh it and bring it more into the NHS Digital look & feel to ...

Every year 100s, if not 1000s of certificate renewals are performed by a human that requires too many manual steps. This is costly to the business, it is error ...

The site is already built largely using WCAG WAI-conformant page templates within the NHS Digital website, but to be sure we need to test conformance and fix any issues.

Create a non-technical guide to building software that deals with the demographics within the NHS in England.

Provide a mechanism to allow (for example) a FHIR V3 resource to be converted to FHIR V4

Currently to generate PDS Test Data on the Test Data Self Service Portal (TDSSP) it requires a HSCN connection. It would make sense for this service to be available ...

Create an open forum where developers can ask questions and answers one another's questions. Curate it.

Provide client libraries and / or reference implementations to make it easier for developers to integrate their software with our APIs.

Add a change log to the developer hub to provide external developers with updates on (a) what's new on the API platform in general and (b) what's new for a given API. ...

An overview of healthcare tech in the NHS in England, including topics like local systems, national systems, integration, APIs, privacy and security, clinical safety ...

Please consider creating/supporting contract first API protocols like gRPC; gRPC is more performant over other API protocols and has a contract first approach where ...

The MVP API specification page has a number of UX pain points and doesn't fit the NHS Digital brand and styling. This feature is to refresh is and bring it more into ...

An online guide containing best practice guidance for developing GP software, including details of how to use NHS Digital APIs for specific use cases.

Ability to add an NHS card to your Apple or Android wallet. Which would include; name and NHS number.

Some of our APIs require the end user to authenticate themselves and/or authorise their software to access them, using the OAuth 2.0 standard. OAuth 2.0 uses ...

Ability for developers to monitor the status for the platform and APIs

Provide a service for validating FHIR message payloads. Possibly, this should be part and parcel of API sandboxes (and to some extent it already is).

Update our API specifications to include the service level that applies to that API. For example, is the API a "platinum" service which is supported 24x7 or is it ...

Permit the functionality of iOS user/authentication for CIS2 to be extended (built out) for Android devices, negating the need for the most expensive form of mobile ...

Currently, for smartcard users, the Identity Agent will ask the end user to select a role to use for the current session (using the list of nationally-defined roles ...

Ability for API producer teams to see analytics on the use of their API.

The test data tool is a little long in the tooth, and also requires a separate account from the developer account, which we have to set up for you (not self service). ...

Remove obsolete API portals such as those on TRUD and Health Developer Network and redirect them to the new API catalogue. Remove specifications for retired APIs.

Internet-facing web pages with single starting point and general info on getting started with NHS Digital APIs.

Historically it has been difficult to stay informed of API updates, particularly if these were not on TRUD. It would help if developers could subscribe to an Api ...