Product Backlog

This product backlog contains the features we're delivering to realise our API management vision. You can comment on features, upvote features, and suggest new features. If your suggestion relates to our e-Referral service then please complete this form instead. To view e-Referral service requests, see here.

Smartcard authentication internet-facing

Make it possible to authenticate with a smartcard using NHS Identity on the internet i.e. without needing an HSCN connection.
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 08 May Comments: 2

Application registration - self-service

Ability for developers to register applications on the API platform and get their credentials - self-service (although manual approval will be required for production ...
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 26 Apr Comments: 0

PDS FHIR API - patient access using NHS login

Allow the PDS FHIR API to be accessed by patients. This would require the citizen to have an NHS login account (so they are strongly authenticated) and allow them to ...
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 08 Feb Comments: 8

Performance testing capability

Provide something to help API consumers do performance testing. This might be a hosted service or a set of ready-to-go stubs.
Suggested by: Tony Heap (26 Jan, '21) Upvoted: 30 Apr Comments: 0

Self-service signed JWT public key set up

Currently, to set up a public key for signed JWT auth, API consumers need to email API management and ask them to do it. This feature would make it self service, just ...
Suggested by: Tony Heap (15 Mar, '22) Upvoted: 06 Dec, '23 Comments: 2

Create a building healthcare software guide for the demographics domain

Create a non-technical guide to building software that deals with the demographics within the NHS in England.
Suggested by: Mick (24 Aug, '22) Upvoted: 21 Mar Comments: 5

Open ID Connect (OIDC) support on the OAuth server

Currently we use OAuth 2.0 to authorise external software to access APIs for healthcare workers. There is no standard way for external software to get the end user's ...
Suggested by: Tony Heap (22 Jul, '20) Upvoted: 14 Dec, '23 Comments: 1

Authorisation - NHS Identity - separate authentication and authorisation model

Currently, the only way to complete authorisation for a user-restricted API is using "combined authentication and authorisation" - authentication with NHS Identity ...
Suggested by: Tony Heap (16 Jul, '20) Upvoted: 06 May, '21 Comments: 1

Testing - standardised patient data across APIs

When testing integration across multiple APIs, it would be really helpful to have standardised test patients (NHS numbers) across the APIs.
Suggested by: Tony Heap (09 Feb, '21) Upvoted: 06 Dec, '23 Comments: 7

Onboarding - process re-engineering

Identify process pain points in the onboarding process and re-engineer the process to remove those pain points.
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 22 Nov, '22 Comments: 5

API platform internet-facing

Make our API platform available on the internet, rather than being only available on the HSCN network.
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 17 May, '23 Comments: 3

Create a building healthcare software guide for patient-facing applications

Create a non-technical guide to building software that deals with patient-facing applications within the NHS in England.
Suggested by: Mick Schonhut (05 Dec, '22) Upvoted: 30 Jan Comments: 1

Training courses / hackathons

Organise formal training courses and / or hackathons for developers to learn how to use our APIs.
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 04 Apr Comments: 1

Create a building healthcare software guide for the workforce domain

Create a non-technical guide to building software that deals with the workforce within the NHS in England. This might include roster management and more general ...
Suggested by: Mick Schonhut (01 Dec, '22) Upvoted: 12 May Comments: 4

Expose APIs as a GraphQL gateway

It would be amazing if you could query a tree of data, then have role based access control to limit what data is returned based on your identity. This means data can ...
Suggested by: Rich McIntyre (13 Aug, '20) Upvoted: 27 Sep, '22 Comments: 4
Under consideration platform platform-phase-3

Self-service API deployments

Currently, all API deployments have to be done by the API Management central team. This change would allow API producer teams to do their own API deployments at a ...
Suggested by: Tony Heap (03 Nov, '21) Upvoted: 22 Mar, '22 Comments: 3

Self-service testing

Ability to access test environments without needing our help.
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 09 Jan, '23 Comments: 1

Non-NHS Digital API producer teams

Make the API platform available to non-NHS Digital API producer teams. It's not clear what specific use cases this might be for.
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 14 Feb, '21 Comments: 6

Client libraries and reference implementations

Provide client libraries and / or reference implementations to make it easier for developers to integrate their software with our APIs.
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 16 Mar Comments: 2

Accessibility - WCAG WAI conformance check

The site is already built largely using WCAG WAI-conformant page templates within the NHS Digital website, but to be sure we need to test conformance and fix any issues.
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 17 May, '23 Comments: 1

Role based access control (RBAC) for APIs

Currently, national APIs such as PDS rely on the calling system to implement role-based access controls (RBAC). This in turn increases the assurance burden on ...
Suggested by: Tony Heap (05 Aug, '20) Upvoted: 10 May, '23 Comments: 0

Make swagger/OAS files available

IMHO it would be good to provide developers with open-api/swagger.json documentation to allow the generation of http restful clients using open-api tooling for the ...
Suggested by: Grahame Horner (19 Jan, '21) Upvoted: 23 Oct, '23 Comments: 3

Expose a certificate renewal and download API

Every year 100s, if not 1000s of certificate renewals are performed by a human that requires too many manual steps. This is costly to the business, it is error ...
Suggested by: Bryan Madsen (22 Aug, '22) Upvoted: 22 Jan Comments: 1

APIs for the API platform itself

Provide APIs that allow API producers and/or API consumers to perform "platform" functions through an API. This might include API deployment, monitoring, analytics, ...
Suggested by: Tony Heap (10 Nov, '22) Upvoted: 15 Nov, '22 Comments: 5

API services versus API standards

NHS Digital has two distinct categories of APIs - API services (an actual callable national service) and API standards (a specification that is intended to aid ...
Suggested by: Tony Heap (16 Jul, '20) Upvoted: 22 Sep, '22 Comments: 3

Using POST instead of GET for search operations

It has been noticed that both the retrieve and search PDS FHIR APIs expect the search parameters as a query string. This means that private data like name, date of ...
Suggested by: Deepa Sobhana (11 Jan, '22) Upvoted: 11 Jan, '22 Comments: 2

Information and training videos

Videos on the developer portal explaining things like how the portal works or tutorials on how to connect to our APIs.
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 14 Nov, '22 Comments: 2

API catalogue - existing APIs documented to a minimum standard

Uplift documentation for all existing APIs to a minimum standard, so that external developers can easily learn what the API does, how to use the API, how to test it, ...
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 13 May, '22 Comments: 2

Re-usable auth components

Provide auth components that API producer teams can easily plug into their APIs.
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 16 Apr, '21 Comments: 1

Create a building healthcare software guide for the vaccinations domain

Create a non-technical guide to building software that deals with vaccinations within the NHS in England.
Suggested by: Mick Schonhut (01 Dec, '22) Upvoted: 01 Feb Comments: 0

NHS number card for Apple / Android wallets

Ability to add an NHS card to your Apple or Android wallet. Which would include; name and NHS number.
Suggested by: Andrew Raynes (19 Mar, '22) Upvoted: yesterday Comments: 0
Under consideration platform platform-phase-3

My developer account - improved UX

The developer account is based on a product and has UX pain points. The scope of this feature is to refresh it and bring it more into the NHS Digital look & feel to ...
Suggested by: Tony Heap (16 Jul, '20) Upvoted: 19 Nov, '20 Comments: 4

Onboarding - digitise

Make the onboarding process more online and more self-service.
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 16 Apr, '21 Comments: 3

User researcher capability

User research is really important for APIs, but API producer teams typically don't have a dedicated UR - perhaps because they don't see the value, perhaps because ...
Suggested by: Tony Heap (10 Nov, '21) Upvoted: 13 Feb, '22 Comments: 2

Healthcare tech overview / beginner's guide

An overview of healthcare tech in the NHS in England, including topics like local systems, national systems, integration, APIs, privacy and security, clinical safety ...
Suggested by: Tony Heap (08 May, '21) Upvoted: 17 May, '23 Comments: 1

Capability to transform between FHIR versions

Provide a mechanism to allow (for example) a FHIR V3 resource to be converted to FHIR V4
Suggested by: Tim Coates (16 Jun, '21) Upvoted: 16 Dec, '21 Comments: 4

Change log / release notes / what's new

Add a change log to the developer hub to provide external developers with updates on (a) what's new on the API platform in general and (b) what's new for a given API. ...
Suggested by: Tony Heap (07 Dec, '21) Upvoted: 17 Jan, '22 Comments: 2

Move the Test Data Self Service Portal (TDSSP) to be internet-facing

Currently to generate PDS Test Data on the Test Data Self Service Portal (TDSSP) it requires a HSCN connection. It would make sense for this service to be available ...
Suggested by: Emile Axelrad from Medicus (20 May, '21) Upvoted: 20 May, '21 Comments: 2

Developer forum

Create an open forum where developers can ask questions and answers one another's questions. Curate it.
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 25 Nov, '22 Comments: 2

gRPC support

Please consider creating/supporting contract first API protocols like gRPC; gRPC is more performant over other API protocols and has a contract first approach where ...
Suggested by: Grahame Horner (22 Jan, '21) Upvoted: 05 Jan, '22 Comments: 1

API specifications - improved look & feel

The MVP API specification page has a number of UX pain points and doesn't fit the NHS Digital brand and styling. This feature is to refresh is and bring it more into ...
Suggested by: Tony Heap (16 Jul, '20) Upvoted: 17 Sep, '20 Comments: 1

Developer guide exemplar - GP software

An online guide containing best practice guidance for developing GP software, including details of how to use NHS Digital APIs for specific use cases.
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 12 Feb, '21 Comments: 1

OAuth support for single page apps

Some of our APIs require the end user to authenticate themselves and/or authorise their software to access them, using the OAuth 2.0 standard. OAuth 2.0 uses ...
Suggested by: Tony Heap (12 Aug, '20) Upvoted: 05 Jan, '21 Comments: 0

Status monitoring

Ability for developers to monitor the status for the platform and APIs
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 18 Mar, '22 Comments: 0

FHIR validation service

Provide a service for validating FHIR message payloads. Possibly, this should be part and parcel of API sandboxes (and to some extent it already is).
Suggested by: Tony Heap (11 Jul, '20) Upvoted: 28 Jan, '22 Comments: 0

Facility for people interested in an API to be notified of new releases

Historically it has been difficult to stay informed of API updates, particularly if these were not on TRUD. It would help if developers could subscribe to an Api ...
Suggested by: Afzal Mufti (21 Apr, '21) Upvoted: 17 May, '21 Comments: 2

User interface (UI) integrations in the API catalogue

We have some integrations that really aren't APIs - such as the NHS.UK widgets and NCRS integration - they are integrated in the UI layer. We should include them in ...
Suggested by: Tony Heap (12 Jan) Upvoted: 26 Apr Comments: 1

API service level documentation

Update our API specifications to include the service level that applies to that API. For example, is the API a "platinum" service which is supported 24x7 or is it ...
Suggested by: Tony Heap (17 Nov, '21) Upvoted: 28 Feb, '22 Comments: 1

Utilise Android OS for personal device CIS2 Authentication

Permit the functionality of iOS user/authentication for CIS2 to be extended (built out) for Android devices, negating the need for the most expensive form of mobile ...
Suggested by: Andrew Reavell (22 Jul, '21) Upvoted: 03 Oct, '21 Comments: 1

Add usage patterns to API-M website

I think it would be useful to add the usage pattern to entries in the API catalogue pages - "open access", "application restricted" and "user restricted" as a ...
Suggested by: Danny Ruttle (31 Mar, '21) Upvoted: 17 May, '21 Comments: 1