Using POST instead of GET for search operations

It has been noticed that both the retrieve and search PDS FHIR APIs expect the search parameters as a query string. This means that private data like name, date of birth, NHS number etc. should be sent in plain-text format through the URL. This URL may get logged in different components/ systems involved in this flow and will be visible to anyone having log access. The proposal is to provide a POST version of the APIs so that the details can be sent via the request body that is protected via the Transport Layer Security

Not planned api pds-fhir-api platform Suggested by: Deepa Sobhana Upvoted: 11 Jan Comments: 2

Comments: 2

Add a comment

0 / 1,000

* Your name will be publicly visible

* Your email will be visible only to moderators