Using POST instead of GET for search operations

5 votes

It has been noticed that both the retrieve and search PDS FHIR APIs expect the search parameters as a query string. This means that private data like name, date of birth, NHS number etc. should be sent in plain-text format through the URL. This URL may get logged in different components/ systems involved in this flow and will be visible to anyone having log access. The proposal is to provide a POST version of the APIs so that the details can be sent via the request body that is protected via the Transport Layer Security

Not planned api make-building-apis-easier pds-fhir-api platform Suggested by: Deepa Sobhana Upvoted: 11 Jan, '22 Comments: 2

Comments: 2