An overview of the security requirements for FHIR API calls into Spine.

Headers

This page collates and summarises http headers to be included with http requests and responses submitted.
Headers listed are cumulative.

Requests

All requests

  • Authorization: Bearer [jwt_token_string]
  • FromASID: [clientASID]
  • ToASID: [serverASID]
  • InteractionID: [serviceName]

InteractionID varies by resource and interaction undertaken.
FromASID and ToASID headers, and Accredited System IDs are specified in the Spine Core FHIR API Framework

Create requests

  • Prefer: return=representation

Update requests

  • If-Match: [versionIdETag]
  • Prefer: return=representation

Responses

All Read & failure responses

  • Date: [servedNowDate]
  • Content-type: application/fhir+json or application/fhir+xml

All successful Create responses

  • Date: [servedNowDate]
  • Last-Modified: [lastModDate]
  • Location: https://clinicals.spineservices.nhs.uk/STU3/[type]/[id]/_history/[vid]
  • ETag: W/”[versionId]”
  • Content-type: application/fhir+json or application/fhir+xml

All successful Update responses

  • Date: [servedNowDate]
  • Last-Modified: [lastModDate]
  • ETag: W/”[versionId]”
  • Content-type: application/fhir+json or application/fhir+xml

InteractionID

Interaction Resource InteractionID
Read Consent urn:nhs:names:services:raflags:Consent.read:1
Flag urn:nhs:names:services:raflags:Flag.read:1
Condition urn:nhs:names:services:raflags:Condition.read:1
List urn:nhs:names:services:raflags:List.read:1
Create, Update,
Delete		 Consent urn:nhs:names:services:raflags:Consent.write:1
Flag urn:nhs:names:services:raflags:Flag.write:1
Condition urn:nhs:names:services:raflags:Condition.write:1
List urn:nhs:names:services:raflags:List.write:1
$removeflag urn:nhs:names:services:raflags:removeflag.write:1
Tags: rest fhir