An overview of the security requirements for FHIR API calls into Spine.
Important: This site is under active development by NHS Digital and is intended to provide all the technical resources you need to successfully develop applications using the FHIR® Reasonable Adjustments API. This project is being developed using an agile methodology so iterative updates to content will be added on a regular basis.
Warning: This site is provided for information only and is intended for those engaged with NHS Digital. It is advised not to develop against these specifications until a formal announcement has been made.
Headers
This page collates and summarises http headers to be included with http requests and responses submitted.
It is recommended that developers are familiar with and refer to technical documentation Introduction to Spine Core FHIR API Framework while integrating with any Spine systems.
Headers listed are cumulative.
Requests
All requests
- Authorization: Bearer [jwt_token_string]
- FromASID: [clientASID]
- ToASID: [serverASID]
- TraceID: [client ,message uuid]
- InteractionID: [serviceName]
InteractionID varies by resource and interaction undertaken.
FromASID and ToASID headers, TraceID and Accredited System IDs are specified in the Spine Core FHIR API Framework
Create requests
- Prefer: return=representation
Update requests
- If-Match: [versionIdETag]
- Prefer: return=representation
Responses
All Read & failure responses
- Date: [servedNowDate]
- Content-type: application/fhir+json or application/fhir+xml
All successful Create responses
- Date: [servedNowDate]
- Last-Modified: [lastModDate]
- Location: https://clinicals.spineservices.nhs.uk/STU3/[type]/[id]/_history/[vid]
- ETag: W/”[versionId]”
- Content-type: application/fhir+json or application/fhir+xml
All successful Update responses
- Date: [servedNowDate]
- Last-Modified: [lastModDate]
- ETag: W/”[versionId]”
- Content-type: application/fhir+json or application/fhir+xml
InteractionID
| Interaction | Resource | InteractionID |
|---|---|---|
| Read | Consent | urn:nhs:names:services:raflags:Consent.read:1 |
| Flag | urn:nhs:names:services:raflags:Flag.read:1 | |
| Condition | urn:nhs:names:services:raflags:Condition.read:1 | |
| List | urn:nhs:names:services:raflags:List.read:1 | |
| Create, Update, Delete |
Consent | urn:nhs:names:services:raflags:Consent.write:1 |
| Flag | urn:nhs:names:services:raflags:Flag.write:1 | |
| Condition | urn:nhs:names:services:raflags:Condition.write:1 | |
| List | urn:nhs:names:services:raflags:List.write:1 | |
| $removeflag | urn:nhs:names:services:raflags:removeflag.write:1 |