401 Access Denied on call to A0042

e-Referral Service (e-RS) e-Referral Service FHIR API
,
1

We are transitioning from using STU3 A006 to R4 A042.

When testing A042 in INT environment, we are receiving 401 status. The request to A0042 was preceeded by successful calls to A007 and A005 end points

URL: https://int.api.service.nhs.uk/referrals/FHIR/R4/Binary/f185d16b-7dd5-4a50-97d9-62494080a786

Headers:

Authorization: 0vGSeeV2cHrsB6C1L4PCyl0Ce46Q
NHSD-End-User-Organisation-ODS: RB8
NHSD-eRS-Business-Function: SERVICE_PROVIDER_CLINICIAN
NHSD-eRS-On-Behalf-Of-User-ID:
X-Correlation-ID: 17183684-D9A9-11F0-9A21-005056B4EE83
Accept: */*

INT App ID for endpoint: ff20dedf-6bef-4b83-8455-4cd3bfe5f01a

The header values defined in A0042 specification are the same as for the STU3 A006 endpoint

Is this possibly because we need to request access to the A0042 endpoint for our application in INT, that is, A0042 has not been automatically made available for existing applications using A006?

Requests were sent at 11:14 on 15th December

2

Hi @Gary_England - Yes, that is correct - new API endpoints are not automatically added to your message set.

Please reach out to the Partner team to request access: england.nhserspartners@nhs.net

Thanks,
Z.

3

Hi @Gary_England and @zubeir.tai - I’ve request the latest e-RS Product set be added to your INT ASID and this should fix the issue. I’ll confirm back when this is done.

Sorry about that - when we introduce new capability, we do actually request all active INT ASIDs are updated but this one must have been missed.

Kind regards,

Lucy

4

@Gary_England your ASID 2000000068 has the full e-RS product set applied. Can you try again please and let us know if you have any more issues?

5

Thanks Lucy - I have asked our product team to retest this interaction

6

Unfortunately we are still getting 401 error. See first message in post for the field usage

Message was sent by our client on 6th January at 15:24:38. Other calls made by our client to STU3 endpoints succeeded

7

Hi Gary, I’ve spoken with our ITOC team about this and it’s because you have your own bespoke product set up in INT. They’ve advised me that you need to fill out an MPV request to update your product with the desired eRS API interactions - see link below:

Manufacturer Product Version (MPV) registration request - NHS England Digital

I would suggest you request ‘all the eRS interactions from the latest generic product’ be added to your bespoke product to make sure you have everything you need.

Kind regards,

Lucy

8

Thanks Lucy

Unfortunately, we are still seeing the 401 error, with the same symptoms as previously

9

Sorry to hear that I’ve asked for our tech folks to take a look -they should reply on here directly

10

Hi Gary,
Looking at the headers you’ve provided, it doesn’t look like the request is using an OAuth2 access token in the expected format. For A042 the Authorization header needs to be sent as:

Authorization: Bearer <access_token>

At the moment it looks like you’re sending a raw token value without the Bearer prefix, which would result in a 401. Could you please confirm you are generating a valid access token via the signed JWT flow and then passing it in the format above when calling A042.

Thanks,
Petko

11

Thanks Petko,

We have added the “Bearer “ prefix to Authorization header content for both STU3 and R4 request generation classes, and the full set of interactions we require now work as expected

A few observations on this:
The STU3 endpoint appear to work both with and without the “Bearer “ prefix
The R4 endpoint works in OpenTest. While I recognise that OpenTest does not check the CIS2 token, it should probably check the header syntax
We did share the full header content in the original description of the error

Thanks again