A008 403 error - allowed OBO Users list

Hello,

I hope you’re doing well.

We are currently stuck on a 403 error when trying to use the A008 endpoint. We are using a user-restricted access method, after succesfully authenticating an integration smartcard via the browser / callback.

The error is as follows:
Error: 403, Response Content: b’{“meta”:{“profile”:[“https://fhir.nhs.uk/STU3/StructureDefinition/eRS-OperationOutcome-1"]},“resourceType”:“OperationOutcome”,“issue”:[{“severity”:“error”,“code”:“forbidden”,“details”:{“coding”:[{“code”:“FORBIDDEN”,“system”:“https://fhir.nhs.uk/STU3/CodeSystem/eRS-APIErrorCode-1”,“display”:“Forbidden”}]},“diagnostics”:"On Behalf Of User ID (555303174104) provided is invalid or not in the list of allowed OBO Users.”}]}’

And the correlation ID for the request is:
d7d2b802-f8cc-417c-82ac-e960c4eacd8c

If anyone can help, we would greatly appreciate it!

Many thanks,

Harry

I have just solved this, but will leave it up incase anyone else has the same issue!

In the end, it was that we tried to use the ‘AWAITING_BOOKING’ option in our parameters with the SPC role, but it worked after changing to ‘REFERRALS_FOR_REVIEW’.

Hi Harry,

The error you provided indicates an issue with the NHSD-eRS-On-Behalf-Of-User-ID header which can only be used when the NHSD-eRS-Business-Function header is set to `SERVICE_PROVIDER_CLINICIAN_ADMIN.

It is essentially just saying that the authenticated user is not permitted to work on behalf of the provided NHSD-eRS-On-Behalf-Of-User-ID (555303174104).

AWAITING_BOOKING is a referrer only worklist, so had the NHSD-eRS-On-Behalf-Of-User-ID value been valid you would have received a different error message stating this.

Regards,

Adam.