Interesting enough , we had a working integration until Thursday. Our CIS authentication is working and our ERS authorization exchange is working as well. However the only call that seems to work for us is A030 which is the Business function call. Any call to A004, A005, A029 are returning a 403 Forbidden error.
This might indicate a wider issue in the INT environment?
Looking at the logs for the latest 403 code returned to you was at 14/05/2024
09:47:51.753 (UTC).
403 was returned as user 555302836103 is attempting to select the REFERRING_CLINICIAN (via header NHSD-eRS-Business-Function) role at Organisation with ODS Code R69 (via header NHSD-End-User-Organisation-ODS) - the user does not have a role at that organisation.
R69 is the test organisation used in the API sandbox (used by “Try this API” in the documentation). I don’t think your user will have a role at this organisation.
Please use the result of A030 to determine the applicable organisation/role combinations.
Thanks @adam.oldfield The R69 header was likely a remnant around us switching between dev (sandbox) and int environments during the day. Weirdly your reply did help us along. We recently had a lot of roles added and changed on our test smartcards, which now highlighted an issue around sending the correct OrgID in the headers (linked to the role / org chosen by the smartcard user)