A030 - HTTP 403 Error

Hi
After setting up INT environment with the test data, we are getting 403 error from A030 endpoint, with the follow response.

{
“resourceType”: “OperationOutcome”,
“meta”: {
“lastUpdated”: “2022-03-01T10:00:00.42Z”
},
“issue”: [
{
“severity”: “error”,
“code”: “forbidden”,
“details”: {
“coding”: [
{
“system”: “https://fhir.nhs.uk/CodeSystem/http-error-codes”,
“code”: “REC_FORBIDDEN”
}
]
},
“diagnostics”: “Example diagnostics message.”
}
]
}

Can someone help in diagnosing this error?

thanks

Jeff

Hi @jh398,

We will need more information in order to be able to trace your request.

Can you please provide the X-Correlation-ID or X-Request-ID and the date/time the call was made.

Thanks,

Adam.

Hi Adam,
x-correlation-id : fd8d59ef-e34f-4d4b-bef4-bb3d86203f92

thanks

Jeff

@nhserspartners It looks like there is an issue with the configured ASID. The error is stating that ASID 200000039320 cannot be found in SDS.

Can you investigate?

@adam.oldfield and @jh398 - Jeffrey, it looks as though you’re trying to use your Production ASID in INT. Your INT ASID is 200000002219

@adam.oldfield @jh398 I’ve just double checked the full set up - I set you up on 2nd May with the following details:

Cinapsis-eRs-Int and Application ID: 9f41f810-8856-45be-96cb-dadc9a6dcb8a and ASID 200000002219 with test data I sent you on 18th April

Interesting enough , we had a working integration until Thursday. Our CIS authentication is working and our ERS authorization exchange is working as well. However the only call that seems to work for us is A030 which is the Business function call. Any call to A004, A005, A029 are returning a 403 Forbidden error.

This might indicate a wider issue in the INT environment?

Hi @hayward,

Looking at the logs for the latest 403 code returned to you was at 14/05/2024
09:47:51.753 (UTC).

403 was returned as user 555302836103 is attempting to select the REFERRING_CLINICIAN (via header NHSD-eRS-Business-Function) role at Organisation with ODS Code R69 (via header NHSD-End-User-Organisation-ODS) - the user does not have a role at that organisation.

R69 is the test organisation used in the API sandbox (used by “Try this API” in the documentation). I don’t think your user will have a role at this organisation.

Please use the result of A030 to determine the applicable organisation/role combinations.

Thanks.

Thanks @adam.oldfield The R69 header was likely a remnant around us switching between dev (sandbox) and int environments during the day. Weirdly your reply did help us along. We recently had a lot of roles added and changed on our test smartcards, which now highlighted an issue around sending the correct OrgID in the headers (linked to the role / org chosen by the smartcard user)

1 Like