Hi , would you be able to clarify the response and response headers I should be getting from the A042 endpoint? I am running under Application-restricted , unattended access. Security is working well (using JWT) with this and other calls I am making (a005, a007). With which I am obtaining the correct headers/content.
However, this concerns a call (GET) to the A042 Endpoint https://int.api.service.nhs.uk/referrals/FHIR/R4/Binary/{UUID ID}“ for example… (https://int.api.service.nhs.uk/referrals/FHIR/R4/Binary/88974a4c-5dd5-4569-aca2-8adcdd9b7d1d”)
I am receiving a 200 OK , along with the Binary file as the response content (which incidentally I have noticed is/was the behavior of the A006 endpoint ?). Also the response headers that I am getting back do not seem correct, and do not include things like the x-correlation-id and x-request-id.
The documentation (https://digital.nhs.uk/developer/api-catalogue/e-referral-service-fhir#get-/R4/Binary/-id-) is indicating that I should be receiving a 307 (temporary redirect) response, and a location for the file and the correct response headers.
The request headers I am sending with this GET are fairly simple (as well as the bearer token) for example…
Accept=application/fhir+json, x-correlation-id=f7ce6191-3738-4cd8-a2fc-5bdf5e36b69b
Would you be able to shed some light on this? Or if there is anything wrong with what I am doing on the request? (the main problem here is about auditing the request/correlation ids from the response headers - as I am actually able to successfully retrieve the attachments directly from the A042 call - which is stated as not being possible - but obviously I am keen to check this matter and use the endpoint correctly).
Thanks
Matthew Lavender
Hi Matthew,
Yes you are correct in saying that you should be receiving a 307 (temporary redirect) response, and you should not be able to successfully retrieve the attachments directly without doing so.
Can you please give us an example of what you are doing step by step.
Thank you,
Balal
The process to reach the A042 call with the GET is fairly straight forward , below is a step summary of we do:
This is all in the INT environment:
- An access token is successfully obtained through the use of JWT (I followed the guidance under https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/application-restricted-restful-apis-signed-jwt-authentication)
- A successful A005 call , to obtain the attachment details of the referral. This gives me the metadata of the attachment (content type, url, size,title)
- The URL metadata (specifically the UUID) is then used from the A005 call , for the A042 call (for example… Binary/719f6045-e791-4029-8e0f-1201c02b0a55 )
- A GET is then performed on the URL using that ID for example (as in my initial post)… for example.. https://int.api.service.nhs.uk/referrals/FHIR/R4/Binary/88974a4c-5dd5-4569-aca2-8adcdd9b7d1d”
- A 200 OK is then received along with the binary in the response. (with which it contains the correct attachment)- but do not receive a 307 redirect.
There are a couple of things we need to understand, if it should only be returning a 307 redirect:
- Why am I receiving a 200 OK, on the above GET request - along with the binary (we need to understand why this is working) ?
- And should I be doing something different (or am I doing something wrong) with regards to the GET request , in order to obtain the 307 redirect (I had followed the guidance on A042 GET Request)?
let me know if you need any further information - thanks
Matthew
Hi Matthew,
Why am I receiving a 200 OK: what are you using in order to make the call to the API? Are you using Postman?
Thanks,
Balal