Does each API require a unique key for different functionalities? As a client, do I need to authenticate with different API key to access various APIs? For example, if I use APIKey1 to authenticate with the PDS-API, should I have to use APIKey2 to access the EPS-API, or is a single API key sufficient for authentication across all APIs?
Hi Niru,
Welcome to the NHS community API developer community!
The following should help answer some of your questions:
Firstly - each NHS API required separate onboarding before use. So, when integrating with NHS England APIs (e.g., PDS, EPS, SDS, etc.), you typically have to onboard each API individually. As part of that onboarding process, you’ll receive distinct credentials, such as:
- Client ID / Client Secret for OAuth2 flows
- Accredited System ID (ASID) for Spine-facing integrations
- or any other required keys/tokens specific to an API
These credentials identify your application to the NHS API Platform for that specific service. While in some cases an ASID or security arrangement can cover multiple APIs, you usually must register for each API you plan to call.
Many NHS APIs do not rely on a simple “API key” header. Instead, the most common approach is:
- Application-restricted (machine-to-machine) flows using JWT assertions and OAuth2 client credentials.
- User-restricted flows where an end user’s identity is involved (e.g., NHS login).
So, if by “API key” you mean client credentials or JWT-based tokens, you’ll usually have different sets of credentials (or scopes) for different APIs, especially if they’re governed by separate enrollment processes.
If using Spine Directory Service (SDS) API, each “accredited system” is assigned at least one ASID. This ASID is then used to identify that system on the Spine network. If your organization has onboarded multiple systems—or multiple services under one system—you might have more than one ASID.
- One ASID might be used to access PDS in INT,
- Another ASID (or the same, if so accredited) for EPS in INT,
- And corresponding ones for production, etc.
To summarise: You cannot simply use a single credential set to access all NHS Digital/England APIs, unless you have explicitly completed the onboarding steps for each API under the same system identity and the NHS API team has granted you the required scopes/permissions for all services under that one set of credentials.
- In most cases, you will end up with distinct credentials for PDS, EPS, MESH, and so forth, because each service has its own compliance and approval workflows.
Hope this helps!
Thanks,
NHS England API Platform team
Please note: The API Platform team can only address queries relevant to the NHS England API platform, including security, rate limiting, logging, monitoring and alerting. For any API specific queries, please reach out the relevant API teams.
Thanks for your response @navin.bose
Could you kindly direct me to the NHSE source documentation that outlines this please?
Here are the links to the NHS API Platform and NHS API specific documentation for PDS API and guidance to help answer onboarding queries for each API, obtaining separate credentials (including ASIDs), and following the overall security/authorisation guidance:
NHS Digital Developer Home: https://digital.nhs.uk/developer: This is the main landing page for API documentation, onboarding guides, and announcements.
Security and Authorisation Guidance: https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation .Explains how NHS APIs handle user-restricted and application-restricted flows, plus how tokens and scopes are managed.
Spine Directory Service (SDS) and ASIDs
Spine Directory Service FHIR: https://digital.nhs.uk/developer/api-catalogue/spine-directory-service-fhir . The documentation notes that each accredited system is represented by one or more ASIDs.
Personal Demographics Service (PDS) FHIR API: https://digital.nhs.uk/developer/api-catalogue/personal-demographics-service-fhir .Covers how to onboard, retrieve tokens, and perform patient demographics queries. Each environment (INT, PTL, Live) has specific requirements and endpoints.
Electronic Prescription Service (EPS) API: https://digital.nhs.uk/developer/api-catalogue/electronic-prescription-service Explains how to gain access, which credentials are needed, and outlines the flows for prescribing/dispensing.
NHS England API Platform and Onboarding
API Platform Overview: https://digital.nhs.uk/services/api-platform
Provides general information on how developers onboard to different APIs via the NHS API Platform. Each API has its own enrolment process, typically requiring separate approval.
Hope the above helps.
Thanks,
NHS England API Platform team
Please note: The API Platform team can only address queries relevant to the NHS England API platform, including security, rate limiting, logging, monitoring and alerting. For any API specific queries, please reach out the relevant API teams.