Is this available as an API by itself?
Many APIM API’s follow https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation
I’m working on a regional system (NHS England North West GMSA) which will involve many enterprise service bus (ESB) (more commonly known within the region as Trust Integration Engines (TIE)) communicating with each other.
We intend to support the same security and authorisation mechanism (but for application restricted only, as all the ESB/TIE.
Longer term we plan to add a NHS England APIM API to our system (which to us will be another ESB/TIE). So it makes some sense to use the same authorisation server as this service would use.