Confirm next steps for e-RS integration

We have been asked to direct our question to this forum by an e-RS business analyst.

We’re just getting to the end of our development process on the CIS2 end of things, and wanted to double check our understanding of next steps as far as access to the eRS API is concerned.

Specifically for CIS2, we’ve been following this set of documentation. We are then expecting to follow this set in order to use CIS2 auth to gain access to eRS (where Step 5 is the CIS2 authentication process from the first set of documentation).

Please could you confirm that our understanding matches the required next steps?

Hi Sarah. It sounds like you are on the right path to use the “Separate Authentication” process for gaining access to the APIs - User-restricted RESTful APIs - NHS Care Identity Service 2 separate authentication and authorisation - NHS Digital

What this means is that you authentication first with CIS2 Authentication, and get the idToken from that service. You can then exchange that token on the API platform to get access and refresh tokens for the API platform - you then use these for the APIs

So, to get started with this, you will need to onboard to both CIS2 Authentication, and the API platform, separately. Although this is now mostly done through the developer portal, you will need to talk to the CIS2 Authentication team - Apply to use NHS CIS2 Authentication - NHS Digital

Hope that helps.