e-RS FHIR API - A008, 403 with no response content

Hello!

We’re currently developing a solution to grab some patients down from a worklist on the INT environment, and are getting a 403 error with no response content:

Error: 403
Response Content: b’’

For context, our header is structured like this:
image

And the data/payload has been copied from the sandbox environment request as such:

data = r'{"resourceType":"Parameters","meta":{"profile":["https://fhir.nhs.uk/STU3/StructureDefinition/eRS-FetchWorklist-Parameters-1"]},"parameter":[{"name":"listType","valueCodeableConcept":{"coding":[{"system":"https://fhir.nhs.uk/STU3/CodeSystem/eRS-ReferralListSelector-1","code":"AWAITING_BOOKING"}]}}]}'

Any help would be greatly appreciated!

Thanks,
Harry

Hi @harry.clark1,

Can you please provide the X-Correlation-ID for the request and your Application ID to help us trace your request?

Thanks.

Hi Adam,

Thanks for the quick reply!

The correlation ID was: 5d256b83-bc48-4cc9-805c-2a25d0ed5a6a
and our application ID is: 1b3e5b37-bf5e-4e31-a067-3bb8255f2615

Thanks again :slight_smile:

Although from your example it doesn’t look like you are providing a value for NHSD-eRS-On-Behalf-Of-User-ID which is required when NHSD-eRS-Business-Function is SERVICE_PROVIDER_CLINICIAN_ADMIN.

You can use A040 - Retrieve e-RS-specific practitioner information to determine the applicable On Behalf of Users.

Ah we do have one there, I just blocked that information out in the screenshot along with our test ODS code, as I wasn’t sure what was ok to share here!

Edit: I should add, we basically just copied the options we used to login as SERVICE_PROVIDER_CLINICIAN_ADMIN on the INT site

Sorry to bother you Adam,

I was wondering if there’s anything else I can try in terms of our configuration for this - as we’re still a bit stuck!

Thank you!

Harry

Hi @harry.clark1,

Sorry for the delay.

The correlation ID was: 5d256b83-bc48-4cc9-805c-2a25d0ed5a6a
and our application ID is: 1b3e5b37-bf5e-4e31-a067-3bb8255f2615

Looking at the request above it appears you are trying to use application-restricted access, but A008 only supports user-restricted access.

However, application-restricted access is coming soon - there will be some restrictions in usage though.

Thanks,

Adam.

However, application-restricted access is coming soon - there will be some restrictions in usage though.

Which it would hurry up as we require this functionality.