Hello!
We’re currently developing a solution to grab some patients down from a worklist on the INT environment, and are getting a 403 error with no response content:
Error: 403
Response Content: b’’
For context, our header is structured like this:
And the data/payload has been copied from the sandbox environment request as such:
data = r'{"resourceType":"Parameters","meta":{"profile":["https://fhir.nhs.uk/STU3/StructureDefinition/eRS-FetchWorklist-Parameters-1"]},"parameter":[{"name":"listType","valueCodeableConcept":{"coding":[{"system":"https://fhir.nhs.uk/STU3/CodeSystem/eRS-ReferralListSelector-1","code":"AWAITING_BOOKING"}]}}]}'
Any help would be greatly appreciated!
Thanks,
Harry
Hi @harry.clark1,
Can you please provide the X-Correlation-ID for the request and your Application ID to help us trace your request?
Thanks.
Hi Adam,
Thanks for the quick reply!
The correlation ID was: 5d256b83-bc48-4cc9-805c-2a25d0ed5a6a
and our application ID is: 1b3e5b37-bf5e-4e31-a067-3bb8255f2615
Thanks again 
Although from your example it doesn’t look like you are providing a value for NHSD-eRS-On-Behalf-Of-User-ID which is required when NHSD-eRS-Business-Function is SERVICE_PROVIDER_CLINICIAN_ADMIN.
You can use A040 - Retrieve e-RS-specific practitioner information to determine the applicable On Behalf of Users.
Ah we do have one there, I just blocked that information out in the screenshot along with our test ODS code, as I wasn’t sure what was ok to share here!
Edit: I should add, we basically just copied the options we used to login as SERVICE_PROVIDER_CLINICIAN_ADMIN on the INT site
Sorry to bother you Adam,
I was wondering if there’s anything else I can try in terms of our configuration for this - as we’re still a bit stuck!
Thank you!
Harry
Hi @harry.clark1,
Sorry for the delay.
The correlation ID was: 5d256b83-bc48-4cc9-805c-2a25d0ed5a6a
and our application ID is: 1b3e5b37-bf5e-4e31-a067-3bb8255f2615
Looking at the request above it appears you are trying to use application-restricted access, but A008 only supports user-restricted access.
However, application-restricted access is coming soon - there will be some restrictions in usage though.
Thanks,
Adam.
However, application-restricted access is coming soon - there will be some restrictions in usage though.
Which it would hurry up as we require this functionality.
Hi Adam,
Thanks for this!
In terms of what we’re sending in our request headers, what should we change in order to use A008 with user-restricted access? We tried removing each of the ‘nhsd’ parameters which hasn’t seemed to help.
Thank you!
Harry
@harry.clark1,
Are you using one of the Healthcare Worker access modes?