EPS Signing Sevice (Documentation vs MHS INT)

Need help. I was trying to use Signing Service API in NHS INT environment.
I believe there may be a discrepancy between the documentation for signaturerequest and signatureresponse with the actual call in NHS INT.

In the documentation it is said Authentication Header is not required.
But when we tried in NHS INT, I found the Authentication Header is actually required, otherwise it will return 401.

I have a doubt whether my interpretation of the documentation is correct.
It is said the authentication header is not required (does this apply to both NHS INT and also Sandpit)

Could I confirm, whether the bearer token for this calls are required for NHS INT and Live environment.

This is the link Signing Service API - NHS Digital


It is my understanding that only the sandbox environment has no authentication requirements. As soon as you transition into one of the other env’s (DEV, INT, DEP, Training) then the full implementation is required which will include the authentication headers.

If you check the page that you have referenced the only reason why authentication is not required is due to the activity taking place in the sandbox.

Again, this is my understanding of the environments within NHSE and happy to be corrected :slight_smile:

The documentation is confusing around the Signing Service so if someone can clarify that would be great:

This page (Electronic Prescription Service - FHIR API - NHS Digital) says “The prescription must include a digital signature, which can be generated using the Signing Service

when you follow the Signing Service link it says the API is still in development which means it can’t be used in Production. There is no indication as to when this will be available in Production! So whats the path to Live ? How can we develop a solution which uses EPS but has no route to a Live environment. Can anyone please guide on this (@alan.rawlings2 ?). Thanks

Thanks stuff, that is also my thinking at the moment, however need someone from EPS team to confirm this, as our architecture team has designed a solution without bearer token (by referring to the documentation). it is only when we try it on MHS INT it appears we do need them.

Morning @alan.rawlings2 , sorry I keep tagging you in to posts but would you be able to assist please with this enquiry around the status of the Signing Service. I have a call with the EPS onboarding team tomorrow to discuss timelines for onboarding and path to live activities with one of our identified First of Type customers; Signing will be a key dependency on the plan so any information or guidance you can provide would be really appreciated.

Many thanks

Hello lee.meredith,

I understand you have been in contact with the EPS team.

For a wider audience information, EPS advise NHS E are developing an alternative signing solution and details will follow soon.

Hi @alan.rawlings2 good morning, is there any update for this. I have also tried to reach via EPS onboarding team. The onboarding team did not give a definite timescale on the response/update, and this left us in the limbo at the moment. I just wonder if we need to abandon previous solutions and focus on the alternative solution you have mentioned? and when these new things will be communicated to suppliers and via which channels. and if previous solution is still viable, what is the answer to th query in this post?