FHIR API request A004 Error 500

e-Referral Service (e-RS) e-Referral Service FHIR API
1

Hi Support

Happy New Year to all :blush:

For Blackpool Teaching Hospital (ODS-RXL) we are receiving and error 500 for FHIR API request A004 using Application Restricted Access.

Other User Restricted API call are ok, just this one which is application restricted access we are running in Blackpool Teaching Hospital DEP environment.

Please see log details below for x-correlation-id.

Kind Regards,

Sean

2026-01-09 16:45:40,434 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - ====================================================================================

2026-01-09 16:45:40,434 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Processing eReferral FHIR API request A004RetrieveReferenceData

2026-01-09 16:45:40,434 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - ====================================================================================

2026-01-09 16:45:40,434 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Request Properties:

2026-01-09 16:45:40,434 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - -------------------

2026-01-09 16:45:40,434 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Accept: application/fhir+json

2026-01-09 16:45:40,434 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - NHSD-End-User-Organisation-ODS: RXL

2026-01-09 16:45:40,434 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - x-correlation-id: 76534A24-FEB6-4579-82B7-4AFEE1513D0B

2026-01-09 16:45:40,434 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - -------------------

2026-01-09 16:45:40,434 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Request Body:

2026-01-09 16:45:40,434 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - -------------------

2026-01-09 16:45:40,434 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway -

2026-01-09 16:45:40,435 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - -------------------

2026-01-09 16:45:40,435 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - HTTP Method :GET

2026-01-09 16:45:40,435 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - HTTP Properties :{Accept=[application/fhir+json], NHSD-End-User-Organisation-ODS=[RXL], x-correlation-id=[76534A24-FEB6-4579-82B7-4AFEE1513D0B]}

2026-01-09 16:45:40,435 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - HTTP Url :https://dep.api.service.nhs.uk/referrals-dep/FHIR/STU3/CodeSystem/eRS-ReviewOutcome-1

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Response Header Fieldsā€¦

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Header: null

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Value: HTTP/1.1 500

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Header: X-Request-ID

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Value: 2694484e-b5c0-47aa-9dbc-2efb215cbc28-1

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Header: X-Correlation-ID

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Value: 76534A24-FEB6-4579-82B7-4AFEE1513D0B

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Header: X-Content-Type-Options

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Value: nosniff

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Header: Connection

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Value: keep-alive

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Header: Pragma

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Value: no-cache

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Header: Date

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Value: Fri, 09 Jan 2026 16:45:41 GMT

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Header: X-Frame-Options

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Value: DENY

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Header: Strict-Transport-Security

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Value: max-age=31536000; includeSubDomains

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Header: Cache-Control

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Value: no-cache, no-store, max-age=0, must-revalidate

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Header: Expires

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Value: 0

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Header: X-XSS-Protection

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Value: 0

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Header: Content-Length

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway - Value: 0

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] INFO com.ims.ers.server.servlet.MaxApiHubGateway -

2026-01-09 16:45:41,824 [http-nio-8183-exec-8] ERROR com.ims.ers.server.servlet.MaxApiHubGateway - Request failed with response code: 500

2

Hi Sean,
I checked the DEP logs for X-Correlation-ID 76534A24-FEB6-4579-82B7-4AFEE1513D0B (ASID 20000001728). The call is definitely being handled as application-restricted access, but it fails during sessionless identity resolution.The backend is returning:

The request is invalidā€¦ Could not find specified user, userId=418671679037ā€ (ODS RXL)

This same error shows up for multiple A004 reference data requests (SPECIALTY, PRIORITY, CLINIC-TYPE, etc.), so it doesnā€™t look specific to eRS-ReviewOutcome-1 or a particular CodeSystem value. My recommendation would be to check the application restricted configuration for the ASID in DEP and ensure it is mapped to a valid ā€œProvider Authorised Applicationā€œ identity for ODS RXL(and that the mapped user/service identity exists and is active in DEP).

Thank you,
Petko

3

Hi Petko,

We have confirmed that the application is setup correctly and using the correct configuration for DEP.

The customer has confirmed that the userid is valid for ODS RXL however for the Live environment.

We donā€™t have access to the ASID that is being used in DEP , that typically would be configured by NHS eRSPartners?

Please advise,

Regards,
Sean