Forbidden Error on Record Triage Outcome (A028) API

supplier · 31 October 2025 13:51

I’m trying to call the endpoint /STU3/ReferralRequest/{ubrn}/$ers.recordReviewOutcome (Record Triage Outcome - A028, FHIR STU3), but I’m getting the following error from the NHS side:

{

"meta": {

    "profile": \[

        "[https://fhir.nhs.uk/STU3/StructureDefinition/eRS-OperationOutcome-1"](https://fhir.nhs.uk/STU3/StructureDefinition/eRS-OperationOutcome-1%22 "https://fhir.nhs.uk/stu3/structuredefinition/ers-operationoutcome-1%22")

    \]

},

"resourceType": "OperationOutcome",

"issue": \[

    {

        "severity": "error",

        "code": "forbidden",

        "details": {

            "coding": \[

                {

                    "code": "FORBIDDEN",

                    "system": "[https://fhir.nhs.uk/STU3/CodeSystem/eRS-APIErrorCode-1"](https://fhir.nhs.uk/STU3/CodeSystem/eRS-APIErrorCode-1%22 "https://fhir.nhs.uk/stu3/codesystem/ers-apierrorcode-1%22"),

                    "display": "Forbidden"

                }

            \]

        },

        "diagnostics": "On Behalf Of User ID (555367989103) is not permitted for Business Function (SERVICE_PROVIDER_CLINICIAN)."

    }

\]

}

Our Smartcard (ID: 555367989103) already has the SERVICE_PROVIDER_CLINICIAN role, but the API still returns a Forbidden error.

Could you please check if the correct business function is assigned or advise which user/role should be used for this API call?

zubeir.tai · 5 November 2025 09:25

Hi @supplier - It looks like you are attempting to use a Service Provider Clinician ADMIN role, for which there is no assigned Service Provider Clinician role.

As per the spec:

“On behalf of” is only supported for a Service Provider Clinician Admin (SPCA) acting on behalf of a Service Provider Clinician (SPC).

Where an OBO User ID is supplied the authenticating user must be an SPCA and the OBO User ID must be that of an appropriate SPC.

Please retry using the SPC role, without supplying the OBO User ID.

Thanks,
Z.

supplier · 5 November 2025 11:46

Hi @zubeir.tai ,

Thanks for the guidance — the approach you suggested worked.
We were able to proceed successfully.

Regards,
A.

Topic		Replies	Views
A008 Service Identifier filter returns 404 for REFERRALS_FOR_REVIEW Electronic Prescription Service (EPS) FHIR fhir , error-code	4	547	28 February 2023
Facing issue in A029 - Available actions for user list API e-Referral Service (e-RS)	8	309	11 March 2024
A008 403 error - allowed OBO Users list e-Referral Service (e-RS) fhir	2	34	6 December 2024
Query regarding eRS API A005 ( Retrieve referral request ) e-Referral Service (e-RS)	8	261	4 March 2024
The remote server returned an error: (403) Forbidden e-Referral Service (e-RS) testing , onboarding , fhir	7	270	27 August 2024

Forbidden Error on Record Triage Outcome (A028) API

Related topics