Getting 401 response for PDS Token URL

Kiran_Kumar_Murari · 2 July 2025 12:06

Hi,

I am hitting the INT environment : https://int.api.service.nhs.uk/oauth2/token.

I am getting 401 Error Code.

Application ID : 21420a71-b589-4a24-8149-13a9880e99ce

NHS Digital Onboarding Service - Rhapsody_MSE_TIE_INT

I verified the JWT created with JWT.io and with both public key and Private Key for testing both encoding and decoding and it works fine perfectly.

david.hamill1 · 3 July 2025 16:15

Hi.

I’ve moved your question on the the API Platform category, as they will be better placed to handle any auth journey issues.

Thanks

vikas.nautiyal1 · 4 July 2025 15:50

Kiran, Can you please share the complete request so far I cannot see any event created in Splunk for this App ID for past 1 Month.

Kiran_Kumar_Murari · 7 July 2025 10:11

Hi @vikas,

I am using the below curl command : and I using Rhapsody Integration Engine to hit the Auth URL :

curl -X POST ^
-H “Content-Type:application/x-www-form-urlencoded” ^
–data “grant_type=client_credentials&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion=eyJ4NXQiOiItVURnZ2RnWWY3NFc2UTZJWW51c25Oem9EdVUiLCJraWQiOiJwZHMtZmhpci1hcGktaW50LXRlc3QtMSIsInR5cCI6IkpXVCIsImFsZyI6IlJTNTEyIn0.eyJhdWQiOiJodHRwczovL2ludC5hcGkuc2VydmljZS5uaHMudWsvb2F1dGgyL3Rva2VuIiwic3ViIjoiMjE0MjBhNzEtYjU4OS00YTI0LTgxNDktMTNhOTg4MGU5OWNlIiwiaXNzIjoiMjE0MjBhNzEtYjU4OS00YTI0LTgxNDktMTNhOTg4MGU5OWNlIiwiZXhwIjoxNzUxODgzMTg3LCJpYXQiOjE3NTE4ODI4ODcsImp0aSI6ImZjMWE2ZGJiLTdiMjQtNDQ3MC1iYjYwLWUwMmQ3NWZlMTFjMCJ9.JtFTUnPm5IEc38KvJI1rU9EZFN_BEia6Ve3rT6ED3uK1cnS-0wd5npFa3IjtES1xYxXd_C2s3ldXxUAvm7-E6qms9RFuRJmvg4CLKwFBIH2VOGF8U3knAZUPCfgIb_TtDOQ0Va9E9JnkNBzx4MNhB-Tq4yaWKMtfpx8Z2iCJHjyYdqgEucvaRS99hH-spy3C-86IbSFo85NEQ0vqNytps0U9KIXIZBx5ihJ-r3qgpmzzpGIaR_FicCgb700OdpYrEl_1IFfRMY5vcZdPVVi6UQaGG8EJNhv7fkIoPxiadx5A-j51FOCz13L9UUmLSJYNx94WXaN6y0c-2-m6SJUX63_AKV-xvF-U9dTIF-tMs4NR14VgwZSnZZ6dZk-RJYJGKREoNi5dm0W5QpEoujvpEk_B5HxXeHwkdCwOlvFfz6f9L7Ma8hfWl5nYrxR9KpI5B6KDecRBe5ZOWydC_-C80ia8wczN8a35Kgbj20WNVDgV_hlqdg5sKb8F7yvNnNd8Qol5E9hZTXbCfT2jpBmEOz2LmmyLkGRRyH_JAk1TDJ3e6X-pJXkfyXreX-x3PT3Y4iK2-TuRW7WW-13ju7QIJQzV1mUz2ul8WRbOKxt4LrxQEKTEh0wK9ewbmanqhcBr56F-HpJ7ZavkpIITvKzSZLzg4OuMsWTpPe8knW1nUiw” ^
https://int.api.service.nhs.uk/oauth2/token

  {
    "error": "invalid_request",
    "error_description": "Invalid 'iss'/'sub' claims in client_assertion JWT",
    "message_id": "rrt-2730306190529043736-a-geu2-190557-128721658-1"
  }

I made sure that every time I hit the API, I generate a GUID before hitting the API.
And for iss/sub Claim Headers, I am using NHS Applciation ID which is genreated for Integration Test Environment :

Application ID 21420a71-b589-4a24-8149-13a9880e99ce

Can you please check and let me know If I am using it in the wrong way.

vikas.nautiyal1 · 7 July 2025 11:04

@Kiran_Kumar_Murari Can you please share your availibility to discuss this issue?
My Email Id is vikas.nautiyal1@nhs.net and I am free from 13:30 till 17:00 today , better to connect and understand the issue? Seems like you are using wrong url to test your API.

Kiran_Kumar_Murari · 7 July 2025 11:35

I sent the Invite. Kindly check.

vikas.nautiyal1 · 7 July 2025 15:27

Kiran_Kumar_Murari:

curl -X POST ^
-H “Content-Type:application/x-www-form-urlencoded” ^
–data “grant_type=client_credentials&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion=eyJ4NXQiOiItVURnZ2RnWWY3NFc2UTZJWW51c25Oem9EdVUiLCJraWQiOiJwZHMtZmhpci1hcGktaW50LXRlc3QtMSIsInR5cCI6IkpXVCIsImFsZyI6IlJTNTEyIn0.eyJhdWQiOiJodHRwczovL2ludC5hcGkuc2VydmljZS5uaHMudWsvb2F1dGgyL3Rva2VuIiwic3ViIjoiMjE0MjBhNzEtYjU4OS00YTI0LTgxNDktMTNhOTg4MGU5OWNlIiwiaXNzIjoiMjE0MjBhNzEtYjU4OS00YTI0LTgxNDktMTNhOTg4MGU5OWNlIiwiZXhwIjoxNzUxODgzMTg3LCJpYXQiOjE3NTE4ODI4ODcsImp0aSI6ImZjMWE2ZGJiLTdiMjQtNDQ3MC1iYjYwLWUwMmQ3NWZlMTFjMCJ9.JtFTUnPm5IEc38KvJI1rU9EZFN_BEia6Ve3rT6ED3uK1cnS-0wd5npFa3IjtES1xYxXd_C2s3ldXxUAvm7-E6qms9RFuRJmvg4CLKwFBIH2VOGF8U3knAZUPCfgIb_TtDOQ0Va9E9JnkNBzx4MNhB-Tq4yaWKMtfpx8Z2iCJHjyYdqgEucvaRS99hH-spy3C-86IbSFo85NEQ0vqNytps0U9KIXIZBx5ihJ-r3qgpmzzpGIaR_FicCgb700OdpYrEl_1IFfRMY5vcZdPVVi6UQaGG8EJNhv7fkIoPxiadx5A-j51FOCz13L9UUmLSJYNx94WXaN6y0c-2-m6SJUX63_AKV-xvF-U9dTIF-tMs4NR14VgwZSnZZ6dZk-RJYJGKREoNi5dm0W5QpEoujvpEk_B5HxXeHwkdCwOlvFfz6f9L7Ma8hfWl5nYrxR9KpI5B6KDecRBe5ZOWydC_-C80ia8wczN8a35Kgbj20WNVDgV_hlqdg5sKb8F7yvNnNd8Qol5E9hZTXbCfT2jpBmEOz2LmmyLkGRRyH_JAk1TDJ3e6X-pJXkfyXreX-x3PT3Y4iK2-TuRW7WW-13ju7QIJQzV1mUz2ul8WRbOKxt4LrxQEKTEh0wK9ewbmanqhcBr56F-HpJ7ZavkpIITvKzSZLzg4OuMsWTpPe8knW1nUiw” ^
https://int.api.service.nhs.uk/oauth2/token

As per the Update from Kiran the issue at their end and it is resolved now so closing off this ticket

jpmonette · 22 July 2025 11:56

I am having the same issue - is it possible to share how this was resolved? Is it a matter of using iss/sub identical to the API key at:

Log in to NHS Digital developer account…

Or is this something else?

Thanks!

Topic		Replies	Views
401 when calling Token URL PDS Service Personal Demographics Service FHIR API pds , fhir , api , integration , spine , jwt	3	232	30 January 2024
Missing or non-matching 'iss' claim in subject_token JWT API Platform authentication , onboarding	2	11	24 July 2025
PDS FHIR API - intermittent 401 API Platform pds , fhir , spine	4	51	16 December 2024
Malformed JWT for Token Exchange e-Referral Service FHIR API authentication , cis2	24	1345	4 March 2024
CIS2 & ERS API token exchange in the INT enviroment e-Referral Service FHIR API authentication , fhir , integration	6	373	4 March 2024

Getting 401 response for PDS Token URL

Related topics