Hello everyone,
I am currently working on a project that involves integrating a third-party application with NHS systems using available APIs. While I have reviewed the official documentation, I am seeking additional guidance from those who have experience with this process.
Specifically, I would appreciate insights on the following:
- Authentication and Security Best Practices – What are the recommended approaches for implementing authentication when accessing NHS APIs? Are there any common pitfalls to avoid when handling OAuth2 and JWT tokens?
- FHIR Implementation Considerations – If the API follows FHIR standards, are there any NHS-specific adaptations or constraints that I should be aware of? Any challenges you faced when structuring requests and handling responses?
- Sandbox vs. Production Environments – How accurate is the sandbox environment compared to the live system? Are there any significant differences that I should anticipate when transitioning from development to deployment?
- Compliance and Data Handling – Beyond the standard NHS guidelines, are there any additional compliance requirements or best practices when dealing with patient data in an integrated solution?
- Common Integration Challenges – If you have gone through the integration process, what were the most challenging aspects? Any workarounds or solutions that you found particularly useful?
I would greatly appreciate any advice, best practices, or documentation recommendations that could help streamline the integration process. Looking forward to learning from your experiences!
I also checked this: https://developer.community.nhs.uk/t/how-to-integrate-an-application-restricted-restful-apis-with-signed-jwt-authentication/power-apps
Thanks in advance for your help!