Integration endpoint returning "ASID is not configured in the application" error

e-Referral Service (e-RS) e-Referral Service FHIR API
1

We have recently had Integration access granted for our app.

We are using JWT authentication in application-restricted mode. Authentication is successful and we get an access token. However, when we GET to

https://int.api.service.nhs.uk/referrals/FHIR/STU3/ReferralRequest/1234

we get this response:

{
  "resourceType" : "OperationOutcome",
  "meta" : {
    "lastUpdated" : "2026-01-19T12:45:15.348Z",
    "profile" : [
      "https://fhir.nhs.uk/STU3/StructureDefinition/eRS-OperationOutcome-1"
    ]
  },
  "issue" : [
    {
      "severity" : "error",
      "code" : "forbidden",
      "details" : {
        "coding" : [
          {
            "system" : "https://fhir.nhs.uk/STU3/CodeSystem/eRS-APIErrorCode-1",
            "code" : "NO_ACCESS"
          }
        ]
      },
      "diagnostics" : "ASID is not configured in the application"
    }
  ]
}

In the authentication request, we are using the API key configured for our application in the JWT iss and sub parameters. I can’t see any other place that links back to the registered application and its ASID.

2

@Petko_Petkov are you able to look into this for us please? We (e-RS partners Team) have checked their set up and it’s all been configured correctly (ITOC have confirmed all the e-RS message sets and interactions are on there) and it’s bound on APIM as it should be.

Many thanks,

Lucy

3

Hi Rinaldo, to help us diagnose the issue, could you please share the full structure of the request you’re sending - specifically, the complete set of headers as well as the x-correlation-id?

4

Hi Petko, See below:

URL: https://int.api.service.nhs.uk/referrals/FHIR/STU3/ReferralRequest/443857497
METHOD: GET

[HEADERS]
Authorization: Bearer TsBFsXv<<REDACTED>>
Accept: application/fhir+json
X-Correlation-ID: 7add8e25-19be-4112-b198-25d64e83ed8a_1

[PARAMETERS]

[CONTENT]
5

@Petko_Petkov Do you have an update on this issue?

Thanks,

Rinaldo

6

Hi @Rinaldo_Tempo ,

Looking at your error, I can see you got the error code NO_ACCESS, this is due to insufficient credentials. I would recommend re-authenticating and I can also see that the UBRN on your link is missing the leading zeros - this may be an issue so I’d try again after changing that.

Let me know how that goes,

Ed

7

Hi @Ed_Wills

The access token is fresh. I’ve tried again and get the same error.

I’ve padded the UBRN with 0s on the left up to 12 digits and the problem persists.

The error message suggests that the request is not linked to an application ASID.

8

Hi,

I’m working with this integration endpoint along with Rinaldo, can we please have update?

Many thanks,

Sam

9

Hi,

We are looking into this - will give an update when we can.

Thanks,

Ed

10

@Sam_Cerrah Tony here from e-RS onboarding - can we just check the app id you are authenticating against, and whether this is user restricted or app restricted? I can see 28bce6ed-e81f-49a3-9e1c-aadd670df17b was provided - and is setup for app restricted with an asid and other attributes. Is this the one throwing an error?

@Petko_Petkov

11

Hi @tony.marsh1 ,

That is correct, we are making these calls against application Id 28bce6ed-e81f-49a3-9e1c-aadd670df17b. I can’t specifically see in the portal whether this is a app or user restricted, but the authentication method we are using corresponds with the “Application-restricted RESTful APIs - signed JWT authentication” method.

Thanks,

Sam

12

Hi Sam, quick update: we’re investigating the ASID mappings and will come back with next steps once this is confirmed. On the APIM side, the application ID mappings and permissions appear to be correctly configured.

13

Sam - 555295323107 is the uuid related to this application, can you check that the card related to this uuid is an INT card. Please try the card and login to the professional application web brower on the INT environment, if that works please then check that you can see that the card has a role at org 06H3T - as this is the ods code associated to the app.

14

@Sam_Cerrah Apologies we think we may have spotted an error in the setup - please ignore my last message - could you re-try please?

15

Hi @tony.marsh1

I did the following request:

URL: https://int.api.service.nhs.uk/referrals/FHIR/STU3/ReferralRequest/000443857497
METHOD: GET

[HEADERS]
Authorization: Bearer yAGytbs<<REDACTED>>
Accept: application/fhir+json
X-Correlation-ID: 51fe8d45-9da5-49d2-b42f-ba23f77c4bda_1

Now we are getting an empty payload with response status line of ‘HTTP/1.1 404‘

Thanks,

Sam

16

@Sam_Cerrah Apologies missed this response. @Ed_Wills would you mind taking a look at this one.

Tony - e-RS Team

17

Hi @Sam_Cerrah ,

I can’t see anything specifically wrong with your request - the format looks correct.

Is this happening for all ubrns? A 404 with empty payload may mean that this specific ubrn doesn’t exist in int environment.

If you need, I can get in touch with a team member with int access to confirm.

Thanks,

Ed

18

Hi @Ed_Wills , @tony.marsh1

Thanks for looking into this.

We are currently awaiting on a new UBRN for testing. Once this is received we’ll resume testing and provide an update on the outcome

Regards,

Sam

19

Thanks Sam - appreciate you updating us