I successfully connected to EMIS-X using a username and password through Python. However, retrieving the token manually remains a challenge. To resolve this, I attempted authentication using a certificate. Here’s what I did:
- Generated a CSR and uploaded it to the portal provided by EMIS-X.
- Received a signed certificate from them and used it along with the private key for authentication.
Despite these steps, I am encountering a 403 Forbidden error. Could anyone provide guidance or assistance in resolving this issue?
Thank you!
Hi Ali,
This query is one for EMIS-X support team and not the NHS England API platform team.
A 403 Forbidden error often points to issues with permissions or the way the certificate is being presented during authentication. You could initially check to ensure that the private key matches the signed certificate provided by EMIS-X. Verify that the certificate is still valid and was issued specifically for the intended API access. Double-check that you are using the correct endpoint designated for certificate-based authentication, as some APIs differentiate between authentication methods.
It is also crucial to validate the format of your certificate and private key to ensure they are compatible with your setup. If needed, convert the files to the appropriate format using tools. Ensure all required headers are included in your requests and confirm that the certificate is properly presented during HTTPS requests.
It is important that you to consult the EMIS-X documentation thoroughly. Review the specific steps and guidelines they provide for certificate-based authentication, as there may be unique requirements, such as the inclusion of intermediate certificates, that need to be adhered to.
Reaching out to EMIS-X support is recommended. Share detailed information about the 403 Forbidden error and your implementation approach with their support team. They may have access to logs or insights that can help identify and resolve the problem effectively.
Thanks,
NHS England API Platform team
Please note: The API Platform team can only address queries relevant to the NHS England API platform, including security, rate limiting, logging, monitoring and alerting. For any API specific queries, please reach out the relevant API teams.