🏥 NHS API Developer Guide

🔹 Introduction
This guide provides an overview and practical tutorials for integrating with NHS APIs. It is
designed for PHP developers working within secure and compliant environments.

📘 Get Started with NHS APIs

NHS APIs provide access to healthcare data such as patient records, prescriptions, and
services. Integration requires understanding various security models and development
practices.

📚 API & Integration Catalogue

* Electronic Prescription Service (EPS)
* NHS Login
* NHS Care Identity Service 2 (CIS2)
* Demographics and Personal Demographics Service (PDS)
* FHIR APIs

See the full catalogue at:

https://digital.nhs.uk/developer/api-catalogue

🧾 Environment Access & Onboarding

To access NHS APIs, follow these steps:

1. Register an application via NHS Developer Portal

2. Select required APIs and submit for approval
3. Complete assurance (especially for patient data)
4. Receive credentials for sandbox and live environments

🧪 Test & Production Environment

* Sandbox: For development/testing. No real patient data.
URL Example: https://sandbox.api.service.nhs.uk/
* Production: Real data; access is gated behind strict approval and assurance.
✅ Get Approval to Use NHS APIs
Approvals may include:
* DPIA (Data Protection Impact Assessment)
* Clinical Safety Case
* Application Penetration Testing
* Completion of onboarding questionnaires

💬 NHS Developer Community

Join the community to:
* Ask questions
* Share implementations
* Get the latest updates

https://digital.nhs.uk/developer/help-and-support

Report an Incident
For urgent issues or downtime:
* Log incidents via https://digital.nhs.uk/developer/help-and-support
* Include request logs and correlation IDs

PHP Developer Tutorials

NHS APIs are categorized by access type:

* Open-access APIs – no authentication

* Application-restricted APIs – API key or JWT required
* User-restricted APIs – authenticated users via NHS CIS2 or NHS Login

Each category has tutorials for connecting using PHP.

🔓 Open-access REST API (PHP Tutorial)

Example: Hello World API

$endpoint = "https://sandbox.api.service.nhs.uk/hello-world/hello/user";
$response = file_get_contents($endpoint);
echo $response;

🩺 NHS CIS2 - Separate Auth & Authz (PHP)

* Authenticate with NHS Smartcard / Identity Agent
* Receive access token
* Use it in subsequent API calls
This typically requires a CIS2-compliant identity client integration. PHP handles the token
relay and API consumption.

🩺 NHS CIS2 - Combined Auth & Authz (PHP)

* Identity validation
* Role-based access control

Usually embedded in frontend flows; PHP handles backend verification of ID token and
access token.

NHS Login - Combined Auth & Authz (PHP)

* Similar to above but the user journey combines both steps.
* PHP handles the final API call with the token.