Testing APIs with our mock authorisation service

Overview

To make testing easier, we provide a mock authorisation service that allows you to test with our APIs without needing the end user to sign in fully.

Our mock authorisation service can be used to simulate:

a healthcare worker signing in with CIS2 Authentication using a smartcard or modern alternative
a patient signing in with NHS login

It provides a variety of test users with different attributes.

It can be used with the following security patterns:

To use this service, see the detailed instructions for the above security patterns. In particular, you need to configure your software to use the endpoint oauth2-mock instead of just oauth2.

Authenticating end users

When using our mock authorisation service with the separate authentication and authorisation patterns, you need to authenticate the end user with either:

CIS2 Authentication for healthcare workers
NHS login for patients

Successful authentication results in an ID token being issued to the callback endpoint that you registered - you still need to follow the other instructions for the main security pattern.

For details about how to authenticate with each pattern, see:

Test users for CIS2 Authentication

When using our mock authorisation service to simulate a healthcare worker signing in with CIS2 Authentication, you need to enter the user ID for the user you want to test with.

The difference between the test users is that they have different National RBAC job roles and authenticator assurance levels.

The available test users are:

User UID	National RBAC job roles	Authenticator assurance level
656005750108	R0260 (General Medical Practitioner)	AAL3
656005750107	R8000 (Clinical Practitioner)	AAL3
656005750104	R8008 (Admin/Clinical Support)	AAL3
656005750111	R0260 (General Medical Practitioner)	AAL2
656005750109	R8000 (Clinical Practitioner)	AAL2
656005750112	R8008 (Admin/Clinical Support)	AAL2
656005750110	R8000 (Clinical Practitioner)	AAL1

If you need a test user with different attributes - for example, different roles, or multiple roles - contact us and we’ll add more test users.

Note that:

these test users exist only in our mock authorisation service - they are not configured in the Spine Directory Service
you cannot use these test users when testing the e-Referral Service FHIR API, as explained below

Testing the e-Referral Service

If you are testing the e-Referral Service (e-RS) FHIR API, you cannot use the above test users, because:

e-RS requires test users to exist in the Spine Directory Service, not just in our mock authorisation service
e-RS requires users to be assigned activities ('B' codes) as opposed to job roles ('R' codes), for example 'Manage Outbound Appointments' (B1103)
e-RS requires test users for a given developer to be associated with an organisation that is unique to that developer

When you start testing with e-RS, our e-RS support team will set up some test users in the Spine Directory Service that are unique to your organisation. If you want to use our mock authorisation service, contact us and let us know the User UIDs for your test users and we will set up the same users in our mock authorisation service.

Test users for NHS login

When using our mock authorisation service to simulate a patient signing in with NHS login, you need to enter the user ID for the user you want to test with.

The only difference between the test users is that they have different identity proofing levels.

The available test users are:

User ID	Proofing level
9912003071	High - P9
9912003072	Medium - P5
9912003073	Low - P0

If you need a test user with different attributes, contact us and we’ll add more test users.