Integrate with Spine
Integrate with Spine to access structured information from a patient’s registered GP practice record.
Overview
GP Connect provider APIs are accessed through the NHS Spine. As such, consumers of GP Connect APIs are required to integrate with the following Spine services as a prerequisite to making API calls to GP Connect provider APIs:
Step 1. Personal Demographics Service
A GP Connect consumer queries PDS for the patient to:
- verify the patient’s NHS number
- retrieve the ODS organisation code of the patient’s registered GP practice
Important: Appointment Management consumer suppliers may want to build workflows that support appointment booking into other GP practices (other than the patient’s registered practice) such as into extended access hubs. For these consumers, an alternate mechanism for discovering the target practice’s ODS organisation code is required. See Appointment Management Service Discovery for more details.
For further details on this step, see Personal Demographics Service.
Step 2. Spine Directory Service
A GP Connect consumer queries SDS using the ODS organisation code retrieved in the previous step to retrieve:
- the GP practice’s GP Connect service root URL (their FHIR endpoint)
- the GP practice’s GP Connect ASID
For further details on this step, see Spine Directory Service - (Overview and Querying SDS).
Step 3 onwards. Spine Secure Proxy
A GP Connect consumer constructs a GP Connect FHIR request (incorporating the two items retrieved in the previous step), and sends it to the SSP.
The SSP then forwards the request on to the GP Connect provider system which returns its response back through to the SSP to the consumer system. A number of GP Connect FHIR requests may be made to satisfy the full workflow of the capability.
For further details on this step, see Spine Secure Proxy (SSP).
See the full worked example below for the steps required to consume the GP Connect Appointment Management capability.
Worked example
Integrate with Spine to book an appointment at the patient’s registered GP practice
The following sequence diagram illustrates the steps which a GP Connect consumer would be required to undertake to book an appointment at the patient’s registered GP practice.
The steps shown in the diagram are detailed below.
| Step | Description |
|---|---|
| Step 1 is optional in the sense that a cached version of a these trace results may be available to the consumer. | |
| 1a | Consumer is responsible for performing a PDS trace to both verify the NHS number and obtain the ODS code of the GP practice system. |
| 1b | PDS returns NHS number verification status and the ODS code of the patient’s registered GP practice. |
| Note: | Appointment Management consumers that want to book into other GP practices require an alternative mechanism for determining a GP practice ODS code. Regardless of the mechanism used to determine a GP practice's ODS code, the PDS step is required to verify the patient’s NHS number. |
| Step 2 is optional in the sense that cached or configured endpoint details for the practice may be available from a previous SDS interaction. | |
| 2a | Consumer calls SDS again to discover the URL of the FHIR server endpoint at the practice. |
| 2b | SDS returns details of the FHIR endpoint. |
| 2c | Consumer calls SDS to discover the Accredited System ID (ASID) of the system which provides a FHIR endpoint at the practice identified by the specified ODS code. |
| 2d | SDS returns the ASID. |
| Step 3 is optional in the sense that the Capability Statement may be used to verify the FHIR capabilities which the endpoint provides should this be required at run time. The results of this call may be cached for future interactions. | |
| 3a | Consumer calls the metadata endpoint at the practice FHIR server to request full details of which FHIR operations are implemented at that server - the Capability Statement. |
| 3b | Spine Secure Proxy (SSP) receives the call from the consumer, performs security checks and, if these pass, forwards the consumer request to the provider. |
| 3c | Provider returns the Capability Statement to the SSP. |
| 3d | SSP forwards the Capability Statement received from the provider to the consumer. |
| 4a | Consumer then makes an API call to Search for free slots at the practice in the specified time-frame. |
| 4b | SSP forwards the call from the consumer, performs security checks, and if these pass, forwards the consumer request to the provider. |
| 4c | Provider responds with details of what slots are available for booking. If no applicable slots are returned, the consumer may make repeated calls to Search for free slots with amended date ranges. |
| 4d | SSP forwards the free slots received from the provider to the consumer. |
| 5a | Consumer makes API call to Find a patient providing the patient’s NHS number. |
| 5b | Spine Secure Proxy (SSP) receives the call from the consumer, performs security checks and, if these pass, forwards the consumer request to the provider. |
| 5c | Provider finds patient record and returns the logical identifier of the patient record at this practice in their system. See Patient record not present for an illustration of the steps required in this case. |
| 5d | SSP forwards the patient details received from the provider to the consumer |
| 6a | Consumer calls Book an appointment indicating the slots selected in the UI together with the logical ID of the patient. |
| 6b | Spine Secure Proxy (SSP) forwards the call from the consumer, performs security checks, and if these pass, forwards the consumer request to the provider. |
| 6c | Provider responds with details of the booked appointment as confirmation of success. |
| 6d | SSP forwards the appointment details received from the provider to the consumer. |
System topologies
Important: The Spine Secure Proxy (SSP) includes a mechanism to filter out all requests between organisations that are not registered on the proxy as having a mutual data sharing agreement. Without this, then all GP Connect consumers would be able to send requests to all GP Connect providers. For the filtering solution to work each consumer/provider organisation MUST have their own unique Spine ASID configured on the SSP.
Consumer topologies
Consumer system - shared MHS
This image shows several consumer systems connecting to GP Connect through a shared message handling server.
This is a typical deployment for an area-based or regional portal, where a central system or Trust Integration Engine (TIE) acting as the message handling server connects to Spine for multiple organisations.
Notes:
- each consumer system using GP Connect MUST have a unique ASID for each organisation that is using it, so that messages flowing through Spine can be correctly identified back to the originating organisation
- consumer systems in the shared MHS topology have one party key shared amongst connecting organisations
Important: In consumer system topologies where GP Connect consumer applications are provisioned via a portal or middleware hosted by another organisation, it is vital that the ASID sent in the Ssp-From header reflects the organisation from where the request originates, rather than the hosting organisation.
Consumer system - separate MHS
This image shows several consumer systems connecting to GP Connect via their own message handling servers.
This could be different types of consumer systems, or the same type of consumer system deployed as separate instances.
Notes:
- each consumer system using GP Connect MUST have a unique ASID for each organisation that is using it, so that messages flowing through Spine can be correctly identified back to the originating organisation
- consumer systems using the separate MHS topology each have their own party key
Provider topologies
Provider system - shared MHS
Important: In the diagram above, the shared message handling server holds three party keys, one associated with each practice. Party Key 1 is for the practice with ASID 1, Party Key 2 is for the practice with ASID 2, and so on.
Multiple GP practice systems using a shared message handling server.
This is a typical deployment for a multi-tenanted data centre hosted GP system serving multiple organisations.
Notes:
- each provider system using GP Connect MUST have an ASID AND party key for each organisation that is using it, so that messages flowing through Spine can be routed to the correct destination organisation
- each party key/ASID combination MUST be registered in SDS as a CMA endpoint
Provider system - separate MHS
Discrete instances of GP practice systems each serving a single GP practice, and each with their own message handling server.
Notes:
- each provider system using GP Connect MUST have an ASID AND party key for each organisation that is using it, so that messages flowing through Spine can be routed to the correct destination organisation
- each party key/ASID combination MUST be registered in SDS as a CMA endpoint
Personal Demographics Service
PDS tracing
GP Connect systems SHALL be capable of performing Personal Demographics Service (PDS) tracing of patients to obtain their NHS number, date of birth and current registered GP organisation.
The Personal Demographics Service - FHIR API provides a summary of the role of PDS in the NHS Spine architecture, and describes three options for accessing it. Systems SHALL perform this tracing using one of the three options.
Important: The term 'consuming system' on the PDS page of the Spine Core FHIR API Framework site applies in the GP Connect context to both consumer and provider systems.
Last edited: 10 April 2025 3:35 pm