Skip to main content

Part of Authoring FHIR terminology resources

Using system-to-system account credentials

Previous Chapter

Batch adding resources in FHIR Bundles

Current Chapter

Current chapter – Using system-to-system account credentials

View all

It is possible to interact with the Terminology Server's API rather than using user interface tools like Snapper. The Terminology Server is a FHIR based terminology server and supports the the STU3 and R4 API of FHIR.

The Terminology Server supports:

Some API operations require authentication and authorisation (permissions required vary depending on operation as well as content). Authorisation for API calls is asserted by passing an OAuth2 token in the header. If authorisation is required then an OAuth2 token can be obtained by providing valid credentials to the token endpoint: 
https://ontology.nhs.uk/authorisation/auth/realms/nhs-digital-terminology/protocol/openid-connect/token

If a system requires access to perform API operations then system client credentials can be requested by completing and submitting a system to system account ID request form

Token requests can be made using any API client tool (such as Postman) and a simple curl example is provided below.

To use a system-to-system account to perform these functions, you will need to request a system-to-system account by completing and submitting a system to system account ID request form. You will then receive a client ID and client secret.

A client credentials token is necessary to obtain to authenticate with the Terminology Server. A free tool like Postman can be used to obtain tokens and issue requests, or they can be issued on the command line like in these examples:

Request Token

curl --location --request POST 'https://ontology.nhs.uk/authorisation/auth/realms/nhs-digital-terminology/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=<!-- CLIENT ID -->' \
--data-urlencode 'client_secret=<!-- CLIENT SECRET -->'

Example of using a token 

curl --location --request GET 'https://ontology.nhs.uk/production1/fhir/CodeSystem/ICD-10-UK-4.0' \
--header 'Authorization: Bearer <!-- TOKEN -->'

Last edited: 22 August 2024 11:21 am

Chapters

  1. Authoring FHIR terminology resources
  2. Create a new code system
  3. How to create a new value set
  4. Make a value set that contains an entire code system
  5. Create a new concept map
  6. How to import your resource as a JSON file into Snapper
  7. How to delete a FHIR resource
  8. Modify an existing FHIR resource
  9. Securing a FHIR resource for a community
  10. Resource community permission strategies
  11. Removing community permissions from a resource
  12. Anonymous global read access to a resource
  13. Create a post co-ordinated expression library
  14. Using a post co-ordinated expression library
  15. Batch adding resources in FHIR Bundles
  16. Using system-to-system account credentials