Search loading...


Explore and Make use of Nationally Defined Messaging APIs


Testing assets

Details of what test resources have been made available to support the holistic
testing of provider APIs and consumer applications.

Provider testing (SIT)

An automated provider test harness has been made publicly available to allow standardised testing of the FHIR APIs prior to any formal assurance activities being undertaken. This approach aims to streamline the end-to-end assurance process by ensuring that a common baseline level of technical conformance has been achieved, an thus fewer issues are surfaced during formal assurance.

Provider testing layers

Category Layer Details
Provider capability API orchestration Use cases
Provider terminology API data layer Test cases
Technical API payload(s) FHIR profile conformance, valueset usage, constraint rules
Technical API conformance URL format, URL parameters, HTTP error handling
Standards FHIR DSTU2 conformance metadata, RESTful, identifier handling, search patterns
Technical Spine integration SSL certificate handling, URL format, SSP headers
Standards HTTP conformance accept encodings, transfer encodings, ETags compression
Standards JWT conformance authentication, claims, auditing
Standards SSL conformance TLS versions, supported ciphers, client authentication, certificate revocation

Please see the GP Connect Provider Testing Wiki for further details.

Non functional

Category Layer Details
Security Penetration testing OSWASP top 10
Performance API performance Response times

Consumer testing (SIT)

Consumer testing layers

An additional UI testing layer is required for consumer systems.

Category Layer Details
Consumer capability UI behaviours UI use case automation

Non functional

Category Layer Details
Security Penetration testing OSWASP top 10

All content is available under the Open Government Licence v3.0, except where otherwise stated