Versioning of Appointment resources
In order to prevent any loss of data, Appointment resources are protected against concurrency problems, as described in the FHIR standard. The use of a version identifier for each resource prevents that resource being a newer version of that resource being unwittingly overwritten.
Use of the SSP and associated HTTP Headers
All calls to Provider systems are made through the Spine Secure Proxy (SSP). This gives a number of benefits:
- It allows Provider systems to only allow inbound connections from a known address (i.e. the SSP), and also means that Consumer systems only need to make connections to a single network address.
- It simplifies the setup of TLS/MA (Transport Level Security with Mutual Authentication) so each system (Consumer and Provider) only needs to be authenticated to the SSP.
It does however require some minor additional overhead:
- The URL of the SSP MUST be concatenated with the Provider system URL.
- Custom HTTP headers MUST be included in all resuests to Provider systems.
Concatenating the URLs
The actual URL of the SSP will depend on the environment in use, therefore an artificial URL will be used here for demonstration purposes.
Example SSP URL:
Example Provider URL being called:
The concatenated URL would be:
Consumers MUST take care to ensure that one and only one ’/’ character is included between the SSP URL and the Provider URL.
The following http headers are required by the SSP. NB These are in addition to the JWT required in an Authorization header as described elsewhere.
|Ssp-TraceID||A UUID||A traceable Identifier which can later be used at both Consumer and Provider to trace back to this request. This UUID SHOULD be unique to either the individual http request being made, but at a a minimum MUST be unique to the Patient call being handled.|
|Ssp-From||An ASID||The ASID value which has been assigned by NHS Digital to the Consumer system.|
|Ssp-To||An ASID||The ASID value of the Provider system being called.|
|Ssp-InteractionID||One of the Interaction IDs shown below.||The Interaction ID retrieved from SDS and described below.|
|Value||Description and usage|
||Used when sending a request through the SSP to a Provider system to retrieve the CapabilityStatement resource, which describes the server’s capabilities.|
||Used when requesting available Slots from a Provider system.|
||Used when POSTing a new Appointment resource to a Provider in order to book an appointment.|
||Used when searching the Registry for Appointments for a specific Patient.|
||Used when reading an existing Appointment.|
||Used when updating an existing appointment, for example when setting it to Cancelled.|
To support development, a synthetic Provider system has been created. This allows development to proceed without being tightly coupled to the timescales of another system supplier.
FHIR resources used in this specification can be valiated against their profiles using this site, alternatively the resources can be POSTed to: https://data.developer.nhs.uk/ccri-fhir/STU3/[ResourceType]/$validate (making sure to set [ResourceType] to the appropriate type of Resource) using a REST client (such as POSTman).