Security
Authentication and Authorisation
All traffic using the API would need to go through NHS England API management platform which would provide the forwarding and also the authentication.
The types of security supported are user-restricted and application-restricted.
Application-restricted
Authentication and authorisation of the calling application.
User-restricted
Two types of users can access the user-restricted APIs:
healthcare workers - authenticated using NHS Care Identity Service 2 (NHS CIS2) patients - authenticated using NHS login