ePMA Implementation Guidance for FHIR STU3

This guidance is under active development by NHS Digital and content may be added or updated on a regular basis.
Please note: This guidance has been superseded by the Implementation guide for digitial medicines, which contains up-to-date information.

Malformed request errors

When the server cannot or will not process a request due to an apparent client error then the following BAD_REQUEST error MUST be used to return debug details.

HTTP code Issue type Error code Error message
400 invalid BAD_REQUEST Submitted request is malformed / invalid.

BAD_REQUEST Spine error codes be used in the following types of scenario:

  • JWT claims information is not valid JSON, is null, or has an invalid value
  • invalid FHIR resource in JWT claim (for example, a Patient resource when Practitioner expected)
  • malformed JSON or XML content in request body
  • an expected header is missing or invalid
  • invalid HTTP verb used

Example: Malformed JSON Web Token in request

For example, if the request contained a null claim within a JSON Web Token (JWT), then the following error details would be returned:

{
    "resourceType": "OperationOutcome",
    "meta": {
        "profile": [
            "https://fhir.nhs.uk/STU3/StructureDefinition/Spine-OperationOutcome-1"
        ]
    },
     "issue": [
        {
            "severity": "error",
            "code": "invalid",
            "details": {
                "coding": [
                    {
                        "system": "https://fhir.nhs.uk/STU3/ValueSet/Spine-ErrorOrWarningCode-1",
                        "code": "BAD_REQUEST",
                        "display": "Bad request"
                    }
                ]
            },
            "diagnostics": "Malformed JWT"
        }
    ]
}


back to top