ePMA Implementation Guidance for FHIR STU3

This guidance is under active development by NHS Digital and content may be added or updated on a regular basis.
Please note: This guidance has been superseded by the Implementation guide for digitial medicines, which contains up-to-date information.

Security validation errors

When a client system does not present correct security parameters, provider systems MUST return one of the following OperationOutcome details:

HTTP code Issue type Error code Error message
403 forbidden ACCESS_DENIED Access denied

Example: Access denied

In this scenario as resource has attempted to be accessed which the requesting user is not authoriused to view.

The JSON below represents an example response that could be returned.

{
    "resourceType": "OperationOutcome",
    "meta": {
        "profile": [
            "https://fhir.nhs.uk/STU3/StructureDefinition/Spine-OperationOutcome-1"
        ]
    },
    "issue": [
    {
        "severity": "error",
        "code": "forbidden",
        "details": {
            "coding": [
                {
                    "system": "https://fhir.nhs.uk/STU3/ValueSet/Spine-ErrorOrWarningCode-1",
                    "code": "ACCESS_DENIED",
                    "display": "Access denied"
                }
            ]
        },
        "diagnostics": "Invalid authorisation token."
    }
  ]
}
back to top