Security validation errors
When a client system does not present correct security parameters, provider systems MUST return one of the following OperationOutcome
details:
HTTP code | Issue type | Error code | Error message |
---|---|---|---|
403 |
forbidden | ACCESS_DENIED |
Access denied |
Example: Access denied
In this scenario as resource has attempted to be accessed which the requesting user is not authoriused to view.
The JSON below represents an example response that could be returned.
{ "resourceType": "OperationOutcome", "meta": { "profile": [ "https://fhir.nhs.uk/StructureDefinition/NHSDigital-OperationOutcome" ] }, "issue": [ { "severity": "error", "code": "forbidden", "details": { "coding": [ { "system": "https://simplifier.net/guide/NHSDigital/NHSDigital-OperationOutcome-Codes", "code": "ACCESS_DENIED", "display": "Access denied" } ] }, "diagnostics": "Invalid authorisation token." } ] }