Implementation guide for interoperable medicines

This guidance is under active development by NHS England and content may be added or updated on a regular basis.

Security validation errors

When a client system does not present correct security parameters, provider systems MUST return one of the following OperationOutcome details:

HTTP code Issue type Error code Error message
403 forbidden ACCESS_DENIED Access denied

Example: Access denied

In this scenario as resource has attempted to be accessed which the requesting user is not authoriused to view.

The JSON below represents an example response that could be returned.

{
    "resourceType": "OperationOutcome",
    "meta": {
        "profile": [
            "https://fhir.nhs.uk/StructureDefinition/NHSDigital-OperationOutcome"
        ]
    },
    "issue": [
    {
        "severity": "error",
        "code": "forbidden",
        "details": {
            "coding": [
                {
                    "system": "https://simplifier.net/guide/NHSDigital/NHSDigital-OperationOutcome-Codes",
                    "code": "ACCESS_DENIED",
                    "display": "Access denied"
                }
            ]
        },
        "diagnostics": "Invalid authorisation token."
    }
  ]
}


back to top