We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
API Management Product and Platform
Summary
Why and how we process your data in the API Management Platform (Developers Portal) and your rights.
| Controller | NHS Digital |
| How we use the information (processing activities) | NHS Digital runs an application program interface (API) Management Programme to help third parties integrate with NHS data services and align with the Internet First strategy. This Platform provides a standard and secure service for third parties to access NHS Digital information assets. This service improves the mechanism of exchange for patient services and data for health social care organisations. There is a developers portal within the API Management Platform that allows for development, set up and maintenance of the APIs. A small amount of personal data is required for the management of this portal and an associated collaborative tool. There is a multi-layer security for both the data that passes through the Platform and also for details of those that use the portal. |
| Does this contain sensitive (special category) data such as health information? | No |
| Who are recipients of this data? |
No |
| Is data transferred outside the UK? | Outside EEA |
| How long the data is kept | 400 days from account deletion |
| Our lawful basis for holding this data | Legal obligation |
| Your rights |
|
| How can you withdraw your consent? |
Consent is not the basis for processing. |
| Is the data subject to decisions made solely by computers? (automated decision making) | No |
| Where does this data come from? | Authorised individuals enabled to develop API messages and logic on API Management Platform |
| The legal basis for collecting this data | Health and Social Care Act (2012) – Schedule 18, part 10 (1) GDPR: |
