We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Overview
Use this API to engage with users of the NHS App - a simple and secure way for patients registered with a GP surgery in England to access a range of services on their smartphone or tablet.
You can:
- send in-app messages to specific users of the NHS App
- send native Apple or Android push notifications to mobile devices registered by specific users of the NHS App
Who can use this API?
This API can only be accessed by organisations that deliver functionality to citizens through the NHS App.
API status and roadmap
This API is in alpha, meaning:
- we are in the early stages of prototyping and may make extensive breaking changes based on developer feedback
- we can't guarantee availability or performance
To see our roadmap, or to suggest, comment or vote on features for this API, see our interactive product backlog.
If you have any queries, please contact us.
Technology
This API is RESTful.
Network access
This API is available on the internet, and, indirectly, on the Health and Social Care Network (HSCN).
For more details see Network access for APIs.
Authorisation
This API is application-restricted, meaning that the calling application is authenticated, but the end user is not authenticated and may not be present.
The API currently uses an API key pattern to authorise the calling system.
We are considering transitioning to using the OAuth 2.0 signed JWT authentication pattern to authorise the calling system.
Environments and testing
| API Environment | NHS Login Environment | Base URL |
|---|---|---|
| Development | Sandpit | https://dev.api.service.nhs.uk/nhs-app/ |
| Integration Testing | AOS | https://int.api.service.nhs.uk/nhs-app/ |
| Production | Production | https://api.service.nhs.uk/nhs-app/ |
Development
Our development environment:
- includes authorisation
- is for initial development and integration testing
- points to the Onboarding Sandpit NHS App environment, which in turn is using the NHS Login Sandpit environment
Integration testing
Our integration test environment:
- includes authorisation
- is for formal release testing and assurance when onboarding with NHS Login
- points to the Onboarding AOS NHS App environment, which in turn is using the NHS Login AOS environment
For more details see integration testing with our RESTful APIs.
Onboarding
You need to get your software approved by us before it can go live with this API. We call this onboarding. The onboarding process can sometimes be quite long, so it’s worth planning well ahead.
To onboard for this API, please get in touch with the NHS App onboarding team at app.onboarding@nhs.net .
Endpoint: Communication
Send a communication
Overview
Use this endpoint to send a communication to one or more NHS App users.
You can send:
- in-app messages to specific users of the NHS App
- native Apple or Android push notifications to mobile devices registered by specific users of the NHS App
Recipients are specified by NHS Number. A single communication request can be sent to between 1 and 100 distinct NHS Numbers.
Request
Headers
| Name | Description |
|---|---|
| X-Api-Key |
String
An API Key used to authenticate the calling application. For more details see Application-restricted RESTful APIs - API key authentication. If this key is not supplied, or does not grant access to this API, a 401 Unauthorized response is returned.
Example:
AHkYeqh8N1yrnKGb108puMFUdmxnATkS
Required
|
| X-Correlation-ID |
String
A unique message identifier. We use this to trace the message if you raise an issue with our helpdesk. If provided, we recommend a GUID for uniqueness and convenience. This is mirrored back in the response headers. Example:
b5bc6879-103e-4a78-975e-87e815c5da58 |
Body
Required
Content type: application/json
Examples
Sending an in-app message only
{
"campaignId" : "optional campaign id",
"requestReference" : "optional request reference",
"channels" : {
"appMessage" : {
"sender" : "Onboarded Third Party",
"body" : "You have a new appointment, please confirm you can attend. Open the Onboarded Third Party appointment [here](https://www.nhsapp.service.nhs.uk/appointments/hospital-appointments)"
}
},
"recipients" : {
"nhsNumbers" : [ "9903002157" ]
}
}Sending a push notification only
{
"campaignId" : "optional campaign id",
"requestReference" : "optional request reference",
"channels" : {
"pushNotification" : {
"title" : "You have a new message",
"body" : "The message may contain something important.",
"url" : "https://www.nhsapp.service.nhs.uk/patient/messages/app-messaging"
}
},
"recipients" : {
"nhsNumbers" : [ "9903002157" ]
}
}Sending an in-app message together with an associated push notification
{
"campaignId" : "optional campaign id",
"requestReference" : "optional request reference",
"channels" : {
"appMessage" : {
"sender" : "Onboarded Third Party",
"body" : "You have a new appointment, please confirm you can attend. Open the Onboarded Third Party appointment [here](https://www.nhsapp.service.nhs.uk/appointments/hospital-appointments)"
},
"pushNotification" : {
"title" : "You have a new message",
"body" : "The message may contain something important.",
"url" : "https://www.nhsapp.service.nhs.uk/patient/messages/app-messaging"
}
},
"recipients" : {
"nhsNumbers" : [ "9903002157" ]
}
}Schema
| Name | Description |
|---|---|
object
|
|
campaignIdstring
|
Optional Campaign Identifier, used to group multiple communication requests for later analysis.
Max length:
50Example:
optional campaign id |
requestReferencestring
|
Optional human-readable transaction reference to later identify this request.
Max length:
50Example:
optional request reference |
channelsobject
required |
The channels by which the communication will be sent, and the content for each communication channel. Currently we support sending in-app messages that appear within the NHS App. We intend to allow you to send native Apple and Android push notifications by 08 December 2020.
|
appMessageobject
|
The communication content to appear as an in-app message.
|
senderstring
required |
The name to be displayed in the NHS App as the sender of the message. The NHS App user interface will group together messages sent from the same sender name into a single thread of messages.
Pattern:
must not match <(.|\n)*?>Max length:
50Example:
Onboarded Third Party |
bodystring
required |
The body text of the message to be displayed in the NHS App. We support a subset of Markdown for in-app messages. Currently supported Markdown syntax:
Pattern:
must not match <(.|\n)*?>Max length:
1000Example:
You have a new appointment, please confirm you can attend. Open the Onboarded Third Party appointment here https://www.nhsapp.service.nhs.uk/appointments/hospital-appointments |
pushNotificationobject
|
The communication content to appear as a native Apple or Android push notification. Notifications must use unicode characters. They must not contain:
Notifications can only link to pages and features within the NHS App. |
titlestring
required |
The title to be displayed at the top of the push notification.
Max length:
50Example:
You have a new message |
bodystring
required |
The body text to be displayed in the push notification.
Max length:
200Example:
The message may contain something important. |
urlstring
uri
|
The URL to a page within the NHS App to be opened when the notification is tapped. If this property is not specified, the App will open on the home screen.
Max length:
1000Example:
https://www.nhsapp.service.nhs.uk/patient/messages/app-messaging |
recipientsobject
required |
The intended recipients of this communication. Currently we support only sending communications by NHS Number.
|
nhsNumbersarray
|
An array of NHS numbers corresponding to the patient(s) to whom this communication should be sent. Each communication may be sent to between 1 and 100 distinct NHS Numbers. The communication request will be rejected if any duplicated values exist in this array.
Example:
["9903002157","9678304287"] |
string
|
The patient's NHS Number. The primary identifier of a patient, unique within NHS England and Wales. Always 10 digits and must be a valid NHS Number.
Pattern:
^\d{10}$ |
Response
HTTP status: 201
Request successfully received by the server and queued for sending to recipients.
Headers
| Name | Description |
|---|---|
| Location |
String
The location of the newly-created resource.
|
| X-Correlation-ID |
String
If an X-Correlation-ID was specified in the request, this is mirrored in the response.
|
Body
Content type: application/json
Example
{
"id" : "a2d10720-9e72-4ae4-be72-8cbe1be292d1"
}Schema
| Name | Description |
|---|---|
object
|
|
idstring
|
An identifier for the newly-created communication resource within the destination system.
Example:
a2d10720-9e72-4ae4-be72-8cbe1be292d1 |
HTTP status: 400
There is an error in your request.
Headers
| Name | Description |
|---|---|
| X-Correlation-ID |
String
If an X-Correlation-ID was specified in the request, this is mirrored in the response.
|
Body
Content type: application/json
Examples
App message body text exceeds maximum length
[ {
"propertyName" : "Channels.AppMessage.Sender",
"message" : "Exceeds maximum length"
} ]No recipients have been specified
[ {
"propertyName" : "Recipients",
"message" : "Not specified"
} ]Some recipient NHS Numbers are invalid
[ {
"propertyName" : "Recipients.NhsNumbers",
"message" : "Specified values are invalid: '9658219003', '9618229043'"
} ]Multiple issues - sender name is missing and campaign ID exceed maximum length
[ {
"propertyName" : "CampaignId",
"message" : "Exceeds maximum length"
}, {
"propertyName" : "Channels.AppMessage.Sender",
"message" : "Not specified"
} ]Schema
| Name | Description |
|---|---|
array
|
|
object
|
|
propertyNamestring
|
The property name within the source payload that has failed validation.
Example:
Recipients.NhsNumbers |
messagestring
|
A description of the reason why the source payload has failed validation.
Example:
Specified values are invalid: '2981615972','3846131965' |
HTTP status: 401
Authorisation issue, for example a missing or invalid X-Api-Key header.
Headers
| Name | Description |
|---|---|
| X-Correlation-ID |
String
If an X-Correlation-ID was specified in the request, this is mirrored in the response.
|
Body
Content type: application/json
Examples
Invalid API key
{
"fault" : {
"faultstring" : "Invalid ApiKey",
"detail" : {
"errorcode" : "oauth.v2.InvalidApiKey"
}
}
}Invalid API key for given resource (valid API key, but not enabled for this API)
{
"fault" : {
"faultstring" : "Invalid ApiKey for given resource",
"detail" : {
"errorcode" : "oauth.v2.InvalidApiKeyForGivenResource"
}
}
}Schema
| Name | Description |
|---|---|
object
|
|
faultobject
|
|
faultStringstring
|
Example:
Invalid ApiKey |
detailobject
|
|
errorcodestring
|
Example:
oauth.v2.InvalidApiKey |
HTTP status: 403
You are not authorised to perform this operation. For example, some onboarded client Apps may be permitted to send Push Notifications but not In-App Messages, or vice versa.
Headers
| Name | Description |
|---|---|
| X-Correlation-ID |
String
If an X-Correlation-ID was specified in the request, this is mirrored in the response.
|