NHS App API

Engage with users of the NHS App.

Page contents

Overview

Use this API to engage with users of the NHS App - a simple and secure way for patients registered with a GP surgery in England to access a range of services on their smartphone or tablet.

You can:

send in-app messages to specific users of the NHS App
send native Apple or Android push notifications to mobile devices registered by specific users of the NHS App

Who can use this API?

This API can only be accessed by organisations that deliver functionality to citizens through the NHS App.

API status and roadmap

This API is in private beta, meaning:

we might make breaking changes, but only if we can't avoid it, and we'll give advance notice
we can't guarantee availability or performance

To see our roadmap, or to suggest, comment or vote on features for this API, see our interactive product backlog.

If you have any queries, please contact us.

Technology

This API is RESTful.

It also conforms to the FHIR global standard for health care data exchange. Specifically, it is aligned with FHIR UK Core, which is built on FHIR Release 4.

You don't need to know much about FHIR to use this API - FHIR APIs are just RESTful APIs that follow specific rules. In particular:

resource names are capitalised and singular, for example /CommunicationRequest not /communicationRequests
array names are singular, for example recipient not recipients for communication recipients
data items that are country-specific and thus not included in the FHIR global base resources are usually wrapped in an extension object.

Network access

This API is available on the internet, and, indirectly, on the Health and Social Care Network (HSCN).

For more details see Network access for APIs.

Authorisation

This API is application-restricted, meaning we authenticate the calling application but not the end user. In particular, the three FHIR CommunicationRequest endpoints use signed JWT authentication - you authenticate your application by sending a signed JSON web token (JWT) to our OAuth 2.0 authorisation server. For more details see Application-restricted RESTful APIs - signed JWT authentication.

The non-FHIR communication endpoint used an API key pattern to authorise the calling system. This endpoint has been deprecated and will soon be removed from the API. It should no longer be used.

Environments and testing

API Environment	NHS Login Environment	Base URL
Development	Sandpit	`https://dev.api.service.nhs.uk/nhs-app/`
Integration Testing	AOS	`https://int.api.service.nhs.uk/nhs-app/`
Production	Production	`https://api.service.nhs.uk/nhs-app/`

Development

Our development environment:

includes authorisation
is for initial development and integration testing
points to the Onboarding Sandpit NHS App environment, which in turn is using the NHS Login Sandpit environment

Integration testing

Our integration test environment:

includes authorisation
is for formal release testing and assurance when onboarding with NHS Login
points to the Onboarding AOS NHS App environment, which in turn is using the NHS Login AOS environment

For more details see integration testing with our RESTful APIs.

Onboarding

You need to get your software approved by us before it can go live with this API. We call this onboarding. The onboarding process can sometimes be quite long, so it’s worth planning well ahead.

To onboard for this API, please get in touch with the NHS App onboarding team at app.onboarding@nhs.net .

Endpoints: Communication

Send a communication (deprecated)

post

/communication

Try this API

Overview

This non-FHIR endpoint has been deprecated and will soon be removed from the API. It should no longer be used. Instead, please use one of the three FHIR R4 CommunicationRequest endpoints, depending on whether your use case requires sending a communication via in-app message only, push notification only, or both in-app message with an associated push notification.

You can send:

in-app messages to specific users of the NHS App
native Apple or Android push notifications to mobile devices registered by specific users of the NHS App

Recipients are specified by NHS number. A single communication request can be sent to between 1 and 100 distinct NHS numbers.

Request

Headers

Name	Description
X-Api-Key	String An API Key used to authenticate the calling application. For more details see Application-restricted RESTful APIs - API key authentication. If this key is not supplied, or does not grant access to this API, a 401 Unauthorized response is returned. Example: `AHkYeqh8N1yrnKGb108puMFUdmxnATkS` Required
X-Correlation-ID	String A unique message identifier. We use this to trace the message if you raise an issue with our helpdesk. If provided, we recommend a GUID for uniqueness and convenience. This is mirrored back in the response headers. Example: `b5bc6879-103e-4a78-975e-87e815c5da58`

Body

Required

Content type: application/json

Examples

Sending an in-app message only

{
  "campaignId" : "optional campaign id",
  "requestReference" : "optional request reference",
  "channels" : {
    "appMessage" : {
      "sender" : "Onboarded Third Party",
      "body" : "You have a new appointment, please confirm you can attend. Open the Onboarded Third Party appointment [here](https://www.nhsapp.service.nhs.uk/appointments/hospital-appointments)"
    }
  },
  "recipients" : {
    "nhsNumbers" : [ "9903002157" ]
  }
}

Sending a push notification only

{
  "campaignId" : "optional campaign id",
  "requestReference" : "optional request reference",
  "channels" : {
    "pushNotification" : {
      "title" : "You have a new message",
      "body" : "The message may contain something important.",
      "url" : "https://www.nhsapp.service.nhs.uk/patient/messages/app-messaging"
    }
  },
  "recipients" : {
    "nhsNumbers" : [ "9903002157" ]
  }
}

Sending an in-app message together with an associated push notification

{
  "campaignId" : "optional campaign id",
  "requestReference" : "optional request reference",
  "channels" : {
    "appMessage" : {
      "sender" : "Onboarded Third Party",
      "body" : "You have a new appointment, please confirm you can attend. Open the Onboarded Third Party appointment [here](https://www.nhsapp.service.nhs.uk/appointments/hospital-appointments)"
    },
    "pushNotification" : {
      "title" : "You have a new message",
      "body" : "The message may contain something important.",
      "url" : "https://www.nhsapp.service.nhs.uk/patient/messages/app-messaging"
    }
  },
  "recipients" : {
    "nhsNumbers" : [ "9903002157" ]
  }
}

Schema

Name	Description
`object`
`campaignId` `string`	Optional Campaign Identifier, used to group multiple communication requests for later analysis. Max length: `50` Example: `optional campaign id`
`requestReference` `string`	Optional human-readable transaction reference to later identify this request. Max length: `50` Example: `optional request reference`
`channels` `object` `required`	The channels by which the communication will be sent, and the content for each communication channel. We support sending in-app messages that appear within the NHS App, and native Apple and Android push notifications.
`appMessage` `object`	The communication content to appear as an in-app message.
`sender` `string` `required`	The name to be displayed in the NHS App as the sender of the message. The NHS App user interface will group together messages sent from the same sender name into a single thread of messages. Pattern: `must not match <(.\|\n)*?>` Max length: `50` Example: `Onboarded Third Party`
`body` `string` `required`	The body text of the message to be displayed in the NHS App. We support a subset of Markdown for in-app messages. Currently supported Markdown syntax: Emphasis Bold text Bold Italic text _Italic_ Lists Bullet list: * Item1 * Item2 * Item3 Ordered lists 1. Item1 2. Item2 3. Item3 Links with text [Link text](https://en.wikipedia.org/wiki/Markdown) Links with title [Link text](https://en.wikipedia.org/wiki/Markdown, "Title text") Images ![NHS Logo](https://assets.nhs.uk/images/nhs-logo.png) Pattern: `must not match <(.\|\n)*?>` Max length: `5000` Example: `You have a new appointment, please confirm you can attend. Open the Onboarded Third Party appointment here https://www.nhsapp.service.nhs.uk/appointments/hospital-appointments`
`pushNotification` `object`	The communication content to appear as a native Apple or Android push notification. Notifications must use unicode characters. They must not contain: personally identifiable information (for example: the name of a user's doctor) sensitive information (for example: details about a health condition) links to external websites Notifications can only link to pages and features within the NHS App.
`title` `string` `required`	The title to be displayed at the top of the push notification. Max length: `50` Example: `You have a new message`
`body` `string` `required`	The body text to be displayed in the push notification. Max length: `200` Example: `The message may contain something important.`
`url` `string` `uri`	The URL to a page within the NHS App to be opened when the notification is tapped. If this property is not specified, the App will open on the home screen. Max length: `1000` Example: `https://www.nhsapp.service.nhs.uk/patient/messages/app-messaging`
`recipients` `object` `required`	The intended recipients of this communication. Currently we support only sending communications by NHS number.
`nhsNumbers` `array`	An array of NHS numbers corresponding to the patient(s) to whom this communication should be sent. Each communication may be sent to between 1 and 100 distinct NHS numbers. The communication request will be rejected if any duplicated values exist in this array. Example: `["9903002157","9678304287"]`
`string`	The patient's NHS number. The primary identifier of a patient, unique within NHS England and Wales. Always 10 digits and must be a valid NHS number. Pattern: `^\d{10}$`

Response

HTTP status: 201

Request successfully received by the server and queued for sending to recipients.

Headers

Name	Description
Location	String The location of the newly-created resource.
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/json

Example

{
  "id" : "a2d10720-9e72-4ae4-be72-8cbe1be292d1"
}

Schema

Name	Description
`object`
`id` `string`	An identifier for the newly-created communication resource within the destination system. Example: `a2d10720-9e72-4ae4-be72-8cbe1be292d1`

HTTP status: 400

There is an error in your request.

Headers

Name	Description
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/json

Examples

App message body text exceeds maximum length

[ {
  "propertyName" : "Channels.AppMessage.Sender",
  "message" : "Exceeds maximum length"
} ]

No recipients have been specified

[ {
  "propertyName" : "Recipients",
  "message" : "Not specified"
} ]

Some recipient NHS numbers are invalid

[ {
  "propertyName" : "Recipients.NhsNumbers",
  "message" : "Specified values are invalid: '9658219003', '9618229043'"
} ]

Multiple issues - sender name is missing and campaign ID exceed maximum length

[ {
  "propertyName" : "CampaignId",
  "message" : "Exceeds maximum length"
}, {
  "propertyName" : "Channels.AppMessage.Sender",
  "message" : "Not specified"
} ]

Schema

Name	Description
`array`
`object`
`propertyName` `string`	The property name within the source payload that has failed validation. Example: `Recipients.NhsNumbers`
`message` `string`	A description of the reason why the source payload has failed validation. Example: `Specified values are invalid: '2981615972','3846131965'`

HTTP status: 401

Authorisation issue, for example a missing or invalid X-Api-Key header.

Headers

Name	Description
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/json

Examples

Invalid API key

{
  "fault" : {
    "faultstring" : "Invalid ApiKey",
    "detail" : {
      "errorcode" : "oauth.v2.InvalidApiKey"
    }
  }
}

Invalid API key for given resource (valid API key, but not enabled for this API)

{
  "fault" : {
    "faultstring" : "Invalid ApiKey for given resource",
    "detail" : {
      "errorcode" : "oauth.v2.InvalidApiKeyForGivenResource"
    }
  }
}

Schema

Name	Description
`object`
`fault` `object`
`faultString` `string`	Example: `Invalid ApiKey`
`detail` `object`
`errorcode` `string`	Example: `oauth.v2.InvalidApiKey`

HTTP status: 403

You are not authorised to perform this operation. For example, some onboarded client Apps may be permitted to send Push Notifications but not In-App Messages, or vice versa.

Headers

Name	Description
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Send an in-app message

post

/communication/in-app/FHIR/R4/CommunicationRequest

Try this API

Overview

Use this endpoint to send an in-app message to one or more NHS App users.

Recipients are specified by NHS number. A single request to this endpoint can send an identical message to between 1 and 100 distinct NHS numbers.

We support a subset of Markdown for describing the body text of in-app messages. The length of each in-app message is limited to 5000 characters, including any markdown characters and embedded hyperlinks.

The body of requests made to this endpoint are instances of HL7 FHIR R4 CommunicationRequest resources. This schema documentation describes which fields on that resource we require and support. The API is tolerant of (but will silently ignore) any additionally supplied optional fields. For example, we do not currently honour the doNotPerform or priority fields.

Request

Headers

Name	Description
Authorization	String `(^Bearer\ [[:ascii:]]+$)` An OAuth 2.0 bearer token. Example: `Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM` Required
X-Correlation-ID	String A unique message identifier. We use this to trace the message if you raise an issue with our helpdesk. If provided, we recommend a GUID for uniqueness and convenience. This is mirrored back in the response headers. Example: `b5bc6879-103e-4a78-975e-87e815c5da58`

Body

Required

Content type: application/json

Example

Sending an in-app message

{
  "resourceType" : "CommunicationRequest",
  "identifier" : [ {
    "system" : "https://fhir.nhs.uk/NHSApp/campaign-id",
    "value" : "optional campaign id"
  }, {
    "system" : "https://fhir.nhs.uk/NHSApp/request-id",
    "value" : "optional request reference"
  } ],
  "status" : "active",
  "payload" : [ {
    "contentString" : "You have a new appointment, please confirm you can attend. Open the Onboarded Third Party appointment [here](https://www.nhsapp.service.nhs.uk/appointments/hospital-appointments)"
  } ],
  "sender" : {
    "display" : "Onboarded Third Party"
  },
  "recipient" : [ {
    "type" : "Patient",
    "identifier" : {
      "system" : "https://fhir.nhs.uk/Id/nhs-number",
      "value" : "9903002157"
    }
  } ]
}

Schema

Name	Description
`object`	Communication request to send a in-app message
`resourceType` `string` `required`	FHIR Resource Type - this must be `CommunicationRequest`.
`identifier` `array`	An optional array of identifiers used to identify this request for later analysis. We have defined the following two systems for identifiers that will be stored with the request: Campaign ID - denoted by system https://fhir.nhs.uk/NHSApp/campaign-id . This is an optional campaign identifier, used for later identification of a group of multiple communication requests. For example, this could be used to identify all messages that pertain to invitations for a particular vaccination programme. Request Reference - denoted by system https://fhir.nhs.uk/NHSApp/request-id . This is an optional request identifier, used for later identification of a specific request. Note that these identifier system names are case-sensitive. The values provided for each of these two identifiers are limited to 50 characters, and must not match the regular expression `<(.\|\n)*?>`. No more than one campaign ID and one request reference can be supplied with each request. The API will not reject requests that contain other identifier systems, but these values will be ignored and not recorded against the request. When a `CommunicationRequest` resource is returned in the response body to a successful request, this array will also include a globally unique identifier assigned by the API, with the system `urn:ietf:rfc:3986`. This is the same logical ID contained within the `Location` header of the successful response.
`object`
`system` `string` `uri`	The namespace for the identifier value Example: `https://fhir.nhs.uk/NHSApp/campaign-id`
`value` `string`	The value of the identifier Example: `Optional campaign ID`
`status` `string` `required`	Request Status of the message. This must always be `active` (case-sensitive). Default: `active`
`payload` `array` `required`	The body text of the message to be displayed in the NHS App
`object`
`contentString` `string` `required`	The body text of the message to be displayed in the NHS App. We support a subset of Markdown for in-app messages. Currently supported Markdown syntax: Emphasis Bold text Bold Italic text _Italic_ Lists Bullet list: * Item1 * Item2 * Item3 Ordered lists 1. Item1 2. Item2 3. Item3 Links with text [Link text](https://en.wikipedia.org/wiki/Markdown) Links with title [Link text](https://en.wikipedia.org/wiki/Markdown, "Title text") Images ![NHS Logo](https://assets.nhs.uk/images/nhs-logo.png) Pattern: `must not match <(.\|\n)*?>` Max length: `5000` Example: `You have a new appointment, please confirm you can attend. Open the Onboarded Third Party appointment here https://www.nhsapp.service.nhs.uk/appointments/hospital-appointments`
`sender` `object` `required`	The sender of the in-app message.
`display` `string` `required`	The name to be displayed in the NHS App as the sender of the message. The NHS App user interface will group together messages sent from the same sender name into a single thread of messages. Pattern: `must not match <(.\|\n)*?>` Max length: `50` Example: `Onboarded Third Party`
`recipient` `array` `required`	An array of NHS numbers corresponding to the patient(s) to whom this in-app message should be sent. Each communication may be sent to between 1 and 100 distinct NHS numbers. The communication request will be rejected if any duplicated values exist in this array. Max items: `100` Min items: `1`
`object`
`type` `string`	FHIR resource type that the reference refers to. This should be `Patient`. Example: `Patient`
`identifier` `object`	Identifier of a recipient. This should be an NHS number.
`system` `string` `uri` `required`	The system that the identifier belongs to. This should be https://fhir.nhs.uk/Id/nhs-number Default: `https://fhir.nhs.uk/Id/nhs-number`
`value` `string` `required`	The patient's NHS number. The primary identifier of a patient, unique within NHS England and Wales. Always 10 digits and must be a valid NHS number. Pattern: `^\d{10}$` Example: `9903002157`

Response

HTTP status: 201

Request successfully received by the server and queued for sending to recipients.

Headers

Name	Description
Location	String The location of the newly-created resource.
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/fhir+json

Example

{
  "resourceType" : "CommunicationRequest",
  "identifier" : [ {
    "system" : "urn:ietf:rfc:3986",
    "value" : "8f7ec136-66eb-4a9e-97ca-5c7a53d2710c"
  }, {
    "system" : "https://fhir.nhs.uk/NHSApp/campaign-id",
    "value" : "optional campaign id"
  }, {
    "system" : "https://fhir.nhs.uk/NHSApp/request-id",
    "value" : "optional request reference"
  } ],
  "status" : "active",
  "payload" : [ {
    "contentString" : "You have a new appointment, please confirm you can attend. Open the Onboarded Third Party appointment [here](https://www.nhsapp.service.nhs.uk/appointments/hospital-appointments)"
  } ],
  "recipient" : [ {
    "identifier" : {
      "system" : "https://fhir.nhs.uk/Id/nhs-number",
      "value" : "9903002157"
    }
  } ],
  "sender" : {
    "display" : "Onboarded Third Party"
  }
}

Schema

Name	Description
`object`
`id` `string`	An identifier for the newly-created communication resource within the destination system. Example: `a2d10720-9e72-4ae4-be72-8cbe1be292d1`

HTTP status: 400

There is an error in your request.

Headers

Name	Description
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/fhir+json

Examples

Invalid resource type

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "type (at Cannot locate type information for type 'communicationrequest')"
  } ]
}

Payload body text exceeds maximum length

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "Exceeds maximum length",
    "expression" : [ "payload[0].contentString" ]
  } ]
}

No recipients have been specified

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "Not specified",
    "expression" : [ "recipient" ]
  } ]
}

A recipient has an invalid NHS number

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "NHS Number is invalid",
    "expression" : [ "recipient[0].identifier.value" ]
  } ]
}

Multiple issues - sender name is missing and campaign ID exceed maximum length

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "Multiple Campaign IDs specified",
    "expression" : [ "identifier" ]
  }, {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "Exceeds maximum length",
    "expression" : [ "identifier[2].value" ]
  }, {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "Not specified",
    "expression" : [ "sender.display" ]
  } ]
}

Schema

Name	Description
`object`	Operation outcome
`resourceType` `string` `read-only`	FHIR Resource Type. Default: `OperationOutcome`
`issue` `array`	List of issues that have occurred. Min items: `1`
`object`
`severity` `string` `required`	Severity of the error. Allowed values: `fatal`, `error`, `warning`, `information` Example: `error`
`code` `string` `required`	FHIR error code. Allowed values: `invalid`, `security`, `processing`, `forbidden` Example: `invalid`
`diagnostics` `string`	Additional diagnostic information about the issue. Example: `Not specified`
`expression` `array`	FHIRPath of element(s) related to the error.
`string`	Example: `sender.display`

HTTP status: 401

Authorisation issue, for example a missing or invalid bearer token.

Headers

Name	Description
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/fhir+json

Example

Invalid Access Token

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "forbidden",
    "diagnostics" : "Invalid Access Token"
  } ]
}

Schema

Name	Description
`object`	Operation outcome
`resourceType` `string` `read-only`	FHIR Resource Type. Default: `OperationOutcome`
`issue` `array`	List of issues that have occurred. Min items: `1`
`object`
`severity` `string` `required`	Severity of the error. Allowed values: `fatal`, `error`, `warning`, `information` Example: `error`
`code` `string` `required`	FHIR error code. Allowed values: `invalid`, `security`, `processing`, `forbidden` Example: `invalid`
`diagnostics` `string`	Additional diagnostic information about the issue. Example: `Not specified`
`expression` `array`	FHIRPath of element(s) related to the error.
`string`	Example: `sender.display`

HTTP status: 403

You are not authorised to perform this operation. For example, some onboarded client Apps may be permitted to send Push Notifications but not In-App Messages, or vice versa.

Headers

Name	Description
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/fhir+json

Example

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "security",
    "diagnostics" : "Supplier with ID c53d9ed3-b4fe-408e-8908-d185aa7d6fec does not have channel Push Notification permission"
  } ]
}

Schema

Name	Description
`object`	Operation outcome
`resourceType` `string` `read-only`	FHIR Resource Type. Default: `OperationOutcome`
`issue` `array`	List of issues that have occurred. Min items: `1`
`object`
`severity` `string` `required`	Severity of the error. Allowed values: `fatal`, `error`, `warning`, `information` Example: `error`
`code` `string` `required`	FHIR error code. Allowed values: `invalid`, `security`, `processing`, `forbidden` Example: `invalid`
`diagnostics` `string`	Additional diagnostic information about the issue. Example: `Not specified`
`expression` `array`	FHIRPath of element(s) related to the error.
`string`	Example: `sender.display`

HTTP status: 429

You have exceeded your application's rate limit.

Headers

Name	Description
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/fhir+json

Schema

Name	Description
`object`	Operation outcome
`resourceType` `string` `read-only`	FHIR Resource Type. Default: `OperationOutcome`
`issue` `array`	List of issues that have occurred. Min items: `1`
`object`
`severity` `string` `required`	Severity of the error. Allowed values: `fatal`, `error`, `warning`, `information` Example: `error`
`code` `string` `required`	FHIR error code. Allowed values: `invalid`, `security`, `processing`, `forbidden` Example: `invalid`
`diagnostics` `string`	Additional diagnostic information about the issue. Example: `Not specified`
`expression` `array`	FHIRPath of element(s) related to the error.
`string`	Example: `sender.display`

Send an in-app message with an associated push notification

post

/communication/in-app-with-notification/FHIR/R4/CommunicationRequest

Try this API

Overview

Use this endpoint to send an in-app message followed immediately by an associated native Apple or Android push notification to one or more NHS App users.

Recipients are specified by NHS number. A single request to this endpoint can send an identical message and push notification to between 1 and 100 distinct NHS numbers.

If a recipient is an active NHS App user but has not registered a device to receive native push notifications, they will still receive the in-app message.

This endpoint allows you to specify the content that will appear in the in-app message. It does not allow you to specify the content that will appear in the associated push notification. The content of the push notification will always default to standardised text that currently reads "You have a new message. This may contain important information". When a recipient taps the native notification, the NHS App will open on the in-app messaging inbox page.

Request

Headers

Name	Description
Authorization	String `(^Bearer\ [[:ascii:]]+$)` An OAuth 2.0 bearer token. Example: `Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM` Required
X-Correlation-ID	String A unique message identifier. We use this to trace the message if you raise an issue with our helpdesk. If provided, we recommend a GUID for uniqueness and convenience. This is mirrored back in the response headers. Example: `b5bc6879-103e-4a78-975e-87e815c5da58`

Body

Required

Content type: application/json

Example

Sending in app messages and push notifications

{
  "resourceType" : "CommunicationRequest",
  "identifier" : [ {
    "system" : "https://fhir.nhs.uk/NHSApp/campaign-id",
    "value" : "optional campaign id"
  }, {
    "system" : "https://fhir.nhs.uk/NHSApp/request-id",
    "value" : "optional request reference"
  } ],
  "status" : "active",
  "payload" : [ {
    "contentString" : "You have a new appointment, please confirm you can attend. Open the Onboarded Third Party appointment [here](https://www.nhsapp.service.nhs.uk/appointments/hospital-appointments)"
  } ],
  "sender" : {
    "display" : "Onboarded Third Party"
  },
  "recipient" : [ {
    "type" : "Patient",
    "identifier" : {
      "system" : "https://fhir.nhs.uk/Id/nhs-number",
      "value" : "9903002157"
    }
  } ]
}

Schema

Name	Description
`object`	Communication request for Sending an in-app message together with an associated push notification
`resourceType` `string` `required`	FHIR Resource Type - this must be `CommunicationRequest`.
`identifier` `array`	An optional array of identifiers used to identify this request for later analysis. We have defined the following two systems for identifiers that will be stored with the request: Campaign ID - denoted by system https://fhir.nhs.uk/NHSApp/campaign-id . This is an optional campaign identifier, used for later identification of a group of multiple communication requests. For example, this could be used to identify all messages that pertain to invitations for a particular vaccination programme. Request Reference - denoted by system https://fhir.nhs.uk/NHSApp/request-id . This is an optional request identifier, used for later identification of a specific request. Note that these identifier system names are case-sensitive. The values provided for each of these two identifiers are limited to 50 characters, and must not match the regular expression `<(.\|\n)*?>`. No more than one campaign ID and one request reference can be supplied with each request. The API will not reject requests that contain other identifier systems, but these values will be ignored and not recorded against the request. When a `CommunicationRequest` resource is returned in the response body to a successful request, this array will also include a globally unique identifier assigned by the API, with the system `urn:ietf:rfc:3986`. This is the same logical ID contained within the `Location` header of the successful response.
`object`
`system` `string` `uri`	The namespace for the identifier value Example: `https://fhir.nhs.uk/NHSApp/campaign-id`
`value` `string`	The value of the identifier Example: `Optional campaign ID`
`status` `string` `required`	Request Status of the message. This must always be `active` (case-sensitive). Default: `active`
`payload` `array` `required`	The body text of the message to be displayed in the NHS App
`object`
`contentString` `string` `required`	The body text of the message to be displayed in the NHS App. We support a subset of Markdown for in-app messages. Currently supported Markdown syntax: Emphasis Bold text Bold Italic text _Italic_ Lists Bullet list: * Item1 * Item2 * Item3 Ordered lists 1. Item1 2. Item2 3. Item3 Links with text [Link text](https://en.wikipedia.org/wiki/Markdown) Links with title [Link text](https://en.wikipedia.org/wiki/Markdown, "Title text") Images ![NHS Logo](https://assets.nhs.uk/images/nhs-logo.png) Pattern: `must not match <(.\|\n)*?>` Max length: `5000` Example: `You have a new appointment, please confirm you can attend. Open the Onboarded Third Party appointment here https://www.nhsapp.service.nhs.uk/appointments/hospital-appointments`
`sender` `object` `required`	The sender of the in-app message.
`display` `string` `required`	The name to be displayed in the NHS App as the sender of the message. The NHS App user interface will group together messages sent from the same sender name into a single thread of messages. Pattern: `must not match <(.\|\n)*?>` Max length: `50` Example: `Onboarded Third Party`
`recipient` `array` `required`	An array of NHS numbers corresponding to the patient(s) to whom this in-app message and push notification should be sent. Each communication may be sent to between 1 and 100 distinct NHS numbers. The communication request will be rejected if any duplicated values exist in this array. Max items: `100` Min items: `1`
`object`
`type` `string`	FHIR resource type that the reference refers to. This should be `Patient`. Example: `Patient`
`identifier` `object`	Identifier of a recipient. This should be an NHS number.
`system` `string` `uri` `required`	The system that the identifier belongs to. This should be https://fhir.nhs.uk/Id/nhs-number Default: `https://fhir.nhs.uk/Id/nhs-number`
`value` `string` `required`	The patient's NHS number. The primary identifier of a patient, unique within NHS England and Wales. Always 10 digits and must be a valid NHS number. Pattern: `^\d{10}$` Example: `9903002157`

Response

HTTP status: 201

Request successfully received by the server and queued for sending to recipients.

Headers

Name	Description
Location	String The location of the newly-created resource.
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/fhir+json

Example

{
  "resourceType" : "CommunicationRequest",
  "identifier" : [ {
    "system" : "urn:ietf:rfc:3986",
    "value" : "58dccb28-671f-4237-8095-e80cf54861e1"
  }, {
    "system" : "https://fhir.nhs.uk/NHSApp/campaign-id",
    "value" : "optional campaign id"
  }, {
    "system" : "https://fhir.nhs.uk/NHSApp/request-id",
    "value" : "optional request reference"
  } ],
  "status" : "active",
  "payload" : [ {
    "contentString" : "You have a new appointment, please confirm you can attend. Open the Onboarded Third Party appointment [here](https://www.nhsapp.service.nhs.uk/appointments/hospital-appointments)"
  } ],
  "recipient" : [ {
    "identifier" : {
      "system" : "https://fhir.nhs.uk/Id/nhs-number",
      "value" : "9903002157"
    }
  } ],
  "sender" : {
    "display" : "Onboarded Third Party"
  }
}

Schema

Name	Description
`object`
`id` `string`	An identifier for the newly-created communication resource within the destination system. Example: `a2d10720-9e72-4ae4-be72-8cbe1be292d1`

HTTP status: 400

There is an error in your request.

Headers

Name	Description
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/fhir+json

Examples

Invalid resource type

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "type (at Cannot locate type information for type 'communicationrequest')"
  } ]
}

Payload body text exceeds maximum length

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "Exceeds maximum length",
    "expression" : [ "payload[0].contentString" ]
  } ]
}

No recipients have been specified

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "Not specified",
    "expression" : [ "recipient" ]
  } ]
}

A recipient has an invalid NHS number

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "NHS Number is invalid",
    "expression" : [ "recipient[0].identifier.value" ]
  } ]
}

Multiple issues - sender name is missing and campaign ID exceed maximum length

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "Multiple Campaign IDs specified",
    "expression" : [ "identifier" ]
  }, {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "Exceeds maximum length",
    "expression" : [ "identifier[2].value" ]
  }, {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "Not specified",
    "expression" : [ "sender.display" ]
  } ]
}

Schema

Name	Description
`object`	Operation outcome
`resourceType` `string` `read-only`	FHIR Resource Type. Default: `OperationOutcome`
`issue` `array`	List of issues that have occurred. Min items: `1`
`object`
`severity` `string` `required`	Severity of the error. Allowed values: `fatal`, `error`, `warning`, `information` Example: `error`
`code` `string` `required`	FHIR error code. Allowed values: `invalid`, `security`, `processing`, `forbidden` Example: `invalid`
`diagnostics` `string`	Additional diagnostic information about the issue. Example: `Not specified`
`expression` `array`	FHIRPath of element(s) related to the error.
`string`	Example: `sender.display`

HTTP status: 401

Authorisation issue, for example a missing or invalid X-Api-Key header.

Headers

Name	Description
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/fhir+json

Example

Invalid Access Token

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "forbidden",
    "diagnostics" : "Invalid Access Token"
  } ]
}

Schema

Name	Description
`object`	Operation outcome
`resourceType` `string` `read-only`	FHIR Resource Type. Default: `OperationOutcome`
`issue` `array`	List of issues that have occurred. Min items: `1`
`object`
`severity` `string` `required`	Severity of the error. Allowed values: `fatal`, `error`, `warning`, `information` Example: `error`
`code` `string` `required`	FHIR error code. Allowed values: `invalid`, `security`, `processing`, `forbidden` Example: `invalid`
`diagnostics` `string`	Additional diagnostic information about the issue. Example: `Not specified`
`expression` `array`	FHIRPath of element(s) related to the error.
`string`	Example: `sender.display`

HTTP status: 403

You are not authorised to perform this operation. For example, some onboarded client Apps may be permitted to send Push Notifications but not In-App Messages, or vice versa.

Headers

Name	Description
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/fhir+json

Example

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "security",
    "diagnostics" : "Supplier with ID c53d9ed3-b4fe-408e-8908-d185aa7d6fec does not have channel Push Notification permission"
  } ]
}

Schema

Name	Description
`object`	Operation outcome
`resourceType` `string` `read-only`	FHIR Resource Type. Default: `OperationOutcome`
`issue` `array`	List of issues that have occurred. Min items: `1`
`object`
`severity` `string` `required`	Severity of the error. Allowed values: `fatal`, `error`, `warning`, `information` Example: `error`
`code` `string` `required`	FHIR error code. Allowed values: `invalid`, `security`, `processing`, `forbidden` Example: `invalid`
`diagnostics` `string`	Additional diagnostic information about the issue. Example: `Not specified`
`expression` `array`	FHIRPath of element(s) related to the error.
`string`	Example: `sender.display`

HTTP status: 429

You have exceeded your application's rate limit.

Headers

Name	Description
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/fhir+json

Schema

Name	Description
`object`	Operation outcome
`resourceType` `string` `read-only`	FHIR Resource Type. Default: `OperationOutcome`
`issue` `array`	List of issues that have occurred. Min items: `1`
`object`
`severity` `string` `required`	Severity of the error. Allowed values: `fatal`, `error`, `warning`, `information` Example: `error`
`code` `string` `required`	FHIR error code. Allowed values: `invalid`, `security`, `processing`, `forbidden` Example: `invalid`
`diagnostics` `string`	Additional diagnostic information about the issue. Example: `Not specified`
`expression` `array`	FHIRPath of element(s) related to the error.
`string`	Example: `sender.display`

Send a push notification

post

/communication/notification/FHIR/R4/CommunicationRequest

Try this API

Overview

Use this endpoint to send a native Apple or Android push notifications to mobile devices registered by specific users of the NHS App.

Recipients are specified by NHS number. A single request to this endpoint can send an identical push notification to between 1 and 100 distinct NHS numbers.

The body text of notifications can be up to 200 characters in length.

They must not contain

personally identifiable information (for example:the name of a user's doctor)
sensitive information (for example:details about a health condition)
links to external websites

You can also optionally specify a URL for a page within the NHS App to be opened when the recipient taps on the push notification. If a URL is not specified, the NHS App will open on the home page.

Request

Headers

Name	Description
Authorization	String `(^Bearer\ [[:ascii:]]+$)` An OAuth 2.0 bearer token. Example: `Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM` Required
X-Correlation-ID	String A unique message identifier. We use this to trace the message if you raise an issue with our helpdesk. If provided, we recommend a GUID for uniqueness and convenience. This is mirrored back in the response headers. Example: `b5bc6879-103e-4a78-975e-87e815c5da58`

Body

Required

Content type: application/fhir+json

Example

Sending a push notification

{
  "resourceType" : "CommunicationRequest",
  "identifier" : [ {
    "system" : "https://fhir.nhs.uk/NHSApp/campaign-id",
    "value" : "optional campaign id"
  }, {
    "system" : "https://fhir.nhs.uk/NHSApp/request-id",
    "value" : "optional request reference"
  } ],
  "status" : "active",
  "payload" : [ {
    "contentReference" : {
      "reference" : "https://www.nhsapp.service.nhs.uk/patient/messages/app-messaging",
      "display" : "You have a new message. The message may contain something important."
    }
  } ],
  "recipient" : [ {
    "type" : "Patient",
    "identifier" : {
      "system" : "https://fhir.nhs.uk/Id/nhs-number",
      "value" : "9903002157"
    }
  } ]
}

Schema

Name	Description
`object`	Communication request for sending a push notification
`resourceType` `string` `required`	FHIR Resource Type - this must be `CommunicationRequest`.
`identifier` `array`	An optional array of identifiers used to identify this request for later analysis. We have defined the following two systems for identifiers that will be stored with the request: Campaign ID - denoted by system https://fhir.nhs.uk/NHSApp/campaign-id . This is an optional campaign identifier, used for later identification of a group of multiple communication requests. For example, this could be used to identify all messages that pertain to invitations for a particular vaccination programme. Request Reference - denoted by system https://fhir.nhs.uk/NHSApp/request-id . This is an optional request identifier, used for later identification of a specific request. Note that these identifier system names are case-sensitive. The values provided for each of these two identifiers are limited to 50 characters, and must not match the regular expression `<(.\|\n)*?>`. No more than one campaign ID and one request reference can be supplied with each request. The API will not reject requests that contain other identifier systems, but these values will be ignored and not recorded against the request. When a `CommunicationRequest` resource is returned in the response body to a successful request, this array will also include a globally unique identifier assigned by the API, with the system `urn:ietf:rfc:3986`. This is the same logical ID contained within the `Location` header of the successful response.
`object`
`system` `string` `uri`	The namespace for the identifier value Example: `https://fhir.nhs.uk/NHSApp/campaign-id`
`value` `string`	The value of the identifier Example: `Optional campaign ID`
`status` `string` `required`	Request Status of the message. This must always be `active` (case-sensitive). Default: `active`
`payload` `array` `required`	The body text to be displayed in the push notification.
`object`
`contentReference` `object` `required`	Structure of body text in the push notification.
`reference` `string` `url` `required`	The URL to a page within the NHS App to be opened when the notification is tapped. If this property is not specified, the App will open on the home screen. Max length: `1000` Example: `https://www.nhsapp.service.nhs.uk/patient/messages/app-messaging`
`display` `string` `required`	The communication content to appear as a native Apple or Android push notification. Notifications must use unicode characters. They must not contain * personally identifiable information (for example:the name of a user's doctor) * sensitive information (for example:details about a health condition) * links to external websites Notifications can only link to pages and features within the NHS App. Max length: `200` Example: `You have a new message. The message may contain something important.`
`recipient` `array` `required`	An array of NHS numbers corresponding to the patient(s) to whom this push notification should be sent. Each communication may be sent to between 1 and 100 distinct NHS numbers. The communication request will be rejected if any duplicated values exist in this array. Max items: `100` Min items: `1`
`object`
`type` `string`	FHIR resource type that the reference refers to. This should be `Patient`. Example: `Patient`
`identifier` `object`	Identifier of a recipient. This should be an NHS number.
`system` `string` `uri` `required`	The system that the identifier belongs to. This should be https://fhir.nhs.uk/Id/nhs-number Default: `https://fhir.nhs.uk/Id/nhs-number`
`value` `string` `required`	The patient's NHS number. The primary identifier of a patient, unique within NHS England and Wales. Always 10 digits and must be a valid NHS number. Pattern: `^\d{10}$` Example: `9903002157`

Response

HTTP status: 201

Request successfully received by the server and queued for sending to recipients.

Headers

Name	Description
Location	String The location of the newly-created resource.
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/fhir+json

Example

{
  "resourceType" : "CommunicationRequest",
  "identifier" : [ {
    "system" : "urn:ietf:rfc:3986",
    "value" : "54615138-df34-4a79-840d-dd07e9451519"
  }, {
    "system" : "https://fhir.nhs.uk/NHSApp/campaign-id",
    "value" : "optional campaign id"
  }, {
    "system" : "https://fhir.nhs.uk/NHSApp/request-id",
    "value" : "optional request reference"
  } ],
  "status" : "active",
  "payload" : [ {
    "contentReference" : {
      "reference" : "https://www.nhsapp.service.nhs.uk/patient/messages/app-messaging",
      "display" : "You have a new message. The message may contain something important."
    }
  } ],
  "recipient" : [ {
    "identifier" : {
      "system" : "https://fhir.nhs.uk/Id/nhs-number",
      "value" : "9903002157"
    }
  } ]
}

Schema

Name	Description
`object`
`id` `string`	An identifier for the newly-created communication resource within the destination system. Example: `a2d10720-9e72-4ae4-be72-8cbe1be292d1`

HTTP status: 400

There is an error in your request.

Headers

Name	Description
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/fhir+json

Examples

Invalid resource type

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "type (at Cannot locate type information for type 'communicationrequest')"
  } ]
}

Payload body text exceeds maximum length

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "Exceeds maximum length",
    "expression" : [ "payload[0].contentReference.display" ]
  } ]
}

No recipients have been specified

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "Not specified",
    "expression" : [ "recipient" ]
  } ]
}

A recipient has an invalid NHS number

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "NHS Number is invalid",
    "expression" : [ "recipient[0].identifier.value" ]
  } ]
}

Multiple issues - sender name is missing and campaign ID exceed maximum length

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "Multiple Campaign IDs specified",
    "expression" : [ "identifier" ]
  }, {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "Exceeds maximum length",
    "expression" : [ "identifier[2].value" ]
  }, {
    "severity" : "error",
    "code" : "invalid",
    "diagnostics" : "Not specified",
    "expression" : [ "sender.display" ]
  } ]
}

Schema

Name	Description
`object`	Operation outcome
`resourceType` `string` `read-only`	FHIR Resource Type. Default: `OperationOutcome`
`issue` `array`	List of issues that have occurred. Min items: `1`
`object`
`severity` `string` `required`	Severity of the error. Allowed values: `fatal`, `error`, `warning`, `information` Example: `error`
`code` `string` `required`	FHIR error code. Allowed values: `invalid`, `security`, `processing`, `forbidden` Example: `invalid`
`diagnostics` `string`	Additional diagnostic information about the issue. Example: `Not specified`
`expression` `array`	FHIRPath of element(s) related to the error.
`string`	Example: `sender.display`

HTTP status: 401

Authorisation issue, for example a missing or invalid X-Api-Key header.

Headers

Name	Description
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/fhir+json

Example

Invalid Access Token

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "forbidden",
    "diagnostics" : "Invalid Access Token"
  } ]
}

Schema

Name	Description
`object`	Operation outcome
`resourceType` `string` `read-only`	FHIR Resource Type. Default: `OperationOutcome`
`issue` `array`	List of issues that have occurred. Min items: `1`
`object`
`severity` `string` `required`	Severity of the error. Allowed values: `fatal`, `error`, `warning`, `information` Example: `error`
`code` `string` `required`	FHIR error code. Allowed values: `invalid`, `security`, `processing`, `forbidden` Example: `invalid`
`diagnostics` `string`	Additional diagnostic information about the issue. Example: `Not specified`
`expression` `array`	FHIRPath of element(s) related to the error.
`string`	Example: `sender.display`

HTTP status: 403

You are not authorised to perform this operation. For example, some onboarded client Apps may be permitted to send Push Notifications but not In-App Messages, or vice versa.

Headers

Name	Description
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/fhir+json

Example

{
  "resourceType" : "OperationOutcome",
  "issue" : [ {
    "severity" : "error",
    "code" : "security",
    "diagnostics" : "Supplier with ID c53d9ed3-b4fe-408e-8908-d185aa7d6fec does not have channel Push Notification permission"
  } ]
}

Schema

Name	Description
`object`	Operation outcome
`resourceType` `string` `read-only`	FHIR Resource Type. Default: `OperationOutcome`
`issue` `array`	List of issues that have occurred. Min items: `1`
`object`
`severity` `string` `required`	Severity of the error. Allowed values: `fatal`, `error`, `warning`, `information` Example: `error`
`code` `string` `required`	FHIR error code. Allowed values: `invalid`, `security`, `processing`, `forbidden` Example: `invalid`
`diagnostics` `string`	Additional diagnostic information about the issue. Example: `Not specified`
`expression` `array`	FHIRPath of element(s) related to the error.
`string`	Example: `sender.display`

HTTP status: 429

You have exceeded your application's rate limit.

Headers

Name	Description
X-Correlation-ID	String If an X-Correlation-ID was specified in the request, this is mirrored in the response.

Body

Content type: application/fhir+json

Schema

Name	Description
`object`	Operation outcome
`resourceType` `string` `read-only`	FHIR Resource Type. Default: `OperationOutcome`
`issue` `array`	List of issues that have occurred. Min items: `1`
`object`
`severity` `string` `required`	Severity of the error. Allowed values: `fatal`, `error`, `warning`, `information` Example: `error`
`code` `string` `required`	FHIR error code. Allowed values: `invalid`, `security`, `processing`, `forbidden` Example: `invalid`
`diagnostics` `string`	Additional diagnostic information about the issue. Example: `Not specified`
`expression` `array`	FHIRPath of element(s) related to the error.
`string`	Example: `sender.display`