Skip to main content
Creating a new NHS England: Health Education England, NHS Digital and NHS England have merged. More about the merger.

NHSmail APIs

Integrate with NHSmail using these native Microsoft Exchange APIs.

Page contents

Overview

Use these APIs to connect your local, regional or national applications or services to NHSmail.

You can:

  • work with email messages, calendar, task and contact information 
  • access mailboxes
  • get client configuration data and endpoint URLs from Exchange

The Microsoft APIs used are:

  • Exchange Web Service (EWS) Managed API 2.0  - to work with mailboxes, messages, calendars, tasks and contacts
  • Exchange Web Service (EWS) API - to work with mailboxes, messages, calendars, tasks and contacts
  • SOAP Autodiscover  - to get client configuration data and endpoint URLs

For compatibility with Office 365, use EWS Managed API 2.0 and not the EWS API.

Who can use this API

These APIs can be used by any commissioned or independent organisation providing or supporting publicly funded health and social care.

In addition, follow the guidance in the Applications Guide for NHSmail.

API status

These APIs are standard Microsoft APIs, so in line with Microsoft policy you will get good notice of any changes.

Service level

Not applicable. These APIs are supported by Microsoft 24x7x365.

Technology

Exchange Web Service (EWS) Managed API 2.0 is compatible with Office 365, for more details, see EWS Managed API reference.

Exchange Web Service (EWS) API uses XML for messages to and from Exchange. It is not compatible with Office 365. For more details, see EWS reference for Exchange.

SOAP Autodiscover was originally introduced with Exchange 2010. For more details, see Use Autodiscover to find connection points

Network access

These APIs are available on the internet and, indirectly, on the Health and Social Care Network (HSCN)

For more details see Network access for APIs.

Security and authorisation

These APIs require an authenticated connection using the full NHSmail email address (as the username) and its NHSmail password. Additionally, the ‘from’ address of all sent emails must match the email address of the sending account. 

Your application needs an NHSmail application account, rather than a standard user account. The key difference between user and application account types is an application account requires a 20 character password.

Environments and testing

We do not provide an environment for development testing. It is your responsibility to perform testing.

You must not use the production NHSmail system for testing.

Onboarding

There are no approvals needed to use these APIs but you should follow the guidance given in the Applications Guide for NHSmail.

The APIs have UK region-wide rate limiting controls that prevent inappropriate use. We reserve the right to restrict user access to specific APIs, if they are being used in a way that impacts performance of the NHSmail system.

In addition, follow any local information governance policies and those relating to clinical safety, such as DCB0129

Interactions

Download and read the Applications Guide to NHSmail.

For Exchange Web Service (EWS) Managed API 2.0, see EWS Managed API reference.

For Exchange Web Service (EWS) API, see EWS reference for Exchange.

For SOAP Autodiscover, see Use Autodiscover to find connection points

Last edited: 14 October 2022 6:38 am