NHSmail APIs

Use these APIs to connect your local, regional or national applications or services to NHSmail.

You can:

• work with email messages, calendar, task and contact information 
• access mailboxes
• get client configuration data and endpoint URLs from Exchange

The Microsoft APIs used are:

• Exchange Web Service (EWS) Managed API 2.0  - to work with mailboxes, messages, calendars, tasks and contacts
• Exchange Web Service (EWS) API - to work with mailboxes, messages, calendars, tasks and contacts
• SOAP Autodiscover  - to get client configuration data and endpoint URLs

For compatibility with Office 365, use EWS Managed API 2.0 and not the EWS API.

These APIs can be used by any commissioned or independent organisation providing or supporting publicly funded health and social care.

In addition, follow the guidance in the Applications Guide for NHSmail.

None.

These APIs are standard Microsoft APIs, so in line with Microsoft policy you will get good notice of any changes.

Not applicable. These APIs are supported by Microsoft 24 hours a day, 365 days a year.

Exchange Web Service (EWS) Managed API 2.0 is compatible with Office 365, for more details, see EWS Managed API reference.

Exchange Web Service (EWS) API uses XML for messages to and from Exchange. It is not compatible with Office 365. For more details, see EWS reference for Exchange.

SOAP Autodiscover was originally introduced with Exchange 2010. For more details, see Use Autodiscover to find connection points. 

These APIs are available on the internet and, indirectly, on the Health and Social Care Network (HSCN). 

For more details see Network access for APIs.

These APIs require an authenticated connection using the full NHSmail email address (as the username) and its NHSmail password. Additionally, the ‘from’ address of all sent emails must match the email address of the sending account. 

Your application needs an NHSmail application account, rather than a standard user account. The key difference between user and application account types is an application account requires a 20 character password.

We do not provide an environment for development testing. It is your responsibility to perform testing.

You must not use the production NHSmail system for testing.

There are no approvals needed to use these APIs but you should follow the guidance given in the Applications Guide for NHSmail.

The APIs have UK region-wide rate limiting controls that prevent inappropriate use. We reserve the right to restrict user access to specific APIs, if they are being used in a way that impacts performance of the NHSmail system.

In addition, follow any local information governance policies and those relating to clinical safety, such as DCB0129. 

Download and read the Applications Guide to NHSmail.

For Exchange Web Service (EWS) Managed API 2.0, see EWS Managed API reference.

For Exchange Web Service (EWS) API, see EWS reference for Exchange.

For SOAP Autodiscover, see Use Autodiscover to find connection points.