Use these APIs to connect your local, regional or national applications or services to NHSmail.
- work with email messages, calendar, task and contact information
- access mailboxes
- get client configuration data and endpoint URLs from Exchange
The Microsoft APIs used are:
- Exchange Web Service (EWS) Managed API 2.0 - to work with mailboxes, messages, calendars, tasks and contacts
- Exchange Web Service (EWS) API - to work with mailboxes, messages, calendars, tasks and contacts
- SOAP Autodiscover - to get client configuration data and endpoint URLs
For compatibility with Office 365, use EWS Managed API 2.0 and not the EWS API.
Security and authorisation
These APIs require an authenticated connection using the full NHSmail email address (as the username) and its NHSmail password. Additionally, the ‘from’ address of all sent emails must match the email address of the sending account.
Your application needs an NHSmail application account, rather than a standard user account. The key difference between user and application account types is an application account requires a 20 character password.
There are no approvals needed to use these APIs but you should follow the guidance given in the Applications Guide for NHSmail.
The APIs have UK region-wide rate limiting controls that prevent inappropriate use. We reserve the right to restrict user access to specific APIs, if they are being used in a way that impacts performance of the NHSmail system.
In addition, follow any local information governance policies and those relating to clinical safety, such as DCB0129.
Last edited: 14 October 2022 6:38 am