Skip to main content

Electronic Prescription Service Tracker - REST API

Track a patient’s prescriptions using our Electronic Prescription Service (EPS) Tracker API.


Use this API to track a patient’s prescriptions within the Electronic Prescription Service (EPS) using our Electronic Prescription Service Tracker.

You can search for a list of prescriptions that meet your query parameters by providing: 

  • patient's NHS number (mandatory)
  • format (mandatory)
  • prescription date range (optional)
  • prescription status (optional)
  • prescription version (optional)

Once you find the prescription, or if you already know its details, you can retrieve it by providing:

  • prescription ID (mandatory)
  • format (mandatory)
  • issue number (optional)

For more details, see Introduction to Spine EPS Tracker.

This API is only for use when the end user is a healthcare worker, not a patient. 

Who can use this API

This API can only be used where there is a legal basis to do so. Make sure you have a valid use case before you go too far with your development, by contacting us at [email protected].

You must do this before you can go live (see ‘Onboarding’ below).

API status and roadmap

This API is in production, beta.

If you would like to be involved in our beta programme or have any other queries, contact us.

To see our roadmap, or to suggest, comment or vote on features for this API, see our interactive product backlog.

Service level

This API is a platinum service, meaning it is operational and supported 24 hours a day, 365 days a year.

For more details, see service levels.


This API is a REST API.

For more details, see Basic REST.

Network access

This API is available on the internet and, indirectly, on the Health and Social Care Network (HSCN)

For more details see Network access for APIs.

Security and authorisation

This API is application-restricted, meaning:

  • the calling application is authenticated - we do care who it is

  • the end user is not authenticated - we do not verify who it is or whether they are present

In particular, it uses TLS Mutual Authentication (TLS-MA).

This API is only for use when the end user is a healthcare worker, not a patient.

In addition, we require calling applications to:

  • authenticate end users locally with a minimum of user ID and password

  • use role-based access control (RBAC) locally to control end user access to the patient data

  • keep an audit trail locally of all accesses to patient data by end users

Environments and testing

You can test this API using our Path to Live environments.

The base URL for production is


We are reviewing our EPS onboarding processes and currently not accepting any new suppliers or new products into the onboarding process. We anticipate that this review will conclude during winter 2023 and this web page will be updated with further information.


For a full list of interactions for this API, see the Development Overview.

Last edited: 1 November 2023 9:48 am