We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Spine Security Broker API
Provide single sign-on for Spine users.
Use this API to implement single sign-on for users who are registered with the Spine.
- access the Identity Server which serves up SSO Tokens and manages the sessions for users who have been successfully authenticated
- access the Identity Agent on the end user's workstation, which mediates the authentication transaction and serves subsequent user information on demand as part of the application's authorisation process
- access the Client Signing Interface, which provides client-side digital signing functions for the purposes of Content Commitment. This interface primarily uses cryptographic functions that execute on a user’s smart card.
Users can only be authenticated if they are formally registered to the Spine. This includes creating a user profile, stored in the Spine Directory Service (SDS), containing the user’s roles and other information that the Registration Authority or Service deems necessary to make appropriate data access decisions.
This authentication service is also known as the Care Identity Service (CIS). It makes use of smartcards to provide strong authentication for health care workers to control access to national services. It is being replaced by Care Identity Service 2 (CIS2), also known as NHS Identity, which provides additional authentication methods for scenarios where a smartcard might not be preferred or appropriate.
This API is described fully in the Spine External Interface Specification (EIS). Part 6 has the overview and part 7 the formal API specifications. These are a set of Word documents that provide system developers - architects, designers and builders - with the necessary information to connect to Spine national services.
This API is stable.
This API is a SOAP API.
For more details, see Basic SOAP.
For a full list of interactions for this API, see the Spine External Interface Specification (EIS). Part 6 has the overview and part 7 the formal specifications of the Java and C APIs.