Skip to main content
Creating a new NHS England: NHS England and NHS Digital merged on 1 February 2023. More about the merger.

Digital onboarding

Get approved to go live with our APIs using digital onboarding.


For some of our APIs, you use digital onboarding to get approved to go live with our APIs.

This page explains how digital onboarding works, and how to get started.

If you have questions, contact us.

Prepare and plan

Before you start, you need:

  • an Organisation Data Service (ODS) code – this is a unique code created by our ODS team within NHS Digital. It is used to identify organisations across health and social care. You need an ODS code to get access to national systems. You can search for an existing ODS code by organisation name or geographic location using the ODS portal, or else get a new ODS code by applying for one.
  • the Data Security and Protection Toolkit (DSPT) - this toolkit shows what you need to do to keep patient data and information safe, and to protect your business from the risk of a data breach or a cyber attack. You need an ODS code to complete the DSPT. 
  • to register for the NHS Digital National Service Desk using the online service discovery form.

It's also a good idea to familiarise yourself with the 'connection agreement' and the 'end user acceptable use policy'.

The connection agreement explains the responsibilities, obligations and terms of use of a service - and is signed by the connecting party. 

The 'end user acceptable use policy' explains the responsibilities, obligations, and terms of use for every end user organisation.

You can find samples of both these documents under the operations reference documentation.

Using digital onboarding

Accessing digital onboarding

Sign in or create a developer account, then select 'product onboarding'.

Registering your organisation and first product

If this is your first time using digital onboarding, we ask you for details of your organisation and your first product.

Onboarding stages

Once you register your organisation and product, you can access the onboarding process for any APIs configured to use digital onboarding.

Depending on the APIs you want to use, you need to complete some or all of these four stages:

  1. Setup and eligibility
  2. Non-functional requirements
  3. Technical conformance requirements (not applicable for open-access APIs)
  4. Legal agreement

Each stage contains one or more sections with questions relating to specific onboarding requirements.

As you complete the questions in a section, the product page displays the section status.

Once a section in a stage is "Ready to submit", you can submit the section for us to assess.

Setup and eligibility stage

In this stage, you need to answer high-level questions about your organisation and product including your ODS code and contact details.

For specific APIs, you might also need to demonstrate your product has a valid use case, such as by completing and submitting a PDS Access Request for the PDS FHIR API. You should have your use case approved before you go too far with development. 

Setup and eligibility stage screenshot

Non-functional requirements stage

In this stage, you need to provide details about the non-technical parts of your product, such as your clinical risk management process and data security.

You need to show or submit the DSPT and demonstrate your conformance with Information Security Management Systems, which should be in line with ISO/IEC 27001 Information Security Management.

You also need to declare the status of your product as a medical device. If you declare your product is a medical device, you need to comply with the relevant legal requirements.

non-functional requirements stage screenshot

Technical conformance requirements stage

In this stage, also known as 'solution assurance', you need to provide technical details about your product and show that it meets the core conformance criteria.

You need to demonstrate your technical conformance to the APIs you wish to use.

Once you complete this stage successfully, we issue you with a technical conformance certificate.

This stage is not applicable for open-access APIs.

technical conformace requirements stage screenshot

Legal agreement stage

At this stage, you need to sign our connection agreement.  

We provide you with a customised version for you to actually sign, with relevant sections completed and areas for you to finalise clearly marked.  Prior to that you can review a sample agreement.

Once you have completed and signed your connection agreement, you need to upload it via the portal.

legal agreement stage screenshot

Last edited: 3 March 2023 2:25 pm