Skip to main content

Testing APIs with our mock authorisation service

To make testing easier, we provide a mock authorisation service that allows you to test with our APIs without needing the end user to sign in fully.

Overview

To make testing easier, we provide a mock authorisation service that allows you to test with our APIs without needing the end user to sign in fully.

Our mock authorisation service can be used to simulate:

There are two versions of our mock authorisation service:


First generation service

Our first generation mock authorisation service is limited - it only provides a single predefined test user, so you can’t use it to test scenarios that require different user attributes such as roles or authentication levels.

It can be used with the following security patterns (deprecated):

To use this service, see the detailed instructions for each security pattern. In particular, you will need to configure your software to use the endpoint oauth2-no-smartcard instead of just oauth2.

Once we have added support for all the above security patterns to the second generation service, we will deprecate and eventually retire the first generation service.
 


Second generation service

Our second generation service provides a variety of test users with different attributes.

At the moment, it can only be used with the following security pattern:

To use this service, see the detailed instructions for the above security pattern. In particular, you will need to configure your software to use the endpoint oauth2-mock instead of just oauth2.
 


Test users for NHS CIS2

When using the second generation mock authorisation service to simulate a healthcare worker signing in with NHS CIS2, you’ll need to enter the user ID for the user you want to test with.

The only difference between the test users is that they have different National RBAC job roles.

The available test users are:

User UID National RBAC job roles
656005750108 R0260 (General Medical Practitioner)
656005750107 R8000 (Clinical Practitioner)
656005750104 R8008 (Admin/Clinical Support)

If you need a test user with different attributes - for example different roles, or multiple roles - contact us and we’ll add more test users.

Note that:

  • these test users exist only in our mock authorisation service - they are not configured in the Spine Directory Service
  • you can't use these test users when testing the e-Referral Service FHIR API, as explained below

Testing the e-Referral Service

If you are testing the e-Referral Service (e-RS) FHIR API, you can't use the above test users, because:

  • e-RS requires test users to exist in the Spine Directory Service, not just in our mock authorisation service
  • e-RS requires users to be assigned activities ('B' codes) as opposed to job roles ('R' codes), for example 'Manage Outbound Appointments' (B1103)
  • e-RS requires test users for a given developer to be associated with an organisation that is unique that developer

When you start testing with e-RS, our e-RS support team will set up some test users in the Spine Directory Service that are unique to your organisation. If you want to use our mock authorisation service, contact us and let us know the User UIDs for your test users and we will set up the same users in our mock authorisation service.

Last edited: 13 May 2022 3:06 pm