Overview
This tutorial shows you how to connect to a user-restricted REST API using NHS login separate authentication and authorisation and the C# programming language. It uses .NET Core to create a simple web application which authenticates the end user using our sandbox NHS login environment, receives an access token from our authorisation server and calls the user restricted endpoint of our Hello World API.
To call a user-restricted API, the end user must be authenticated. NHS login is used to authenticate when the end user is a patient. With the separate authentication and authorisation pattern, authentication and authorisation are done separately. You might authenticate the user when they sign in but only get authorisation to call the API if and when you need it. You do authentication directly with NHS login and then separately do authorisation with our OAuth2.0 authorisation service.
Create an application and generate a key pair
You need to create an application using our Developer portal.
This gives you access to your application ID and API key which you need to generate a JWT.
You also need to create a public and private key pair.
You register your public key with our authentication server and sign your JWT using your private key.
Last edited: 20 June 2023 11:11 am