Skip to main content

Non-functional test environment

Find out how the non-functional test environment should be used, how to connect, and services available.

Page contents

How the non-functional test environment should be used

The non-functional test environment is available for use by suppliers to perform specific messaging integration testing.

This environment is only available by special request. Please email: [email protected]

What the non-functional test environments should not be used for

The non-functional test environments do not:

  • replace the EMT environments as formal test and assurance environments
  • provide right of access to any other environments during environment downtime or any other form of unavailability

How to connect to the environment

Before you start

You will need to:

  1. have a connection to the Health and Social Care Network (HSCN) - the secure NHS network (if you do not have a connection or are experiencing problems connecting, contact your network provider)
  2. request access to test data - email: [email protected]
  3. register the messaging product using a Manufacturer, product and version (MPV) form if required
  4. register your message handling service with the Spine by requesting an endpoint (an authorised connection to Spine) to be created unless you have an endpoint administrator in your organisation who can do this for you - please complete the endpoint admin access request form (epr) to manage your own endpoints
  5. register your Fully Qualified Domain Name (FQDN) with the NHS DNS team

There are no entry criteria for the non-functional test environment beyond having suitable test data available.

All endpoints and MPV requests will be processed in the integration environment and will replicate to the non-functional test environment.

Connection information

A full list of URLs and associated IP addresses are provided below to help you connect to the non-functional test environment. 

Local firewall administrators should allow communication to the IP addresses as necessary using these details.

Portal URLs

The following IP addresses/ports need to be configured on the end user firewalls to form outbound firewall rules allowing endpoints to send messages from the development environments.

Description URL DNS name IP address Port
Used for the SCRa service https://nww.nft.spine2.ncrs.nhs.uk/summarycarerecord nww.nft.spine2.ncrs.nhs.uk 10.239.14.25 TCP 443
Used for Self Service https://nww.nft.spine2.ncrs.nhs.uk/spineselfservice nww.nft.spine2.ncrs.nhs.uk 10.239.14.25 TCP 443
Used for the alert service https://nww.nft.spine2.ncrs.nhs.uk/spinealertservice nww.nft.spine2.ncrs.nhs.uk 10.239.14.25 TCP 443
Used for the DSA  https://nww.nft.spine2.ncrs.nhs.uk/demographicspineapplication nww.nft.spine2.ncrs.nhs.uk 10.239.14.25 TCP 443
Used for the ETP ADMIN service https://nww.nft.spine2.ncrs.nhs.uk/prescriptionsadmin nww.nft.spine2.ncrs.nhs.uk 10.239.14.25 TCP 443
Used for the SRS service https://nww.nft.spine2.ncrs.nhs.uk/spinereportingservice nww.nft.spine2.ncrs.nhs.uk 10.239.14.25 TCP 443

System URLs

These are the connection URLs for the services required to run or connect to applications. Due to the move of this environment to AWS, the IP addresses of the following are not constant. Customers will need to open their firewalls to the IP address range of 10.239.58.0/24 to ports 636 (LDAP) and 443 (sbapi and gas).  If you are using hard-coded IP addresses e.g. in a hosts file, you will need modify your application to use the DNS service names. 

 

Description URL DNS name IP address Port

This is the LDAPS protocol service to the directory.

This is a service used by other services accessing the SPINE for directory lookups.

ldaps://ldap.nis1.national.ncrs.nhs.uk/<LDAP QUERY>

<LDAP QUERY> - The query to the directory may be contained within the URL

ldap.nis1.national.ncrs.nhs.uk

   TCP 636
This name exists for Smart Card authentications from the PC and is not a user service.

Client Side GAC URL:

https://gas.nis1.national.ncrs.nhs.uk/login/authactivate

https://gas.nis1.national.ncrs.nhs.uk/login/authlogout

Server Side GAS URL:

https://gas.nis1.national.ncrs.nhs.uk/login/authvalidate

gas.nis1.national.ncrs.nhs.uk

   TCP 443

Used to access ID server and is not a user-based service. These URLs will only be used by application developers and are included here for completeness.

(This URL is Case Sensitive)

Naming Service:

https://sbapi.nis1.national.ncrs.nhs.uk/amserver/namingservice

Role Assertion:

https://sbapi.nis1.national.ncrs.nhs.uk/saml/RoleAssertion

sbapi.nis1.national.ncrs.nhs.uk

   TCP 443

Messaging URLs

The Party Key for Spine is YES-0000806

Description URL DNS name IP address Port

Used for ALL domain Synchronous Messaging

This is also the service entry point for NN4B messages.		 https://msg.nft.spine2.ncrs.nhs.uk/sync-service msg.nft.spine2.ncrs.nhs.uk 10.239.14.30 TCP 443
Used for ALL domain Reliable Messaging. https://msg.nft.spine2.ncrs.nhs.uk/reliablemessaging/reliablerequest msg.nft.spine2.ncrs.nhs.uk 10.239.14.30 TCP 443
Used for ALL domain Unreliable Messaging. https://msg.nft.spine2.ncrs.nhs.uk/reliablemessaging/queryrequest msg.nft.spine2.ncrs.nhs.uk 10.239.14.30 TCP 443
Used for ALL domain Intermediary Messaging https://msg.nft.spine2.ncrs.nhs.uk/reliablemessaging/intermediary msg.nft.spine2.ncrs.nhs.uk 10.239.14.30 TCP 443

Used to access the gazetteer postcode look up service.

Gazetteer is a web service so will be called by other applications using this URL. This is not a user service.		 https://msg.nft.spine2.ncrs.nhs.uk/addressfinder/query msg.nft.spine2.ncrs.nhs.uk 10.239.14.30 TCP 443
Used for all SMSP messaging. Now uses TLS1.2 https://simple-sync.nft.spine2.ncrs.nhs.uk/smsp/pds simple-sync.nft.spine2.ncrs.nhs.uk 10.239.14.40 TCP 443
Used for all SMSP messaging. Now uses TLS1.2 https://proxy.nft.spine2.ncrs.nhs.uk/[provider service root url]/[fhir request] proxy.nft.spine2.ncrs.nhs.uk 10.239.14.35 TCP 443
Used for internet facing messaging 

https://msg.nftspineservices.nhs.uk

https://proxy.nftspineservices.nhs.uk

https://simple.nftspineservices.nhs.uk

msg.nftspineservices.nhs.uk

proxy.nftspineservices.nhs.uk

simple.nftspineservices.nhs.uk

 Varies TCP 443

Outbound NAT addresses

The following IP addresses/ports need to be configured on the end user firewalls to form inbound firewall rules allowing endpoints to receive messages from development environments.

Description URL DNS name IP address Port

All Messages will be sent out as coming from msg-out.dev.spine2.ncrs.nhs.uk.

Nothing will ever be sent to this domain name. This is included for clarity and firewall rules only.		 No URL msg-out.nft.spine2.ncrs.nhs.uk 10.239.14.105 TCP 443

Outbound token events to registered listeners will be sent from this address.

Nothing will ever be sent to this domain name. This is included for clarity and firewall rules only.

CIS will respond on the port number specified by the client request.		 No URL Not applicable 10.196.94.115 TCP 443

RootCA and SubCA certificates

Use the RootCA and SubCA certificates in the integration environment to establish a chain of trust.

Services available in the NFT environment

Spine Core Messaging and Spine Core applications

The Spine Core service provides a messaging service that allows certified endpoint message handling systems to query and update data held in the national demographic and prescriptions systems. There are no Spine core applications for example, Summary Care Record application (SCRa) or Demographic Spine Application (DSA) available in the non-functional test environment. 

Spine Mini Service Provider

The Spine Mini Service Provider provides customers an interface to submit a limited number of demographic messages in a simple format.

Spine Secure Proxy

The Spine Secure Proxy provides an access control layer required by certain programs where patient data may be made accessible to certified users and systems.

Last edited: 3 August 2023 10:42 am