-
Notifications
You must be signed in to change notification settings - Fork 1
API key
Deprecated in favour of Keycloak
All interoperability must be authenticated and authorised so that only relevant information is shared.
Where interoperability is a B2B interaction between trusted partners there is option to use an API key that has been securely shared between the partners
For some use cases (e.g. contextual launch) we know the practitioner. Can we implement similar capability for other use cases (e.g. web service end points)?
API key can be transmitted in more than one way, according to the capabilities of the systems:
x-api-key=987654312
https://sider.nhs.uk/app/Patient?identifier=https://fhir.nhs.uk/Id/nhs-number|4123456789&x-api-key=987654312
Implementations may support one or both options.
There is a need to securely distribute API keys. As this will be a low frequency event and keys are short strings the most pragmatic approach will be to distribute within encrypted archives where the password is transmitted verbally.