The NHS Wales API portal provides access to our open architecture for Wales' health and care organisations, as well as our partners in the public and private sectors.
From the API portal you can also:
The API portal gives managed access to APIs to ensure that the confidentiality and integrity of highly sensitive data is not compromised.
We’re providing developers and system suppliers with the information they need to develop against our range of APIs.
Our first step has been to develop a catalogue of existing NHS Wales APIs and provide sandbox instances of these APIs. Sandbox APIs allow developers to learn how to use our APIs without affecting real data and applications.
We will continually improve our APIs based on user feedback.
There are five environments which will host instances of each API at each stage of their development. Each environment has its own distinct purpose and is accessible to specific user roles.
Anyone can try APIs in the sandbox environment to see how they work. These APIs have no connectivity to the NHS Wales network and production data. They mimic the behaviour of production APIs, so you can quickly experiment with these APIs to see how they might work within your application.
All new APIs will be created to discover and develop the integration between the consumer application and the NHS network. Developers from the provider API team will use this environment.
Once initial development of the API has been completed, APIs must go into the SIT environment to be thoroughly tested to ensure the API is robust and meets all security requirements. Load testing will determine the acceptable rate limits for the API to operate in production.
Penetration testing will be carried out in this environment by external test engineers.
This is a key stage to gather information for the onboarding process.
Once an API has been assured by the onboarding process, it can move into the UAT environment. This allows onboarded applications to be demonstrated to their user groups to gain acceptance and move into production as an operational service.
All onboarded and operational APIs exist in the production environment. All requests to APIs handling sensitive data are audited. Any incidents are logged to the National Service Desk. Major incidents are supported 24/7 using the Out-Of-Hours call rota.