DOS endpoint pattern not being implemented and followed
Closed this issue · 4 comments
the endpoint seems to be in a specific pattern based on the DOS NHS development website, I just wonder if this has been incorporated (or have a validation against it), as at the moment I can just fire the endpoint without this pattern and the result that coming back still success
Current ITK tests provided by NHS does not include this DOS pattern. Please provide more information around this. Status is NEEDS MORE INFORMATION
Hi, I read from this link about the implementation of urgent care and DOS (as mentioned we need to register our service with DOS). https://developer.nhs.uk/apis/uec-tech-standards/endpoint_location.html#endpoint-records. If you see the endpoint came with a specific pattern, and it thinks it should be some validation, particularly the interaction, against this in the adapter.
@Kusnaditjung i believe this registration and validation is done separately from the 111 Adapter. The adapter only accepts incoming requests from the Health Authority and sends them to the GP Supplier. See the Technology section and the Directory of Services registration and maintenance section in the 111 Report Adapter Documentation:
https://digital.nhs.uk/developer/api-catalogue/nhs-111-hl7-v3/nhs-111-report-adaptor
Closing this, Status is WONT FIX
Ok, the assumption is supplier the endpoint is registered and being called, no extra information in the calling URL will be used for validation (interaction, recipient type) and processing (compressed)... though I am thinking this is not fully safe, but as the message (ITK envelope) also contain this same information, as long as there is some validation against the message (ITK part), the risk should be mitigated.