# MESH Endpoint Lookup Service - help please

**Category:** [open forum](https://openhealthhub.org/c/open-forum/9)
**Created:** 2019-09-03 10:43 UTC
**Views:** 4793
**Replies:** 22
**URL:** https://openhealthhub.org/t/mesh-endpoint-lookup-service-help-please/2123

---

## Post #1 by @nigel.dallard

We're trying to interface our service platform to MESH, to allow us to send correspondence to GP practices (outpatient attendance letters, discharges, etc). As a first step, I'm trying to use the MESH Endpoint Lookup Service using the API specified in Section 4.2 of [this specification](https://digital.nhs.uk/binaries/content/assets/legacy/word/3/m/mesh-endpoint-lookup-service---v1.3.docx).

I have previously obtained a MESH API certificate from NHS Digital and am using this alongside the RootCA and SubCA certificates also obtained from NHS Digital. I have manually checked the certificate chain and everything is in order.

I'm calling the API using curl from the commandline, and have tried the example given in the spec:

https://mesh-sync.national.ncrs.nhs.uk/endpointlookup/mesh/X26/TOC_AE_DMS
and also various others replacing "X26" with the ODS code of a GP practice we're going to be communicating with, and the Workflow ID with other varients, including "TOC_FHIR_OP-ATTEN", "TOC_OUTP_ATT_DMS" and "GP2GP".

The command I'm using is:
curl -v \
--cacert NHSCertChain.crt \
--key meshapi.key \
--cert meshapi.crt \
https://mesh-sync.national.ncrs.nhs.uk/endpointlookup/mesh/X26/TOC_AE_DMS

In all cases I get a simple "404 Not Found" response from the server (which appears to be running nginx). The debug from curl shows me the progress of the call, and I can see TLS being negotiated, the client and server certificate exchange, and then the "404 Not Found" response.

I've also (accidentally) tried using the simple-sync server (which requires a Spine certificate, not a MESH certificate), and in that case, as expected,. I get "403 Forbidden"), which gives me further confidence that the certificate chain and exchange is working correctly.

Any suggestions as to what I'm doing wrong, or how I can debug further?

Thanks in advance.

Nigel

---

## Post #2 by @mayfield.g.kev

My last experience with the wonderful world of NHSD certs ended up with a call to SA-Service desk. They answered and fixed pretty quickly.

---

## Post #3 by @nigel.dallard

As I say, I'm pretty confident that the problem isn't certificate-related. I've contacted the NHS Digital Platforms Support Desk, who have kindly referred me to the specification I am already using  :slight_smile:

To be fair, they also invited me to get back in touch if I was still stuck - which I have done - but I thought I'd try crowdsourcing some suggestions whilst waiting for their reply.

Cheers,

Nigel

---

## Post #4 by @adamlees

How sure are you that the ODS code you are trying to reach is registered with a MESH endpoint for those workflow IDs?   The governance around changes to MESH endpoints has been patchy in the past with the result that there are inaccuracies in the underlying database.

---

## Post #5 by @mayfield.g.kev

This is still N3 only? No opentest

---

## Post #6 by @nigel.dallard

I've tried various ODS codes:
* those of a number of the GP Practices we want to send documents to, with various Workflow IDs, inc TOC_FHIR_OP-ATTEN (which the NHS Digital Interop Team recommended we use for communicating our messages to GP systems), TOC_OUTP_ATT_DMS and GP2GP
* our own - we've recently been allocated a MESH mailbox by NHS Digital specifically to send Transfer of Care messages, such as Outpatient Attendance;
* the example given in the spec (ODS Code: X26, Workflow ID TOC_AE_DMS.

All fail in exactly the same way - "404 Not Found".

Nigel

---

## Post #7 by @nigel.dallard

I haven't heard of "opentest".
I have some test MESH accounts and the client certificates for using NHS Digital's Integration Test environment, but they didn't supply the API keys/certs, and there is no mention of the MESH Endpoint Lookup Service in that environment - although I've now been told it is there, so I've just asked for the API keys/certs. Meantime, as it was such a simple API, I thought I'd test it worked on Live, as I already have all the keys and certificates - only to find it doesn't  :frowning:

Nigel

---

## Post #8 by @joseph_waller

Hi Nigel. We helped create MESH and have written several integrations for it. Tricky to understand what the problem might be over chat but if you really get stuck feel free to get in touch and we might be able to free up one of our DevOps engineers to help.

---

## Post #9 by @nigel.dallard

Thanks for the offer Joseph. It'll be next week before I have the opportunity to have another chance to try anything on this again, but if you have the ability to call the API and can tell me exactly what URL you used (including ODS Code and Workflow ID), and the response you got, that will enable me to test an exact call that someone else can successfully make.

Cheers,

Nigel

---

## Post #10 by @mayfield.g.kev

On a side note. Does anyone know why MESH endpoint lookup wasn't implemented within Spine Directory Service? So when you run the queries to lookup up services provided by organisation (ods = 123). 
So for sending documents to GP's you don't want to query one to find the unstructured endpoint (GP Connect Send Task) and then the other for structured (Transfer Of Care) 

SDS is currently holding http (/restul and Hl7v3) delivery addresses and MESH mail delivery addresses. In theory to work how to send it involves two separate systems from NHS Digital which is not ideal.

---

## Post #11 by @mayfield.g.kev

both document formats are going to use HL7 FHIR... but may again differ on the FHIR Message 'envelope'.

---

## Post #12 by @Pedros

Hi,
Looking at the same. Noticed NHSD documentation suggest the following address if using the API
https://mesh-sync.national.ncrs.nhs.uk/messageexchange/endpointlookup/odscode/workflowid

This gets a response...

---

## Post #13 by @Thandis

it is only me or the link won't open? really wanted to check it out. maybe site changed? can you post an updated link? thanks

---

## Post #14 by @Pedros

Are you testing through a HSCN/TN connection? You'll need this and all the relative certs...

---

## Post #15 by @mayfield.g.kev

I think mesh is now available on opentest. Has anyone tried it
https://digital.nhs.uk/services/path-to-live-environments/opentest-environment#message-exchange-for-social-care-and-health-mesh-keystore-files-to-download

---

## Post #16 by @mayfield.g.kev

And so doesn’t need HSCn network

---

## Post #17 by @Pedros

You need to VPN to the Opentest environment instead of HSCN - not tried it as I have access to a HCSN connection. Try applying for VPN access and let us know how you get on...

---

## Post #18 by @Thandis

will try your method and check if it works, hopefully it would help with my project.

---

## Post #19 by @mayfield.g.kev

Does any know the API endpoints for mesh on opentest? 

I'm wanting to use the API (https://meshapi.docs.apiary.io/#introduction/mesh-polling-cycle) to send documents.

thanks

---

## Post #20 by @Pedros

Have you tried the same ones documented for HSCN access? Possibly with OpenTest you are just VPN'ing into the same environment HSCN gives you access to

---

## Post #21 by @mayfield.g.kev

I believe it's [https://192.168.128.11/messageexchange](https://192.168.128.11/messageexchange) but haven't had time to check.

---

## Post #22 by @mayfield.g.kev

Did you get an answer to the original question.

The API documentation has moved to https://digital.nhs.uk/developer/api-catalogue/message-exchange-for-social-care-and-health-api

---

## Post #23 by @mayfield.g.kev

Slightly different problem 

I can call the opentest version of lookup with no issues 

https://192.168.128.11/endpointlookup/mesh/SCREEN2/SPINE_GPCAPITATION_EXTRACT

However when I try to do an inbox query 

https://192.168.128.11/messageexchange/Y90638OT002/inbox

I get 403 error. 

I'm presuming I have got something wrong with my Authorization header (as both spine and mesh certs appear to be ok with the endpointlookup call)

Presume the HMACSECRETKEY is always 'BackBone'?

![Screenshot 2022-03-22 at 07.38.09|690x145](upload://w9Fp2oGixXmYxC8mbWGG82NX7gT.png)

I think my error is around this:

![Screenshot 2022-03-22 at 07.41.15|690x36](upload://qBSqkahTiaGa6nfsGpLPawjI4dQ.png)

Is the hmac_msg in this call base64 encoded, some NEMS documentation seems to indicate it is?

![Screenshot 2022-03-22 at 07.58.22|610x500](upload://bAY3nl3mbQe12sZ59bOeCVORkEW.png)



**UPDATE** 


Was a problem with how I was build the hash 

```
public static String getHash(String data, String key)
    {
        String algorithm = "HmacSHA256";
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(key.getBytes(), algorithm);
            Mac mac = Mac.getInstance(algorithm);
            mac.init(secretKeySpec);
            byte[] result = mac.doFinal(data.getBytes());
            return Hex.encodeHexString(result);
        }
        catch (Exception ex) {
            return ex.getMessage();
        }
    }
```

I found this on github which I found a lot clearer to understand :slight_smile: 
 https://github.com/nhsconnect/integration-adaptor-nhais/blob/develop/mesh/mesh.sh

---


**Canonical:** https://openhealthhub.org/t/mesh-endpoint-lookup-service-help-please/2123
**Original content:** https://openhealthhub.org/t/mesh-endpoint-lookup-service-help-please/2123