Registered endpoint should be internet or HCN facing?

HI, we are new to NHS market, and we try to setup the endpoint registered into SDS. I understand the endpoint can be either internet or HCN facing…
I just wonder what is the normal practice among vendors, do they normally internet facing or HCN facing.

Best regard,

Hi @kkusnadi and welcome to the forum.

I’m not 100% clear on what you mean by your endpoint here. Is this your term for the application that connects to Spine SDS? If you could include screenshots or links to documentation to describe more fully?

In general I am seeing a trend towards “Internet First” strategy in NHS Digital’s more recent comms.

So although you can put your application inside the HSCN, you are encouraged to transition towards internet facing availability as well in the future. Note that there are still some significant unresolved issues with ‘Internet First’ policy as regards lack of clarity about what is the planned replacement for physical NHS Smartcards, which are still a hard dependency for the E-Referral Service (e-RS) and the Electronic Prescriptions Service (EPS).

HI, Thanks @pacharanero for the information. This is the endpoint you normally registered and can be query via Spine SDS, this can be the whole DNS entry like in this form DNS request for Path to Live environments - NHS Digital… or individual endpoint for service like in Combined endpoint and service registration request - NHS Digital. Our infrastructure department is configuring this at the moment, and I am trying to figure out how it should be configured and feedback to them. Basically, we need the endpoint to be used for async-express call pattern and other async call pattern, i understand the NHS spine will use the endpoint, as registered in Spine SDS, to send the acknowledgement. If this must be a HCN facing, we will need to get the NHS platform support team to do the testing for us to make sure our infrastructure configure the network correctly.

1 Like

I guess if the general direction of travel that NHS Digital are advocating is “Internet First” then you should be allowed to make that ‘callback endpoint’ an internet-facing endpoint, subject to it being secured appropriately of course.

If NHS Spine tell you that it MUST be HSCN-facing, then they are breaking their own policy as regards Internet First, and I’d be concerned about that, because what I’m being told in my role as Co-Chair of Joint GP IT Committee is that all new suppliers are encouraged to build Internet First systems and that the route to do this is unimpeded. If there is a hard dependency on HSCN-facing endpoints then new entrants cannot possible comply with Internet First policy, which would be a problem.

I think we are conflating a things here. NHS Digital internet facing tends to mean NHS Digital API’s will be internet facing. E.g. the SDS Endpoint API will be GET {uri}/FHIR/R4/Endpoint?organization?{odsCode}
That uri is internet facing.

At present those Endpoints will be for API’s normally part of a NHS Digital API e.g. GP Connect.
If this returns a uri, I’m not sure what the rules for this are. (internet facing may be a safe bet).

However you are talking application not API. So I don’t believe this applies. Your applications backend is likely to need to be on HSCN, SDS LDAP is HSCN only, newer interfaces like PDS I believe are internet facing (as would the SDS FHIR API).
The suppliers I’ve worked with have all gone for internet facing applications.

1 Like

Thanks @mayfield.g.kev super helpful. I’m only going off my limited knowledge and most of that is not from practical use of these APIs but from what I’m told and can glean from JGPITC

Thanks @pacharanero and @Kevin_Mayfield , appreciate the information.
@mayfield.g.kev this is not for endpoint for the products that NHSD built, but this is more of the endpoint the supplier need to register as part of path to live integration. Normally, in a big company, this is done by the infrastructure team, rarely developers need to concern about this, so most likely either infrastructure team member, devops, or solution architect can answer this precisely, somehow I need to wearing this hat to find out the answer to this question.

I don’t believe the info you are following applies.

I think we applied for one of the lots on this framework
This gave us a list of standards to follow.

It’s roughly similar to this PDF

I don’t recall seeing anything on internet facing or not.
It’s probably the demands of your customers that dictate this.