{"openapi":"3.0.3","info":{"title":"Hello World API","description":"## Overview\nUse this API alongside our  [tutorials](https://digital.nhs.uk/developer/guides-and-documentation/tutorials) to teach yourself how to connect to our RESTful APIs.\nYou can:\n - get a response from an open-access endpoint, where the calling application and the end users are not authenticated\n - get a response from an application-restricted endpoint, where the calling application is authenticated but the end user is not authenticated\n - get a response from a user-restricted endpoint, where the calling application and the end user are authenticated\n\n For further details, see the 'Security and authorisation' section below.\n\n## Who can use this API\nThis API can only be used to help support the delivery of health and social care.\n\n## Related APIs\nNone\n\n## API status and roadmap\nThis API is [in production](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#statuses).\n\n## Service level\nThis API is a bronze service, meaning it is operational and supported only during business hours (8am to 6pm), Monday to Friday excluding bank holidays.\nFor more details, see [service levels](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#service-levels).\n\n## Technology\nThis API is [RESTful](https://digital.nhs.uk/developer/guides-and-documentation/api-technologies-at-nhs-digital#basic-rest-apis).\n\n## Network access\nThis API is available on the internet and, indirectly, on the [Health and Social Care Network (HSCN)](https://digital.nhs.uk/services/health-and-social-care-network). To use this API with [NHS smartcards](https://digital.nhs.uk/services/registration-authorities-and-smartcards), the end user needs an HSCN connection, although internet-facing alternatives are available.\nFor more details see [Network access for APIs](https://digital.nhs.uk/developer/guides-and-documentation/network-access-for-apis).\n\n## Security and authorisation\nThis API demonstrates the different authentication methods used in our APIs.\n\n### Open-access authentication\nUse the hello world endpoint to get a response from an open-access API. Some of our APIs are [open-access](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#open-access-apis), which means:\n - we do not authenticate or authorise the calling application\n - we do not authenticate or authorise the end user - they might not even be present\n\nWe generally use open-access APIs for public data, where security is not a concern.\nOur open-access APIs are generally RESTful APIs. For more details on how to access them, see our [open-access REST API tutorial](https://digital.nhs.uk/developer/guides-and-documentation/tutorials/open-access-rest-api-tutorial).\n\n### Application-restricted authentication\nUse the hello application endpoint to get a response from an application-restricted API. This access mode is [application-restricted](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#application-restricted-apis), meaning we authenticate the calling application but not the end user.\nYou can use this access mode as follows:\n - attended (end user present) - in which case, you must ensure the end user is authenticated and suitably authorised locally by the calling application\n\nTo use this access mode, use one of the following security patterns:\n - [Application-restricted RESTful APIs - API key authentication](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/application-restricted-restful-apis-api-key-authentication)\n - [Application-restricted RESTful APIs - signed JWT authentication](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/application-restricted-restful-apis-signed-jwt-authentication)\n\n### User-restricted authentication\nUse the hello user endpoint to get a response from a user-restricted API. Some of our APIs are [user-restricted](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#user-restricted-apis), which means:\n - we authenticate and authorise the calling application\n - we authenticate, but do not authorise, the end user\n\nAlthough we do not authorise the end user, we do generally require the calling application to do it locally.\nWe only support authentication of healthcare workers.\n\n## Environments and testing\n\n| Environment                                    | Base URL                                                     |\n| -----------------------------------------------|--------------------------------------------------------------|\n| Sandbox                                        | https://sandbox.api.service.nhs.uk/hello-world      |\n### Sandbox testing\nThis API is for learning purposes and is only available in our sandbox environment. Our [sandbox environment](https://digital.nhs.uk/developer/guides-and-documentation/testing#sandbox-testing):\n  - is for early developer testing\n  - only covers a limited set of scenarios\n  - is stateless, so it does not actually persist any updates\n\n For more details on sandbox testing, or to try out the sandbox using our \\\"Try this API\\\" feature, see the documentation for each endpoint.\nAlternatively, you can try out the sandbox using our Postman collection:\n[![Run in Postman](https://run.pstmn.io/button.svg)](https://app.getpostman.com/run-collection/426d37cb9cfe17b8b96d)\n\n## Onboarding\nThis API is available to all and there is no onboarding process or assurance required.\n\n## Errors\nWe use standard HTTP status codes to show whether an API request succeeded or not. They are usually in the range:\n\n* 200 to 299 if it succeeded, including code 202 if it was accepted by an API that needs to wait for further action\n* 400 to 499 if it failed because of a client error by your application\n* 500 to 599 if it failed because of an error on our server\n\nErrors specific to each API are shown in the Endpoints section, under Response. See our [reference guide](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#http-status-codes) for more on errors.    \n\n## Contact us\nFor help and support connecting to our APIs and to join our developer community, see [Help and support building healthcare software](https://digital.nhs.uk/developer/help-and-support).\n    \n","contact":{"name":"API Management Support","email":"api.management@nhs.net"},"version":"0.0.1"},"servers":[{"url":"https://sandbox.api.service.nhs.uk/hello-world","description":"Sandbox environment."}],"paths":{"/hello/world":{"get":{"summary":"Get a \"Hello world!\" response from an open-access endpoint","description":"## Overview\nUse this endpoint alongside our [open-access REST API tutorial](https://digital.nhs.uk/developer/guides-and-documentation/tutorials/open-access-rest-api-tutorial) to learn how to connect to our APIs.\n","operationId":"getHello","responses":{"200":{"description":"Successful response.","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string","example":"Hello world!"}}},"example":{"message":"Hello world!"}}}}},"deprecated":false,"security":[{"app-level0":[]}]}},"/hello/application":{"get":{"summary":"Get a \"Hello application!\" response from an application-restricted endpoint","description":"## Overview\nThis endpoint is application-restricted and requires authorisation using one of the following security patterns:\n- [Application-restricted RESTful APIs - API key authentication](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/application-restricted-restful-apis-api-key-authentication)\n- [Application-restricted RESTful APIs - signed JWT authentication](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/application-restricted-restful-apis-signed-jwt-authentication)\n","operationId":"getHelloApiKey","parameters":[{"name":"apikey","in":"header","description":"Required only for API key authentication. An [Apigee Api key](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#application-restricted-apis).\nThis must be a real API key subscribed to Hello World Sandbox\n","required":false,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string","example":"IEYRtW2cb7A5Gs54A1wKElECBL65GVls"}},{"name":"Authorization","in":"header","description":"Required only for signed JWT authentication. An [OAuth 2.0 bearer token](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#application-restricted-apis).\nThis must be a real Bearer token authenticated with an app subscribed to Hello World Sandbox\n","required":false,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string","format":"^Bearer\\ [[:ascii:]]+$","example":"Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM"}}],"responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string","example":"Hello application!"}}},"example":{"message":"Hello application!"}}}},"401":{"description":"API Key or access token is missing or invalid."}},"deprecated":false,"security":[{"app-level0":[]},{"app-level3":[]}]}},"/hello/user":{"get":{"summary":"Get a \"Hello user!\" response from a user-restricted endpoint","description":"## Overview\nUse this endpoint alongside our [user-restricted REST API tutorial](https://digital.nhs.uk/developer/guides-and-documentation/tutorials/user-restricted-rest-api-tutorial) to learn how to connect to our APIs.\n","operationId":"getHelloToken","parameters":[{"name":"Authorization","in":"header","description":"An [OAuth 2.0 bearer token](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#user-restricted-apis).\nThis must be a real Bearer token authenticated with an app subscribed to Hello World Sandbox\n","required":true,"deprecated":false,"allowEmptyValue":false,"explode":false,"allowReserved":false,"schema":{"type":"string","format":"^Bearer\\ [[:ascii:]]+$","example":"Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM"}}],"responses":{"200":{"description":"Successful response","content":{"application/json":{"schema":{"type":"object","properties":{"message":{"type":"string","example":"Hello user!"}}},"example":{"message":"Hello user!"}}}},"401":{"description":"Missing or invalid OAuth 2.0 Access Token","content":{"application/json":{"example":{"message":"Invalid access token"}}}}},"deprecated":false,"security":[{"nhs-login-p0":[]},{"nhs-cis2-aal3":[]}]}}},"components":{"securitySchemes":{"nhs-login-p0":{"$ref":"https://proxygen.ptl.api.platform.nhs.uk/components/securitySchemes/nhs-login-p0"},"nhs-login-p5":{"$ref":"https://proxygen.ptl.api.platform.nhs.uk/components/securitySchemes/nhs-login-p5"},"nhs-login-p9":{"$ref":"https://proxygen.ptl.api.platform.nhs.uk/components/securitySchemes/nhs-login-p9"},"nhs-cis2-aal1":{"$ref":"https://proxygen.ptl.api.platform.nhs.uk/components/securitySchemes/nhs-cis2-aal1"},"nhs-cis2-aal3":{"$ref":"https://proxygen.ptl.api.platform.nhs.uk/components/securitySchemes/nhs-cis2-aal3"},"app-level0":{"$ref":"https://proxygen.ptl.api.platform.nhs.uk/components/securitySchemes/app-level0"},"app-level3":{"$ref":"https://proxygen.ptl.api.platform.nhs.uk/components/securitySchemes/app-level3"}}}}