API Consumer Onboarding Steps

Step 1: Prepare your onboarding request

Before requesting access, make sure you understand the NePS API you want to consume, the purpose of your integration, and the environments you need access to. You should be ready to explain your use case, expected users, data flows, and support arrangements.

Step 2: Submit your request

Complete the HSE NePS onboarding form and provide the supporting documents required for review. By submitting a request, your organisation confirms that the information provided is accurate and that you are prepared to meet HSE governance, security, and operational requirements.

Step 3: Review and assessment

We will review your request with the relevant technical, governance, and operational stakeholders. This may include questions on architecture, security controls, data protection, clinical risk, testing, and support readiness. If further clarification is needed, we will contact you.

Step 4: Non-production access

Once the initial review is complete, eligible consumers may be granted access to the appropriate non-production environment so they can begin integration and testing. Access will only be provided where the necessary prerequisites have been met.

Step 5: Production approval and go-live

Production access is considered after successful testing, completion of required assurance activities, and confirmation that support and incident processes are in place. If production access is approved, we will confirm the next steps for go-live. If approval is not granted, we will explain the reason and outline what needs to be addressed.

Information You Need to Provide

To support your onboarding request, please provide:

  • Organisation name and primary contact details

  • Supplier details, where applicable

  • Description of the NePS API use case and expected benefits

  • Target environments required

  • Solution architecture overview, including system integrations and data flows

  • Estimated transaction volumes and usage profile

  • Data protection assessment, where applicable

  • Security assessment and evidence of security controls

  • Clinical safety or hazard documentation, where applicable

  • Testing approach and evidence of successful non-production testing

  • Support model, including service desk and escalation arrangements

  • Incident management process, including notification of safety or security incidents

  • Business continuity or resilience approach

  • Relevant assurance or accreditation evidence, such as Cyber Essentials Plus or ISO 27001, where applicable

Useful Supporting Documents

The following are often helpful to provide alongside your request:

  • Architecture diagram

  • Data flow diagram

  • Release plan or delivery roadmap

  • Penetration test summary

  • Operational support handbook

  • Contact list for technical, support, and governance leads

Before You Submit

Please make sure:

  • Your use case has a clear business or service need

  • You can identify the lawful basis and governance controls for any data processed

  • Your solution has appropriate authentication, authorisation, audit, and monitoring arrangements

  • Your team is prepared to support the integration in non-production and production

  • You have reviewed the relevant API documentation, terms of use, and testing guidance

Need Help?

If you are unsure whether your organisation is ready to start onboarding, contact the HSE NePS API team before submitting a request. We can help you identify the right API, confirm prerequisites, and explain the review process.

Placeholders to replace before publishing:

  • HSE NePS onboarding form link

  • HSE API terms / acceptable use link

  • HSE testing guidance link

  • HSE support email or service desk link

  • Specific environment names if you want to distinguish sandbox, SIT, UAT, and production