From d0c82d58e75d55c61c6f1795df8df600123c98bf Mon Sep 17 00:00:00 2001 From: Mark Slowey Date: Tue, 25 Nov 2025 11:12:48 +0000 Subject: [PATCH 1/8] auth header --- .../api/components/parameters/authorization.yml | 9 +++++++++ specification/api/notify-supplier-phase1.yml | 4 ++++ 2 files changed, 13 insertions(+) create mode 100644 specification/api/components/parameters/authorization.yml diff --git a/specification/api/components/parameters/authorization.yml b/specification/api/components/parameters/authorization.yml new file mode 100644 index 00000000..4b07cad7 --- /dev/null +++ b/specification/api/components/parameters/authorization.yml @@ -0,0 +1,9 @@ +name: Authorization +in: header +description: |- + An OAuth 2.0 bearer token. Required in integration and production environments. +required: true +schema: + type: string + #pattern: ^Bearer [[:ascii:]]+$ + example: Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM diff --git a/specification/api/notify-supplier-phase1.yml b/specification/api/notify-supplier-phase1.yml index 589c18af..7b603124 100644 --- a/specification/api/notify-supplier-phase1.yml +++ b/specification/api/notify-supplier-phase1.yml @@ -9,6 +9,7 @@ security: paths: /letters: parameters: + - $ref: 'components/parameters/authorization.yml' - $ref: 'components/parameters/requestId.yml' - $ref: 'components/parameters/correlationId.yml' post: @@ -17,6 +18,7 @@ paths: $ref: 'components/endpoints/listLetters.yml' '/letters/{id}': parameters: + - $ref: 'components/parameters/authorization.yml' - $ref: 'components/parameters/requestId.yml' - $ref: 'components/parameters/correlationId.yml' - $ref: 'components/parameters/resourceId.yml' @@ -26,6 +28,7 @@ paths: $ref: 'components/endpoints/patchLetter.yml' '/letters/{id}/data': parameters: + - $ref: 'components/parameters/authorization.yml' - $ref: 'components/parameters/resourceId.yml' - $ref: 'components/parameters/requestId.yml' - $ref: 'components/parameters/correlationId.yml' @@ -35,6 +38,7 @@ paths: # $ref: 'components/endpoints/headDataId.yml' /mi: parameters: + - $ref: 'components/parameters/authorization.yml' - $ref: 'components/parameters/requestId.yml' - $ref: 'components/parameters/correlationId.yml' post: From e1ac3d451e3b8f3addb9e2ceac4cc4c07f5ffe01 Mon Sep 17 00:00:00 2001 From: Mark Slowey Date: Tue, 25 Nov 2025 11:38:17 +0000 Subject: [PATCH 2/8] remove required for published spec simplicity --- VERSION | 2 +- specification/api/components/parameters/authorization.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/VERSION b/VERSION index 0e6bc07b..ed1dc891 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.0.0-${yyyy}${mm}${dd}.${HH}${MM}${SS}+${hash} +1.0.1-${yyyy}${mm}${dd}.${HH}${MM}${SS}+${hash} diff --git a/specification/api/components/parameters/authorization.yml b/specification/api/components/parameters/authorization.yml index 4b07cad7..de566bd1 100644 --- a/specification/api/components/parameters/authorization.yml +++ b/specification/api/components/parameters/authorization.yml @@ -2,8 +2,8 @@ name: Authorization in: header description: |- An OAuth 2.0 bearer token. Required in integration and production environments. -required: true +required: false schema: type: string - #pattern: ^Bearer [[:ascii:]]+$ + pattern: ^Bearer [[:ascii:]]+$ example: Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM From 9ff7db586b22bef5a0e3e133d82e737f2d3330c7 Mon Sep 17 00:00:00 2001 From: Mark Slowey Date: Tue, 25 Nov 2025 12:38:24 +0000 Subject: [PATCH 3/8] authorization variants by apim env --- Makefile | 6 ++++++ sdk/_config.version.yml | 2 +- .../parameters/authorization/authorization-int.yml | 9 +++++++++ .../authorization-internal-dev-pr.yml} | 0 .../authorization/authorization-internal-dev.yml | 9 +++++++++ .../parameters/authorization/authorization-prod.yml | 9 +++++++++ .../parameters/authorization/authorization-ref.yml | 9 +++++++++ .../parameters/authorization/authorization-sandbox.yml | 9 +++++++++ .../parameters/authorization/authorization-template.yml | 1 + .../parameters/authorization/authorization.yml | 1 + specification/api/notify-supplier-phase1.yml | 8 ++++---- 11 files changed, 58 insertions(+), 5 deletions(-) create mode 100644 specification/api/components/parameters/authorization/authorization-int.yml rename specification/api/components/parameters/{authorization.yml => authorization/authorization-internal-dev-pr.yml} (100%) create mode 100644 specification/api/components/parameters/authorization/authorization-internal-dev.yml create mode 100644 specification/api/components/parameters/authorization/authorization-prod.yml create mode 100644 specification/api/components/parameters/authorization/authorization-ref.yml create mode 100644 specification/api/components/parameters/authorization/authorization-sandbox.yml create mode 100644 specification/api/components/parameters/authorization/authorization-template.yml create mode 100644 specification/api/components/parameters/authorization/authorization.yml diff --git a/Makefile b/Makefile index d137fbdc..dacd22f5 100644 --- a/Makefile +++ b/Makefile @@ -45,6 +45,11 @@ publish-oas: $(MAKE) copy-examples npm run publish-oas +set-authorization: guard-APIM_ENV + @ AUTHORIZATION=authorization-$$APIM_ENV.yml \ + envsubst '$${AUTHORIZATION}' \ + < specification/api/components/parameters/authorization/authorization-template.yml > specification/api/components/parameters/authorization/authorization.yml + set-target: guard-APIM_ENV @ TARGET=target-$$APIM_ENV.yml \ envsubst '$${TARGET}' \ @@ -64,6 +69,7 @@ set-security: guard-APIM_ENV < specification/api/components/security-schemes/security-schemes-template.yml > specification/api/components/security-schemes/security-schemes.yml construct-spec: guard-APIM_ENV + $(MAKE) set-authorization APIM_ENV=$$APIM_ENV $(MAKE) set-target APIM_ENV=$$APIM_ENV $(MAKE) set-access APIM_ENV=$$APIM_ENV $(MAKE) set-security APIM_ENV=$$APIM_ENV diff --git a/sdk/_config.version.yml b/sdk/_config.version.yml index 9e5d8273..2ef5bdf4 100644 --- a/sdk/_config.version.yml +++ b/sdk/_config.version.yml @@ -1 +1 @@ -version: 0.2.0-20251120.121539+0c18993 +version: 1.0.1-20251125.114311+e1ac3d4 diff --git a/specification/api/components/parameters/authorization/authorization-int.yml b/specification/api/components/parameters/authorization/authorization-int.yml new file mode 100644 index 00000000..c4e9225d --- /dev/null +++ b/specification/api/components/parameters/authorization/authorization-int.yml @@ -0,0 +1,9 @@ +name: Authorization +in: header +description: |- + An OAuth 2.0 bearer token. Required in integration and production environments. +required: true +schema: + type: string + pattern: ^Bearer [[:ascii:]]+$ + example: Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM diff --git a/specification/api/components/parameters/authorization.yml b/specification/api/components/parameters/authorization/authorization-internal-dev-pr.yml similarity index 100% rename from specification/api/components/parameters/authorization.yml rename to specification/api/components/parameters/authorization/authorization-internal-dev-pr.yml diff --git a/specification/api/components/parameters/authorization/authorization-internal-dev.yml b/specification/api/components/parameters/authorization/authorization-internal-dev.yml new file mode 100644 index 00000000..de566bd1 --- /dev/null +++ b/specification/api/components/parameters/authorization/authorization-internal-dev.yml @@ -0,0 +1,9 @@ +name: Authorization +in: header +description: |- + An OAuth 2.0 bearer token. Required in integration and production environments. +required: false +schema: + type: string + pattern: ^Bearer [[:ascii:]]+$ + example: Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM diff --git a/specification/api/components/parameters/authorization/authorization-prod.yml b/specification/api/components/parameters/authorization/authorization-prod.yml new file mode 100644 index 00000000..c4e9225d --- /dev/null +++ b/specification/api/components/parameters/authorization/authorization-prod.yml @@ -0,0 +1,9 @@ +name: Authorization +in: header +description: |- + An OAuth 2.0 bearer token. Required in integration and production environments. +required: true +schema: + type: string + pattern: ^Bearer [[:ascii:]]+$ + example: Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM diff --git a/specification/api/components/parameters/authorization/authorization-ref.yml b/specification/api/components/parameters/authorization/authorization-ref.yml new file mode 100644 index 00000000..c4e9225d --- /dev/null +++ b/specification/api/components/parameters/authorization/authorization-ref.yml @@ -0,0 +1,9 @@ +name: Authorization +in: header +description: |- + An OAuth 2.0 bearer token. Required in integration and production environments. +required: true +schema: + type: string + pattern: ^Bearer [[:ascii:]]+$ + example: Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM diff --git a/specification/api/components/parameters/authorization/authorization-sandbox.yml b/specification/api/components/parameters/authorization/authorization-sandbox.yml new file mode 100644 index 00000000..de566bd1 --- /dev/null +++ b/specification/api/components/parameters/authorization/authorization-sandbox.yml @@ -0,0 +1,9 @@ +name: Authorization +in: header +description: |- + An OAuth 2.0 bearer token. Required in integration and production environments. +required: false +schema: + type: string + pattern: ^Bearer [[:ascii:]]+$ + example: Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM diff --git a/specification/api/components/parameters/authorization/authorization-template.yml b/specification/api/components/parameters/authorization/authorization-template.yml new file mode 100644 index 00000000..dcb94c5f --- /dev/null +++ b/specification/api/components/parameters/authorization/authorization-template.yml @@ -0,0 +1 @@ +$ref: $AUTHORIZATION diff --git a/specification/api/components/parameters/authorization/authorization.yml b/specification/api/components/parameters/authorization/authorization.yml new file mode 100644 index 00000000..87d1345b --- /dev/null +++ b/specification/api/components/parameters/authorization/authorization.yml @@ -0,0 +1 @@ +$ref: authorization-sandbox.yml diff --git a/specification/api/notify-supplier-phase1.yml b/specification/api/notify-supplier-phase1.yml index 7b603124..9588b820 100644 --- a/specification/api/notify-supplier-phase1.yml +++ b/specification/api/notify-supplier-phase1.yml @@ -9,7 +9,7 @@ security: paths: /letters: parameters: - - $ref: 'components/parameters/authorization.yml' + - $ref: 'components/parameters/authorization/authorization.yml' - $ref: 'components/parameters/requestId.yml' - $ref: 'components/parameters/correlationId.yml' post: @@ -18,7 +18,7 @@ paths: $ref: 'components/endpoints/listLetters.yml' '/letters/{id}': parameters: - - $ref: 'components/parameters/authorization.yml' + - $ref: 'components/parameters/authorization/authorization.yml' - $ref: 'components/parameters/requestId.yml' - $ref: 'components/parameters/correlationId.yml' - $ref: 'components/parameters/resourceId.yml' @@ -28,7 +28,7 @@ paths: $ref: 'components/endpoints/patchLetter.yml' '/letters/{id}/data': parameters: - - $ref: 'components/parameters/authorization.yml' + - $ref: 'components/parameters/authorization/authorization.yml' - $ref: 'components/parameters/resourceId.yml' - $ref: 'components/parameters/requestId.yml' - $ref: 'components/parameters/correlationId.yml' @@ -38,7 +38,7 @@ paths: # $ref: 'components/endpoints/headDataId.yml' /mi: parameters: - - $ref: 'components/parameters/authorization.yml' + - $ref: 'components/parameters/authorization/authorization.yml' - $ref: 'components/parameters/requestId.yml' - $ref: 'components/parameters/correlationId.yml' post: From 3d60875b460d0281ac42abc4f8a5fa05dc7cab1c Mon Sep 17 00:00:00 2001 From: Mark Slowey Date: Tue, 25 Nov 2025 12:45:10 +0000 Subject: [PATCH 4/8] change defaults to prod --- .../api/components/security-schemes/security-schemes.yml | 2 +- specification/api/components/security/security.yml | 2 +- specification/api/components/x-nhsd-apim/access.yml | 2 +- specification/api/components/x-nhsd-apim/target.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/specification/api/components/security-schemes/security-schemes.yml b/specification/api/components/security-schemes/security-schemes.yml index 33c6527d..78a3ea0e 100644 --- a/specification/api/components/security-schemes/security-schemes.yml +++ b/specification/api/components/security-schemes/security-schemes.yml @@ -1 +1 @@ -$ref: security-schemes-internal-dev-pr.yml +$ref: security-schemes-prod.yml diff --git a/specification/api/components/security/security.yml b/specification/api/components/security/security.yml index 53a35667..393524ce 100644 --- a/specification/api/components/security/security.yml +++ b/specification/api/components/security/security.yml @@ -1 +1 @@ -$ref: security-internal-dev-pr.yml +$ref: security-prod.yml diff --git a/specification/api/components/x-nhsd-apim/access.yml b/specification/api/components/x-nhsd-apim/access.yml index b0ce6064..c69c222d 100644 --- a/specification/api/components/x-nhsd-apim/access.yml +++ b/specification/api/components/x-nhsd-apim/access.yml @@ -1 +1 @@ -$ref: access-internal-dev-pr.yml +$ref: access-prod.yml diff --git a/specification/api/components/x-nhsd-apim/target.yml b/specification/api/components/x-nhsd-apim/target.yml index 37ed0721..a0f578ca 100644 --- a/specification/api/components/x-nhsd-apim/target.yml +++ b/specification/api/components/x-nhsd-apim/target.yml @@ -1 +1 @@ -$ref: target-internal-dev-pr.yml +$ref: target-prod.yml From 5c121c65ee05ddbfb660e379fd9837961eeeec28 Mon Sep 17 00:00:00 2001 From: Mark Slowey Date: Tue, 25 Nov 2025 13:19:23 +0000 Subject: [PATCH 5/8] use make for spec build --- sdk/Makefile | 2 +- sdk/_config.version.yml | 2 +- .../api/components/parameters/authorization/authorization.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sdk/Makefile b/sdk/Makefile index 76092481..ba052471 100644 --- a/sdk/Makefile +++ b/sdk/Makefile @@ -3,7 +3,7 @@ VERSION ?= "" SHELL = /bin/bash build: version # Build the project artefact @Pipeline - VER=$$(cat .version) && cd .. && npm run build --buildver=$$VER && cd sdk + VER=$$(cat .version) && cd .. && make build-yml-oas-spec APIM_ENV=prod && npm run generate --buildver=$$VER && cd sdk ./swagger-static.sh clean: # Clean-up project resources (main) @Operations diff --git a/sdk/_config.version.yml b/sdk/_config.version.yml index 2ef5bdf4..3941841c 100644 --- a/sdk/_config.version.yml +++ b/sdk/_config.version.yml @@ -1 +1 @@ -version: 1.0.1-20251125.114311+e1ac3d4 +version: 1.0.1-20251125.131623+3d60875 diff --git a/specification/api/components/parameters/authorization/authorization.yml b/specification/api/components/parameters/authorization/authorization.yml index 87d1345b..1dd82fdc 100644 --- a/specification/api/components/parameters/authorization/authorization.yml +++ b/specification/api/components/parameters/authorization/authorization.yml @@ -1 +1 @@ -$ref: authorization-sandbox.yml +$ref: authorization-prod.yml From 9954fb29cb52f4691d71ebd32048b5202c0910ae Mon Sep 17 00:00:00 2001 From: Mark Slowey Date: Tue, 25 Nov 2025 15:17:39 +0000 Subject: [PATCH 6/8] try to increase timeout --- .../terraform/components/api/resources/spec.tmpl.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/terraform/components/api/resources/spec.tmpl.json b/infrastructure/terraform/components/api/resources/spec.tmpl.json index 5d333780..02fa135a 100644 --- a/infrastructure/terraform/components/api/resources/spec.tmpl.json +++ b/infrastructure/terraform/components/api/resources/spec.tmpl.json @@ -75,7 +75,7 @@ "statusCode": "200" } }, - "timeoutInMillis": 29000, + "timeoutInMillis": 120000, "type": "AWS_PROXY", "uri": "arn:aws:apigateway:${AWS_REGION}:lambda:path/2015-03-31/functions/${GET_LETTERS_LAMBDA_ARN}/invocations" } From de9645e1728a982396af938eb5e7d9870c803983 Mon Sep 17 00:00:00 2001 From: Mark Slowey Date: Tue, 25 Nov 2025 15:38:19 +0000 Subject: [PATCH 7/8] revert timeout experiment --- .../terraform/components/api/resources/spec.tmpl.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/terraform/components/api/resources/spec.tmpl.json b/infrastructure/terraform/components/api/resources/spec.tmpl.json index 02fa135a..5d333780 100644 --- a/infrastructure/terraform/components/api/resources/spec.tmpl.json +++ b/infrastructure/terraform/components/api/resources/spec.tmpl.json @@ -75,7 +75,7 @@ "statusCode": "200" } }, - "timeoutInMillis": 120000, + "timeoutInMillis": 29000, "type": "AWS_PROXY", "uri": "arn:aws:apigateway:${AWS_REGION}:lambda:path/2015-03-31/functions/${GET_LETTERS_LAMBDA_ARN}/invocations" } From b27731f8a06bbbbd1ff34263690b0609fe7c7bc7 Mon Sep 17 00:00:00 2001 From: Mark Slowey Date: Wed, 26 Nov 2025 13:11:55 +0000 Subject: [PATCH 8/8] change dynamic envs to use apikey header --- .../authorization/authorization-internal-dev-pr.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/specification/api/components/parameters/authorization/authorization-internal-dev-pr.yml b/specification/api/components/parameters/authorization/authorization-internal-dev-pr.yml index de566bd1..e62b2067 100644 --- a/specification/api/components/parameters/authorization/authorization-internal-dev-pr.yml +++ b/specification/api/components/parameters/authorization/authorization-internal-dev-pr.yml @@ -1,9 +1,7 @@ -name: Authorization +name: apikey in: header description: |- - An OAuth 2.0 bearer token. Required in integration and production environments. + API Key to authorize in dynamic environments only. required: false schema: type: string - pattern: ^Bearer [[:ascii:]]+$ - example: Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM