[ERSSUP-83710]-[AO]-[Update 401 and 403 error descriptions]-[DMW]

nhsd-david-wass · nhsd-david-wass · commit f10c3a295184 · 2025-04-01T08:48:52.000Z
diff --git a/sandbox/src/mocks/stu3/STU3-Unauthorised.json b/sandbox/src/mocks/stu3/STU3-Unauthorised.json
@@ -0,0 +1,23 @@
+{
+  "meta": {
+    "profile": [
+      "https://fhir.nhs.uk/STU3/StructureDefinition/eRS-OperationOutcome-1"
+    ]
+  },
+  "resourceType": "OperationOutcome",
+  "issue": [
+    {
+      "severity": "error",
+      "code": "login",
+      "details": {
+        "coding": [
+          {
+            "system": "https://fhir.nhs.uk/STU3/CodeSystem/eRS-APIErrorCode-1",
+            "code": "NO_ACCESS"
+          }
+        ]
+      },
+      "diagnostics": "Example diagnostics message."
+    }
+  ]
+}
diff --git a/specification/components/r4/schemas/responses/Forbidden.yaml b/specification/components/r4/schemas/responses/Forbidden.yaml
@@ -5,6 +5,7 @@ description: |
   | issue.details.coding.code | issue.code | Coding System                                                      | Description                                                                        |
   | ------------------------- | ---------- | ------------------------------------------------------------------ | ---------------------------------------------------------------------------------- |
   | REC_FORBIDDEN             | forbidden  | [BaRS Error Code](https://fhir.nhs.uk/CodeSystem/http-error-codes) | A call attempts to access or operate upon a resource without proper authorisation. |
+  | ACCESS_DENIED             | forbidden  | [APIM Error Code](https://fhir.nhs.uk/CodeSystem/NHSD-API-ErrorOrWarningCode) | The request could not be authenticated due to insufficient credentials being provided. |
 
 headers:
   X-Correlation-ID:
@@ -18,4 +19,4 @@ content:
     schema:
       $ref: '../NHSDigital-OperationOutcome.yaml'
     example:
-      $ref: '../../examples/NHSDigital-OperationOutcome-403.json'
+      $ref: '../../examples/NHSDigital-OperationOutcome-403.json'
diff --git a/specification/components/r4/schemas/responses/Unauthorized.yaml b/specification/components/r4/schemas/responses/Unauthorized.yaml
@@ -4,7 +4,7 @@ description: |
   
   | issue.details.coding.code | issue.code       | Coding System                                                                 | Description                                                                                                                                                                              |
   | ------------------------- | ---------------- | ----------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-  | ACCESS_DENIED             | login            | [APIM Error Code](https://fhir.nhs.uk/CodeSystem/NHSD-API-ErrorOrWarningCode) | The request could not be authenticated due to either no credentials being provided or the provided credentials no longer being valid. Callers receiving this code should reauthenticate. |
+  | ACCESS_DENIED             | <ul><li>login</li><li>forbidden</li></ul> | [APIM Error Code](https://fhir.nhs.uk/CodeSystem/NHSD-API-ErrorOrWarningCode) | The request could not be authenticated due to either no credentials being provided or the provided credentials no longer being valid. Callers receiving this code should reauthenticate. |
 headers:
   X-Correlation-ID:
     $ref: '../headers/response/CorrelationID.yaml'
@@ -15,4 +15,4 @@ content:
     schema:
       $ref: '../NHSDigital-OperationOutcome.yaml'
     example:
-      $ref: '../../examples/NHSDigital-OperationOutcome-401.json'
+      $ref: '../../examples/NHSDigital-OperationOutcome-401.json'
diff --git a/specification/components/stu3/schemas/responses/Forbidden.yaml b/specification/components/stu3/schemas/responses/Forbidden.yaml
@@ -2,9 +2,10 @@ description: |
   Where status code 403 (Forbidden) is returned then an eRS-OperationOutcome-1 will be included in the body, as detailed below.
   Check diagnostics property for specific information regarding the error.
   
-  | Error code                         | Description                                                                                                                 |
-  | ---------------------------------- | --------------------------------------------------------------------------------------------------------------------------- |
-  | FORBIDDEN                          | Access Forbidden.                                                               |
+  | issue.details.coding.code | issue.code | Coding System                                                      | Description                                                                        |
+  | ------------------------- | ---------- | ------------------------------------------------------------------ | ---------------------------------------------------------------------------------- |
+  | FORBIDDEN                 | forbidden  | [eRS Error Code](https://fhir.nhs.uk/CodeSystem/ers-error-codes)   | A call attempts to access or operate upon a resource without proper authorisation. |
+  | NO_ACCESS                 | forbidden  | [eRS Error Code](https://fhir.nhs.uk/CodeSystem/ers-error-codes)   | The request could not be authenticated due to insufficient credentials being provided. |
 headers:
   X-Correlation-ID:
     $ref: '../headers/response/CorrelationID.yaml'
diff --git a/specification/components/stu3/schemas/responses/Unauthorized.yaml b/specification/components/stu3/schemas/responses/Unauthorized.yaml
@@ -1 +1,20 @@
-description: Unauthorized
+description: |
+  Where status code 401 (Unauthorised) is returned then an eRS-OperationOutcome-1 will be included in the body, as detailed below.
+  Check diagnostics property for specific information regarding the error.
+  
+  | issue.details.coding.code | issue.code | Coding System                                                      | Description                                                                        |
+  | ------------------------- | ---------- | ------------------------------------------------------------------ | ---------------------------------------------------------------------------------- |
+  | NO_ACCESS                 | <ul><li>login</li><li>forbidden</li></ul>  | [eRS Error Code](https://fhir.nhs.uk/CodeSystem/ers-error-codes)   | The request could not be authenticated due to either no credentials being provided or the provided credentials no longer being valid. Callers receiving this code should reauthenticate. |
+headers:
+  X-Correlation-ID:
+    $ref: '../headers/response/CorrelationID.yaml'
+  X-Request-ID:
+    $ref: '../headers/response/RequestID.yaml'
+  Content-Type:
+    $ref: '../headers/response/ContentTypeFhirJson.yaml'
+content:
+  application/fhir+json:
+    schema:
+      $ref: '../STU3-OperationOutcome.yaml'
+    example:
+      $ref: '../../examples/STU3-Unauthorised.json'
