NHSDigital · nhsd-rebecca-flynn · Jan 26, 2026 · Jan 27, 2026
@@ -0,0 +1,3 @@
+
+**/node_modules/**
+
@@ -0,0 +1,72 @@
+meta {
+  name: Get Auth Token
+  type: http
+  seq: 1
+}
+
+post {
+  url: https://internal-dev.api.service.nhs.uk/oauth2/token
+  body: formUrlEncoded
+  auth: none
+}
+
+body:form-urlencoded {
+  grant_type: client_credentials
+  client_assertion_type: urn:ietf:params:oauth:client-assertion-type:jwt-bearer
+}
+
+script:pre-request {
+  const jwt = require("jsonwebtoken");
+  const fs = require("fs");
+  const crypto = require("crypto");
+
+  // Read env vars
+  const secret = bru.getEnvVar("JWT_SECRET");
+  const privateKeyPath = bru.getEnvVar("PRIVATE_KEY_PATH");
+
+  // Enviroment variables check
+  if (!secret) {
+    throw new Error("JWT_SECRET environment variable is missing.");
+  }
+  if (!privateKeyPath) {
+    throw new Error("PRIVATE_KEY_PATH environment variable is missing.");
+  }
+
+  const privateKey = fs.readFileSync(privateKeyPath)
+
+  const payload = {
+    sub: secret,
+    iss: secret,
+    jti: crypto.randomUUID(),
+    aud: "https://internal-dev.api.service.nhs.uk/oauth2/token",
+    exp: (Date.now()/1000) + 300
+  };
+
+  const options = {
+    algorithm:'RS512',
+    header: {kid: "kid-1"}
+  }
+
+
+  // Sign token
+  const token = jwt.sign(payload, privateKey, options);
+
+
+  let new_body = req.getBody();
+  new_body.push({name: "client_assertion", value:token})
+
+  req.setBody(new_body)
+
+
+  // For debugging: see the generated token in the console
+  // console.log("Generated JWT:", token);
+}
+
+script:post-response {
+  bru.setEnvVar("auth_token", res.getBody().access_token)
+}
+
+settings {
+  encodeUrl: true
+  timeout: 0
+}
@@ -0,0 +1,15 @@
+meta {
+  name: Get Healthcheck status
+  type: http
+  seq: 3
+}
+
+get {
+  url: https://internal-dev.api.service.nhs.uk/pathology-laboratory-reporting/_status
+  body: none
+  auth: inherit
+}
+
+settings {
+  encodeUrl: true
+}
@@ -0,0 +1,39 @@
+meta {
+  name: Post Document Bundle via APIM
+  type: http
+  seq: 2
+}
+
+post {
+  url: https://internal-dev.api.service.nhs.uk/pathology-laboratory-reporting/FHIR/R4/Bundle
+  body: json
+  auth: inherit
+}
+
+headers {
+  Content-Type: application/fhir+json
+}
+
+body:json {
+  {
+    "resourceType": "Bundle",
+    "type": "document",
+    "entry": [
+      {
+          "fullUrl": "patient",
+          "resource": {
+              "resourceType": "Patient",
+              "identifier": {
+                  "system": "https://fhir.nhs.uk/Id/nhs-number",
+                  "value": "test-nhs-number"
+              }
+          }
+      }
+    ]
+  }
+}
+
+settings {
+  encodeUrl: true
+  timeout: 0
+}
@@ -0,0 +1,19 @@
+{
+  "version": "1",
+  "name": "APIM",
+  "type": "collection",
+  "ignore": [
+    "node_modules",
+    ".git"
+  ],
+  "scripts": {
+    "moduleWhiteList": [
+      "jsonwebtoken",
+      "fs",
+      "crypto"
+    ],
+    "filesystemAccess": {
+      "allow": true
+    }
+  }
+}
@@ -0,0 +1,7 @@
+auth {
+  mode: bearer
+}
+
+auth:bearer {
+  token: {{auth_token}}
+}
@@ -0,0 +1,5 @@
+vars:secret [
+  PRIVATE_KEY_PATH,
+  JWT_SECRET,
+  auth_token
+]
@@ -0,0 +1,16 @@
+{
+  "name": "apim",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "type": "commonjs",
+  "dependencies": {
+    "jsonwebtoken": "^9.0.3"
+  }
+}