NPA-5880: Pre-prod/int environment Postman collection

postman/INT.postman_environment.json

@@ -0,0 +1,70 @@
+{
+	"id": "22fac400-f932-4ea9-8ef4-86b135cfcea0",
+	"name": "INT",
+	"values": [
+		{
+			"key": "cis2_token",
+			"value": "",
+			"type": "secret",
+			"enabled": true
+		},
+		{
+			"key": "login_token",
+			"value": "",
+			"type": "secret",
+			"enabled": true
+		},
+		{
+			"key": "api_base_url",
+			"value": "https://int.api.service.nhs.uk/validated-relationships/FHIR/R4",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "vrs_api_private_key",
+			"value": "",
+			"type": "secret",
+			"enabled": true
+		},
+		{
+			"key": "nhs_developer_account_api_key",
+			"value": "",
+			"type": "secret",
+			"enabled": true
+		},
+		{
+			"key": "consent_app_auth_header_value",
+			"value": "",
+			"type": "secret",
+			"enabled": true
+		},
+		{
+			"key": "tpp_9674998535_access_token",
+			"value": "",
+			"type": "secret",
+			"enabled": true
+		},
+		{
+			"key": "tpp_9674998454_access_token",
+			"value": "",
+			"type": "secret",
+			"enabled": true
+		},
+		{
+			"key": "emis_9692113698_access_token",
+			"value": "",
+			"type": "secret",
+			"enabled": true
+		},
+		{
+			"key": "emis_9692113612_access_token",
+			"value": "",
+			"type": "secret",
+			"enabled": true
+		}
+	],
+	"color": null,
+	"_postman_variable_scope": "environment",
+	"_postman_exported_at": "2025-12-05T12:22:03.035Z",
+	"_postman_exported_using": "Postman/11.74.2"
+}

postman/README.md

@@ -1,8 +1,18 @@
-# Postman Collection
+# Postman Collections
 
-This folder contains the Postman collection for the API.
+This folder contains the Sandbox and Integration Postman collections for the VRS API.
 
 > [!WARNING]
 > Documentation and links in this file are specific to the maintainers of this repository and are only available to NHS England staff.
 
-To update the Postman collection follow the steps on the [How to update Postman Collection Confluence page](https://nhsd-confluence.digital.nhs.uk/pages/viewpage.action?pageId=874694621)
+## Updating the collections
+
+To update the Postman collections follow the steps on the [How to update Postman Collection Confluence page](https://nhsd-confluence.digital.nhs.uk/pages/viewpage.action?pageId=874694621)
+
+## Integration collection
+
+The 'integration' postman collection includes requests and examples to be used by the VRS team, consumers, and external
+parties to test against our INT environment.
+
+For details on the environment variables and authorization methods required for this environment, please see the Getting
+Started section within the Postman collection itself.

scripts/README.md

@@ -0,0 +1,158 @@
+# How to run Scripts
+
+## First Steps
+
+### Install packages
+
+The tooling we use to manage our packages in poetry so this needs to be installed on your local machine in order to run
+the scripts.
+
+Then run the following command in the scripts directory
+
+```
+poetry install
+```
+
+## Script Specific
+
+### Get CIS2 Access Token for Int Environment
+
+#### Set Environment Variables
+
+You will require the following environment variables in order to run the script:
+
+```
+export APIGEE_ENVIRONMENT=int
+export APPLICATION_CLIENT_ID={application_client_id}
+export APPLICATION_CLIENT_SECRET={application_client_secret}
+```
+
+The values for `APPLICATION_CLIENT_ID` and `APPLICATION_CLIENT_SECRET` can be found on the NHS Developer Account
+portal 'NHS - Proxy Core Services...' environment resource in the Active API keys section.
+
+#### Select an identifier
+
+There are a different levels of authenticator assurance levels eg. AAL3.
+For VRS CIS2 users are only accessible to access selected APIs.
+Please find a list of test users detailed in this page:
+https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/testing-apis-with-our-mock-authorisation-service#test-users-for-cis2-authentication
+This can be used to select your identifier for the next step.
+i.e. 656005750108 to test with a CIS2 user with AAL3 authenticator assurance level.
+
+#### Run the script
+
+Then run the following command in the scripts directory
+
+```
+poetry run python3 get_cis2_access_token_int.py
+```
+
+You will be prompted to "Enter an identifier: "
+
+Enter the identifier selected in previous step eg. 656005750108
+
+In your terminal you should see a response that includes an access token
+
+e.g.
+
+```
+{'access_token': 'EFFs3EeT0SZbF2J14LvM93vVDTaA', 'expires_in': '599', 'refresh_token': 'BDEcXjJI36DJA8Dlw8wS0jCuYJJqC8tK', 'refresh_token_expires_in': '43199', 'refresh_count': '0', 'token_type': 'Bearer'}
+```
+
+### Get NHS Login Access Token for Int Environment
+
+#### Set Environment Variables
+
+You will require the following environment variables in order to run the script:
+
+```
+export APIGEE_ENVIRONMENT=int
+export APPLICATION_CLIENT_ID={application_client_id}
+export APPLICATION_CLIENT_SECRET={application_client_secret}
+```
+
+The values for `APPLICATION_CLIENT_ID` and `APPLICATION_CLIENT_SECRET` can be found on the NHS Developer Account
+portal 'NHS - Proxy Core Services...' environment resource in the Active API keys section.
+
+#### Select an identifier
+
+There are a different identity proofing levels eg. p9.
+For VRS p9 users are only accessible to access selected APIs.
+Please find a list of test users detailed in this page:
+https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/testing-apis-with-our-mock-authorisation-service#test-users-for-nhs-login
+This can be used to select your identifier for the next step.
+i.e. 9912003071 to test with a p9 user.
+
+#### Run the script
+
+Then run the following command in the scripts directory
+
+```
+poetry run python3 get_nhs_login_access_token_int.py
+```
+
+You will be prompted to "Enter an identifier: "
+
+Enter the identifier selected in previous step eg. 9912003071
+
+In your terminal you should see a response that includes an access token
+
+e.g.
+
+```
+{'access_token': 'EFFs3EeT0SZbF2J14LvM93vVDTaA', 'expires_in': '599', 'refresh_token': 'BDEcXjJI36DJA8Dlw8wS0jCuYJJqC8tK', 'refresh_token_expires_in': '43199', 'refresh_count': '0', 'token_type': 'Bearer'}
+```
+
+### Get App Restricted Access Token for Int Environment
+
+Application restricted authentication is when a system is trying to access an API rather than a person. For example the
+Validated Relationship Service (VRS) will need an app restricted access token in order to call the Personal Demographic
+Service (PDS) API.
+https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#application-restricted-apis
+
+#### Set Environment Variables
+
+You will require the following environment variables in order to run the script:
+
+```
+export APIGEE_ENVIRONMENT=int
+export APPLICATION_CLIENT_ID={vrs_application_client_id}
+export APPLICATION_CLIENT_KID={vrs_application_client_secret}
+export APPLICATION_CLIENT_PRIVATE_KEY={vrs_application_client_private_key}
+```
+
+Note with VRS_CLIENT_PRIVATE_KEY it needs to be wrapped in double quotation marks otherwise there can be formatting
+errors
+
+The values for `APPLICATION_CLIENT_ID` and `APPLICATION_CLIENT_KID` can be found on the NHS Developer Account portal '
+NHS - Proxy Core Services...' environment resource in the Active API keys section.
+
+The `APPLICATION_CLIENT_PRIVATE_KEY` is stored in AWS Secrets Manager. Please contact the VRS team if you don't have AWS
+access to obtain this.
+
+#### Run the script
+
+Then run the following command in the scripts directory
+
+```
+poetry run python3 get_app_access_token_int.py
+```
+
+In your terminal you should see a response that includes an access token
+
+e.g.
+
+```
+{'access_token': 'EFFs3EeT0SZbF2J14LvM93vVDTaA', 'expires_in': '599', 'refresh_token': 'BDEcXjJI36DJA8Dlw8wS0jCuYJJqC8tK', 'refresh_token_expires_in': '43199', 'refresh_count': '0', 'token_type': 'Bearer'}
+```
+
+### Trouble Shooting
+
+If you have issues with the script, a good place to start is to ensure the environment variables are accessible to
+poetry. This can be achieved by installing the poetry dotenv plugin
+
+Run this command
+
+```
+poetry plugin add poetry-dotenv-plugin
+```

scripts/get_app_access_token_int.py

@@ -0,0 +1,19 @@
+from os import getenv
+from pytest_nhsd_apim.identity_service import (
+    ClientCredentialsConfig,
+    ClientCredentialsAuthenticator,
+)
+
+client_id = getenv("APPLICATION_CLIENT_ID")
+kid = getenv("APPLICATION_CLIENT_KID")
+private_key = getenv("APPLICATION_CLIENT_PRIVATE_KEY").replace("\\n", "\n")
+config = ClientCredentialsConfig(
+    environment=getenv("APIGEE_ENVIRONMENT"),
+    identity_service_base_url=f"https://{getenv('APIGEE_ENVIRONMENT')}.api.service.nhs.uk/oauth2-mock",
+    client_id=client_id,
+    jwt_private_key=private_key,
+    jwt_kid=kid,
+)
+
+authenticator = ClientCredentialsAuthenticator(config=config)
+print(authenticator.get_token())

scripts/get_cis2_access_token_int.py

@@ -0,0 +1,20 @@
+from os import getenv
+from pytest_nhsd_apim.identity_service import (
+    AuthorizationCodeConfig,
+    AuthorizationCodeAuthenticator,
+)
+
+identifier = str(input("Enter an identifier: "))
+scope = "nhs-cis2"
+config = AuthorizationCodeConfig(
+    environment=getenv("APIGEE_ENVIRONMENT"),
+    identity_service_base_url=f"https://{getenv('APIGEE_ENVIRONMENT')}.api.service.nhs.uk/oauth2-mock",
+    callback_url="https://oauth.pstmn.io/v1/browser-callback",
+    client_id=getenv("APPLICATION_CLIENT_ID"),
+    client_secret=getenv("APPLICATION_CLIENT_SECRET"),
+    scope=scope,
+    login_form={"username": identifier},
+)
+
+authenticator = AuthorizationCodeAuthenticator(config=config)
+print(authenticator.get_token())

scripts/get_nhs_login_access_token_int.py

@@ -0,0 +1,20 @@
+from os import getenv
+from pytest_nhsd_apim.identity_service import (
+    AuthorizationCodeConfig,
+    AuthorizationCodeAuthenticator,
+)
+
+identifier = str(input("Enter an identifier: "))
+scope = "nhs-login"
+config = AuthorizationCodeConfig(
+    environment=getenv("APIGEE_ENVIRONMENT"),
+    identity_service_base_url=f"https://{getenv('APIGEE_ENVIRONMENT')}.api.service.nhs.uk/oauth2-mock",
+    callback_url="https://oauth.pstmn.io/v1/browser-callback",
+    client_id=getenv("APPLICATION_CLIENT_ID"),
+    client_secret=getenv("APPLICATION_CLIENT_SECRET"),
+    scope=scope,
+    login_form={"username": identifier},
+)
+
+authenticator = AuthorizationCodeAuthenticator(config=config)
+print(authenticator.get_token())