Details of test resources made available to support the holistic testing of provider APIs and consumer applications

Provider testing (SIT)

An automated provider test harness has been made publicly available to allow standardised testing of the FHIR® APIs prior to any formal assurance activities being undertaken. This approach aims to streamline the end-to-end assurance process by ensuring that a common baseline level of technical conformance has been achieved and, thus, fewer issues are surfaced during formal assurance.

Provider testing layers

Category Layer Details
Provider Capability API Orchestration Use Cases
Provider Terminology API Data Layer Test Cases
Technical API Payload(s) FHIR Profile Conformance, ValueSet Usage, Constraint Rules
Technical API Conformance URL Format, URL Parameters, HTTP Error Handling
Standards FHIR Conformance Metadata, RESTful, Identifier Handling, Search Patterns
Technical Spine Integration SSL Certificate Handling, URL Format, SSP Headers
Standards HTTP Conformance Accept Encodings, Transfer Encodings, ETags Compression
Standards JWT Conformance Authentication, Claims, Auditing
Standards SSL Conformance TLS Versions, Supported Ciphers, Client Authentication, Certificate Revocation

See the GP Connect provider testing wiki for further details.

Non-functional

Category Layer Details
Security Penetration Testing OWASP Top 10
Performance API Performance Response Times
Volumetrics API TPS LOAD, RAMP, SOAK

Consumer testing (SIT)

Consumer testing layers

An additional UI testing layer is required for consumer systems.

Category Layer Details
Consumer Capability UI Behaviours UI Use Case Automation

Non-functional

Category Layer Details
Security Penetration Testing OWASP Top 10