MESH Endpoint Lookup Service - help please

We’re trying to interface our service platform to MESH, to allow us to send correspondence to GP practices (outpatient attendance letters, discharges, etc). As a first step, I’m trying to use the MESH Endpoint Lookup Service using the API specified in Section 4.2 of this specification.

I have previously obtained a MESH API certificate from NHS Digital and am using this alongside the RootCA and SubCA certificates also obtained from NHS Digital. I have manually checked the certificate chain and everything is in order.

I’m calling the API using curl from the commandline, and have tried the example given in the spec:

https://mesh-sync.national.ncrs.nhs.uk/endpointlookup/mesh/X26/TOC_AE_DMS
and also various others replacing “X26” with the ODS code of a GP practice we’re going to be communicating with, and the Workflow ID with other varients, including “TOC_FHIR_OP-ATTEN”, “TOC_OUTP_ATT_DMS” and “GP2GP”.

The command I’m using is:
curl -v
–cacert NHSCertChain.crt
–key meshapi.key
–cert meshapi.crt
https://mesh-sync.national.ncrs.nhs.uk/endpointlookup/mesh/X26/TOC_AE_DMS

In all cases I get a simple “404 Not Found” response from the server (which appears to be running nginx). The debug from curl shows me the progress of the call, and I can see TLS being negotiated, the client and server certificate exchange, and then the “404 Not Found” response.

I’ve also (accidentally) tried using the simple-sync server (which requires a Spine certificate, not a MESH certificate), and in that case, as expected,. I get “403 Forbidden”), which gives me further confidence that the certificate chain and exchange is working correctly.

Any suggestions as to what I’m doing wrong, or how I can debug further?

Thanks in advance.

Nigel

My last experience with the wonderful world of NHSD certs ended up with a call to SA-Service desk. They answered and fixed pretty quickly.

As I say, I’m pretty confident that the problem isn’t certificate-related. I’ve contacted the NHS Digital Platforms Support Desk, who have kindly referred me to the specification I am already using :slight_smile:

To be fair, they also invited me to get back in touch if I was still stuck - which I have done - but I thought I’d try crowdsourcing some suggestions whilst waiting for their reply.

Cheers,

Nigel

1 Like

How sure are you that the ODS code you are trying to reach is registered with a MESH endpoint for those workflow IDs? The governance around changes to MESH endpoints has been patchy in the past with the result that there are inaccuracies in the underlying database.

This is still N3 only? No opentest

I’ve tried various ODS codes:

  • those of a number of the GP Practices we want to send documents to, with various Workflow IDs, inc TOC_FHIR_OP-ATTEN (which the NHS Digital Interop Team recommended we use for communicating our messages to GP systems), TOC_OUTP_ATT_DMS and GP2GP
  • our own - we’ve recently been allocated a MESH mailbox by NHS Digital specifically to send Transfer of Care messages, such as Outpatient Attendance;
  • the example given in the spec (ODS Code: X26, Workflow ID TOC_AE_DMS.

All fail in exactly the same way - “404 Not Found”.

Nigel

I haven’t heard of “opentest”.
I have some test MESH accounts and the client certificates for using NHS Digital’s Integration Test environment, but they didn’t supply the API keys/certs, and there is no mention of the MESH Endpoint Lookup Service in that environment - although I’ve now been told it is there, so I’ve just asked for the API keys/certs. Meantime, as it was such a simple API, I thought I’d test it worked on Live, as I already have all the keys and certificates - only to find it doesn’t :frowning:

Nigel

Hi Nigel. We helped create MESH and have written several integrations for it. Tricky to understand what the problem might be over chat but if you really get stuck feel free to get in touch and we might be able to free up one of our DevOps engineers to help.

Thanks for the offer Joseph. It’ll be next week before I have the opportunity to have another chance to try anything on this again, but if you have the ability to call the API and can tell me exactly what URL you used (including ODS Code and Workflow ID), and the response you got, that will enable me to test an exact call that someone else can successfully make.

Cheers,

Nigel

On a side note. Does anyone know why MESH endpoint lookup wasn’t implemented within Spine Directory Service? So when you run the queries to lookup up services provided by organisation (ods = 123).
So for sending documents to GP’s you don’t want to query one to find the unstructured endpoint (GP Connect Send Task) and then the other for structured (Transfer Of Care)

SDS is currently holding http (/restul and Hl7v3) delivery addresses and MESH mail delivery addresses. In theory to work how to send it involves two separate systems from NHS Digital which is not ideal.

both document formats are going to use HL7 FHIR… but may again differ on the FHIR Message ‘envelope’.