NHSDigital · nhsd-jack-wainwright · Jan 28, 2026
@@ -5,7 +5,7 @@ meta {
 }
 
 post {
-  url: https://internal-dev.api.service.nhs.uk/oauth2/token
+  url: https://{{APIM_ENV}}.api.service.nhs.uk/oauth2/token
   body: formUrlEncoded
   auth: none
 }
@@ -16,12 +16,50 @@ body:form-urlencoded {
 }
 
 script:pre-request {
-  const { generateAuthToken } = require("../common/auth-token");
-  generateAuthToken(bru, req, "https://internal-dev.api.service.nhs.uk/oauth2/token", "kid-1");
+  function generateAuthToken(bru, req, audienceUrl, kid) {
+    const jwt = require("jsonwebtoken");
+    const fs = require("node:fs");
+    const crypto = require("node:crypto");
+
+    const secret = bru.getEnvVar("JWT_SECRET");
+    const privateKeyPath = bru.getEnvVar("PRIVATE_KEY_PATH");
+
+    if (!secret) {
+      throw new Error("JWT_SECRET environment variable is missing.");
+    }
+    if (!privateKeyPath) {
+      throw new Error("PRIVATE_KEY_PATH environment variable is missing.");
+    }
+
+    const privateKey = fs.readFileSync(privateKeyPath);
+
+    const payload = {
+      sub: secret,
+      iss: secret,
+      jti: crypto.randomUUID(),
+      aud: audienceUrl,
+      exp: (Date.now() / 1000) + 300
+    };
+
+    const options = {
+      algorithm: 'RS512',
+      header: { kid: kid }
+    };
+
+    const token = jwt.sign(payload, privateKey, options);
+
+    let new_body = req.getBody();
+    new_body.push({ name: "client_assertion", value: token });
+
+    req.setBody(new_body);
+  }
+
+  const environment = bru.getGlobalEnvVar("APIM_ENV")
+  generateAuthToken(bru, req, `https://${environment}.api.service.nhs.uk/oauth2/token`, bru.getEnvVar("KID"));
 }
 
 script:post-response {
-  bru.setEnvVar("auth_token", res.getBody().access_token)
+  bru.setGlobalEnvVar("auth_token", res.getBody().access_token)
 }
 
 settings {

@@ -5,7 +5,7 @@ meta {
 }
 
 post {
-  url: https://internal-dev.api.service.nhs.uk/pathology-laboratory-reporting-pr-{{PR_NUMBER}}/FHIR/R4/Bundle
+  url: https://{{APIM_ENV}}.api.service.nhs.uk/pathology-laboratory-reporting-pr-{{PR_NUMBER}}/FHIR/R4/Bundle
   body: json
   auth: inherit
 }
@@ -20,14 +20,16 @@ body:json {
     "type": "document",
     "entry": [
       {
-          "fullUrl": "patient",
-          "resource": {
-              "resourceType": "Patient",
-              "identifier": {
-                  "system": "https://fhir.nhs.uk/Id/nhs-number",
-                  "value": "test-nhs-number"
-              }
+        "fullUrl": "composition",
+        "resource": {
+          "resourceType": "Composition",
+          "subject": {
+            "identifier": {
+              "system": "https://fhir.nhs.uk/Id/nhs-number",
+              "value": "test-nhs-number"
+            }
           }
+        }
       }
     ]
   }

@@ -14,24 +14,35 @@ Your feature branch must have an open pull request (draft or ready for review) t
 
 The following environment variables will need to be configured in Bruno:
 
-| Variable           | Description                                          | Example                       |
-| ------------------ | ---------------------------------------------------- | ----------------------------- |
-| `PRIVATE_KEY_PATH` | Path to your private key file on your local machine  | `/home/user/.ssh/api-key.pem` |
-| `JWT_SECRET`       | Active API Key from your Developer Hub application   | `your-api-key-here`           |
-| `PR_NUMBER`        | The pull request number for your preview environment | `123`                         |
+| Variable           | Description                                           | Example                       |
+| ------------------ | ----------------------------------------------------  | ----------------------------- |
+| `PRIVATE_KEY_PATH` | Path to your private key file on your local machine   | `/home/user/.ssh/api-key.pem` |
+| `JWT_SECRET`       | Active API Key from your Developer Hub application    | `your-api-key-here`           |
+| `PR_NUMBER`        | The pull request number for your preview environment  | `123`                         |
+| `APIM_ENV`         | The APIM environment you're testing against           | `internal-dev`                |
+| `KID`              | The Key ID to utilise when generating an access token | `INT-1`                       |
 
-### 3. Developer Hub Application Setup
+### 3. Bruno Global Environment Variables
+
+The following environment variables also need to be configured as global variables in Bruno:
+
+| Variable           | Description                                           | Example                       | Secret |
+| ------------------ | ----------------------------------------------------- | ----------------------------- | ------ |
+| `APIM_ENV`         | The APIM environment you're testing against           | `internal-dev`                |        |
+| `auth_token`       | The auth token to use when accessing APIM             | `your-auth-token-here`        | x      |
+
+### 4. Developer Hub Application Setup
 
 Register an application on the [Internal Developer Hub](https://dos-internal.ptl.api.platform.nhs.uk/Index):
 
 1. Generate a public/private key pair
 2. Upload the public key to your application
 3. Copy the **Active API Key** and set it as the `JWT_SECRET` environment variable in Bruno
 
-### 4. Configure Proxy Endpoint
+### 5. Configure Proxy Endpoint
 
-The POST request URL automatically targets your preview environment proxy using the `PR_NUMBER` environment variable, which you will need to set. The URL follows this format:
+The POST request URL automatically targets your preview environment proxy using the `PR_NUMBER` and `APIM_ENV` environment variables, which you will need to set. The URL follows this format:
 
 ```text
-https://internal-dev.api.service.nhs.uk/pathology-laboratory-reporting-pr-{{PR_NUMBER}}/FHIR/R4/Bundle
+https://{{APIM_ENV}}.api.service.nhs.uk/pathology-laboratory-reporting-pr-{{PR_NUMBER}}/FHIR/R4/Bundle
 ```
@@ -2,5 +2,5 @@ vars:secret [
   PRIVATE_KEY_PATH,
   JWT_SECRET,
   PR_NUMBER,
-  auth_token
+  KID
 ]
@@ -5,7 +5,7 @@ meta {
 }
 
 post {
-  url: https://int.api.service.nhs.uk/patient-data-manager/FHIR/R4/
+  url: https://{{APIM_ENV}}.api.service.nhs.uk/patient-data-manager/FHIR/R4/
   body: json
   auth: inherit
 }

@@ -5,7 +5,7 @@ meta {
 }
 
 post {
-  url: https://int.api.service.nhs.uk/patient-data-manager/FHIR/R4/
+  url: https://{{APIM_ENV}}.api.service.nhs.uk/patient-data-manager/FHIR/R4/
   body: json
   auth: inherit
 }

@@ -1,6 +1,6 @@
 meta {
   name: Bundle
-  seq: 6
+  seq: 4
 }
 
 auth {

@@ -5,7 +5,7 @@ meta {
 }
 
 post {
-  url: https://int.api.service.nhs.uk/patient-data-manager/FHIR/R4/Bundle
+  url: https://{{APIM_ENV}}.api.service.nhs.uk/patient-data-manager/FHIR/R4/Bundle
   body: json
   auth: inherit
 }

@@ -5,7 +5,7 @@ meta {
 }
 
 post {
-  url: https://int.api.service.nhs.uk/patient-data-manager/FHIR/R4/Bundle
+  url: https://{{APIM_ENV}}.api.service.nhs.uk/patient-data-manager/FHIR/R4/Bundle
   body: json
   auth: inherit
 }

@@ -5,7 +5,7 @@ meta {
 }
 
 get {
-  url: https://int.api.service.nhs.uk/patient-data-manager/FHIR/R4/Bundle/6a0c6a4d-9941-35cf-b83d-76fa4b880a85
+  url: https://{{APIM_ENV}}.api.service.nhs.uk/patient-data-manager/FHIR/R4/Bundle/6a0c6a4d-9941-35cf-b83d-76fa4b880a85
   body: none
   auth: inherit
 }

@@ -1,6 +1,6 @@
 meta {
   name: Document
-  seq: 5
+  seq: 3
 }
 
 auth {

@@ -5,7 +5,7 @@ meta {
 }
 
 post {
-  url: https://int.api.service.nhs.uk/patient-data-manager/FHIR/R4/Observation
+  url: https://{{APIM_ENV}}.api.service.nhs.uk/patient-data-manager/FHIR/R4/Observation
   body: json
   auth: inherit
 }

@@ -5,7 +5,7 @@ meta {
 }
 
 get {
-  url: https://int.api.service.nhs.uk/patient-data-manager/FHIR/R4/Observation/ec5e3a08-a4fe-462b-b627-d553b53a66f2
+  url: https://{{APIM_ENV}}.api.service.nhs.uk/patient-data-manager/FHIR/R4/Observation/ec5e3a08-a4fe-462b-b627-d553b53a66f2
   body: none
   auth: inherit
 }

@@ -1,6 +1,6 @@
 meta {
   name: Observation
-  seq: 3
+  seq: 1
 }
 
 auth {

@@ -1,13 +1,9 @@
 # PDM Collection Setup
 
-## Install dependencies
-
-While in the dev container, navigate to the PDM collection directory and run the command `npm install`
-
 ## Authentication Setup
 
-Follow the instructions on this [confluence page](https://nhsd-confluence.digital.nhs.uk/x/ixnIT) to setup Bruno with the PDM INT Environment
+Follow the instructions on this [confluence page](https://nhsd-confluence.digital.nhs.uk/x/ixnIT) to setup Bruno with the PDM INT Environment. Authentication can then be completed via the `Get Auth Token` call within the `APIM` collection.
 
 ## Getting Auth Token
 
-Once you have completed the previous instructions you should be able to run the Get Auth Token request, once the request is complete it should copy the returned token into the `auth_token` environment variable. The collection has been setup to automatically use this variable to authenticate requests
+Once the `Get Auth Token` request is complete it should copy the returned token into the `auth_token` global environment variable. The collection has been setup to automatically use this variable to authenticate requests
@@ -5,7 +5,7 @@ meta {
 }
 
 post {
-  url: https://int.api.service.nhs.uk/patient-data-manager/FHIR/R4/Specimen
+  url: https://{{APIM_ENV}}.api.service.nhs.uk/patient-data-manager/FHIR/R4/Specimen
   body: json
   auth: inherit
 }

@@ -5,7 +5,7 @@ meta {
 }
 
 get {
-  url: https://int.api.service.nhs.uk/patient-data-manager/FHIR/R4/Specimen/6a0c6a4d-9941-35cf-b83d-76fa4b880a85
+  url: https://{{APIM_ENV}}.api.service.nhs.uk/patient-data-manager/FHIR/R4/Specimen/6a0c6a4d-9941-35cf-b83d-76fa4b880a85
   body: none
   auth: inherit
 }

@@ -1,6 +1,6 @@
 meta {
   name: Specimen
-  seq: 4
+  seq: 2
 }
 
 auth {
-Original file line number
+Diff line change
@@ -1,6 +1,6 @@
     meta {
       name: Bundle
-      seq: 6
+      seq: 4
     }
     auth {
@@ Expand Down @@