In 2020 I was brought in to work on a new programme (API Management) and, for the first 2 years my role was focused on this. Key areas of that role:

• Architect and build of a new platform using Goole Apigee to service all internet facing National NHS APIs
• Working with OAuth and OIDC to secure the solution, including federation with NHS CIS2 and NHS login
• Contributing to the new Developer Hub area, including setting standards and writing guidance for publishers of APIs and consumers
• Working with the HL7 FHIR standard, and the Open API Specification (OAS) for documenting APIs
• Focused on setting up a fully automated assurance solution in the new Digital Onboarding Service

As well as contributing to the wider NHS Digital governance initiatives and complex compliance requirements, my role was split to work more with the Identity and Access Management group - looking primarily on the newer Care Identity Service (CIS2) which is based on OIDC, and adheres to the NIST AAL3 security standard.