PTS API Release Notes

All notable changes to the PTS API will be documented in this file.

Subscribe to notifications on #ext-utv-pts on Slack to be notified when we announce new releases.

You'll also notice we often use icons to visualize our changes and their effect, but we've limited ourselves to the following;

  • 🌱 New Feature
  • 🍃 Improvement
  • 🔧 Bug Fix
  • 💥 Breaking Change
  • 🔒 Security

PTS API v0.5

Changes to how associate-parent handles $.cause

Deploy to Test: 30.09.2025 Deploy to Prod: TBA

These changes only affect POST /v0.5/access-restrictions/patient-safety/associate-parent, and you can still set $.cause for v0.3 and v0.4.

  • 💥 The $.cause field is no longer required
    • This value is automatically set to Derived if $.delayDeliveryUntil was recalculated based on the associated parent's $.delayDays and the specified $.delayFromTime; otherwise the value is set to Automated. The values Undefined and Manual can not be set as part of the associate-parent operation, but a parent can still have its $.cause set to any of these when it was created.

Changes to routes

Deploy to Test: 23.09.2025 Deploy to Prod: TBA

These changes affect all routes.

  • 💥 The route for patient safety has changed from /access-restrictions/patient-safety to /v0.5/access-restrictions/patient-safety, and as such we no longer require the api-version header. The older versions, e.g. v0.3 and v0.4 still live on the old route and requires the api-version header to switch between the two.

Changes to $.createdBy and $.createdTime

Deploy to Test: 23.09.2025 Deploy to Prod: TBA

These changes only affect POST /v0.5/access-restrictions/patient-safety

  • 🍃 Introduced stricter validation when creating restrictions for both Rekvisisjon and Svarrapport to ensure that only well-formed restrictions are created.
    • $.cause must be one of Manual or Automated
    • $.delayDays can only be used for Rekvisisjon
    • $.delayDeliveryUntil can only be used for Svarrapport
  • 💥Changed type of $.createdBy from HealthIdIdentifiersDtoV04 to AuditablePartyDtoV05 since neither OffId nor HprNumber are available through client credentials tokens, and thus haven't been persisted. Instead the new auditable party type consits of clientId, orgNrParent, orgNrChild and orgNrSupplier as extracted from the Helse ID token used to create or update the resource.
  • 💥 Replaced $.createdTime with $.createdDateTime

PTS API v0.4

TL;DR: This version removes support for Bearer tokens and adds support for DPoP tokens

Remove support for Bearer tokens; require DPoP

Deploy to Prod: 24.05.2025 Deploy to Prod: 24.05.2025

  • 💥 Removed Bearer authentication for /access-restrictions endpoints
  • 🌱🔒 Added DPoP authentication for /access-restrictions endpoints

PTS API v0.3

Improvements

Deploy to Prod: 23.03.2025 Deploy to Prod: 23.03.2025

  • 🍃 Results for POST /access-restrictions/patient-safety/_search is now ordered descending by created date