PTS API Release Notes

All notable changes to the PTS API will be documented in this file.

Subscribe to notifications on #ext-utv-pts on Slack to be notified when we announce new releases.

You'll also notice we often use icons to visualize our changes and their effect, but we've limited ourselves to the following;

  • ๐ŸŒฑ New Feature
  • ๐Ÿƒ Improvement
  • ๐Ÿ”ง Bug Fix
  • ๐Ÿ’ฅ Breaking Change
  • ๐Ÿ”’ Security

PTS API v0.5

Changes to how associate-parent handles $.cause

Deploy to Test: 30.09.2025 Deploy to Prod: TBA

These changes only affect POST /v0.5/access-restrictions/patient-safety/associate-parent, and you can still set $.cause for v0.3 and v0.4.

  • ๐Ÿƒ The $.cause field is no longer required
    • This value is automatically set to Derived if a child restriction was created from its parent. Behaviour has not changed, and as such $.delayDeliveryUntil is still calculated based on the associated parent's $.delayDays and the specified $.delayFromTime. There are are also scenarios where this value isn't calculated, e.g. if the confidentiality code of the parent is N.

Changes to routes

Deploy to Test: 23.09.2025 Deploy to Prod: TBA

These changes affect all routes.

  • ๐Ÿ’ฅ The route for patient safety has changed from /access-restrictions/patient-safety to /v0.5/access-restrictions/patient-safety, and as such we no longer require the api-version header. The older versions, e.g. v0.3 and v0.4 still live on the old route and requires the api-version header to switch between the two.

Changes to $.createdBy and $.createdTime

Deploy to Test: 23.09.2025 Deploy to Prod: TBA

These changes only affect POST /v0.5/access-restrictions/patient-safety

  • ๐Ÿƒ Introduced stricter validation when creating restrictions for both Rekvisisjon and Svarrapport to ensure that only well-formed restrictions are created.
    • $.cause must be one of Manual or Automated
    • $.delayDays can only be used for Rekvisisjon
    • $.delayDeliveryUntil can only be used for Svarrapport
  • ๐Ÿ’ฅChanged type of $.createdBy from HealthIdIdentifiersDtoV04 to AuditablePartyDtoV05 since neither OffId nor HprNumber are available through client credentials tokens, and thus haven't been persisted. Instead the new auditable party type consits of clientId, orgNrParent, orgNrChild and orgNrSupplier as extracted from the Helse ID token used to create or update the resource.
  • ๐Ÿ’ฅ Replaced $.createdTime with $.createdDateTime

PTS API v0.4

TL;DR: This version removes support for Bearer tokens and adds support for DPoP tokens

Remove support for Bearer tokens; require DPoP

Deploy to Prod: 24.05.2025 Deploy to Prod: 24.05.2025

  • ๐Ÿ’ฅ Removed Bearer authentication for /access-restrictions endpoints
  • ๐ŸŒฑ๐Ÿ”’ Added DPoP authentication for /access-restrictions endpoints

PTS API v0.3

Improvements

Deploy to Prod: 23.03.2025 Deploy to Prod: 23.03.2025

  • ๐Ÿƒ Results for POST /access-restrictions/patient-safety/_search is now ordered descending by created date