This is a read-only, R4 FHIR API which aggregates data from all input routes, both FHIR and non-FHIR. The aggregation will perform STU3->R4 mappings as required. Complex access control applies since this contains data from multiple sources.

The data types available from this endpoint will be iteratively expanded over time, starting with Appointments. Please see the roadmap section for details of when other data types will be supported.

Note: although a Customer can read all the data they send to a Customer FHIR endpoint directly from that same endpoint, the Aggregated FHIR endpoint is the only mechanism by which others (including the patient) can read that data.

What you can do with this endpoint

  • Read data from other sources, even if it was provided in non-FHIR format

What you cannot do with this endpoint

  • Write data

  • Read resource types that have not been included in PKB's aggregation logic. Please see the Capabilities section for a list of which resource types have been included so far.

  • Read resources that you do not have authorisation to see. For example, a resource from a different organisation tagged with a privacy label that has not been granted to the caller.


Please see the "rest" section of the corresponding CapabilityStatement for details of which endpoints are supported:

Note: the above CapabilityStatement reflects which resource types are included in the aggregation logic, and therefore available from the Aggregated FHIR endpoint. Searches over other resource types will return an empty search result; you should not assume a “successful” response implies the corresponding resource type has been added to the aggregation logic.





OAuth 2.0 System Client Credentials

Callers should obtain an access token by using the OAuth 2.0 Client Credentials workflow.

Note: the token endpoint is different from the one used for the Facade and Messaging FHIR endpoints, and the tokens are not interoperable.




NHS Login

Pending - will support NHS Login “asserted login identity” flow

Patients without NHS Login


Non-patient users


Validation and business rules

In order for a FHIR resource (e.g. sent to a Customer FHIR endpoint) to be included in the aggregated data set, it must meet some business constraints. These are outlined below.

Further details pending.





Patient references

The aggregator will combine patients based on business identifiers provided on the Patient resource only. Other resource types must reference a Patient using the resource ID. When providing non-Patient resources, Customer integrations must ensure references to a Patient…

  • populate the “reference” element of a Reference. Business identifiers provided in the “identifier” element of a reference to a Patient will not be resolved by PKB.

  • are not contained references; they must refer to a Patient resource with a persistent identity

  • refer to a Patient resource on the same server.


Please see the Examples page for step-by-step examples of how to interact with this endpoint.


Please see the Aggregated Roadmap page for planned changes to this endpoint.