| API / Server / Resource server |
A server-side API, including API gateways acting as reverse proxies. Categorised as Open, internal or client specific. See Appendix A. |
| API Consumer team / Consumer |
Individuals or teams integrating APIs into client applications. Typically developers or software professionals. |
| API Platform team / Platform team |
Manages Apigee tools and standards, simplifying API implementation. |
| API Producer team |
Develops backend APIs. Teams can be internal or third-party. |
| Authorisation grant |
Credential representing the end user's authorisation of a client to access API resources. |
| Breaking change |
An update that causes existing dependent code to fail or behave unexpectedly. |
| Calling Application / Client / Client application |
A software application making API requests. Clients may be Public (e.g. Single Page Applications) or Confidential (e.g. server-side web applications). |
| End User / Resource owner / User |
The user who controls access to specific API resources. |
| End User Delegation / Delegation |
Allows users to grant clients permission to access API resources. |
| Endpoint |
The URL or URI representing a unique API resource. |
| FHIR Profile |
Defines constraints, extensions, and specific use cases for FHIR resources tailored for healthcare systems or domains. |
| Namespace |
A group of related endpoints providing specific functionality or hierarchy, ensuring clarity and avoiding naming conflicts. |
| NHS Wales Identity Provider |
Secure Token Service issuing OAuth and OpenID Connect tokens for authentication and authorisation. |
| Proxy |
Middleware enhancing security, analytics, and API management, acting as a gateway to backend APIs. |
| Resource(s) / resource model(s) |
Data fields representing objects, accessible via unique URLs or endpoints, forming the API's core. |
| Service / System |
A system exposing one or more API endpoints. Sometimes used interchangeably with Namespace. |