Glossary of terms

Term

Definition

Adaptor

The Client Adaptor, Server Adaptor, and Enterprise Server Adaptor are a suites of Application Programming Interfaces (APIs) developed for secure, internet-based communication between a health care locations’ application and the Services Australia online claiming hub.

Adaptors are being replaced by the more modern web services technology.

Administrator (role)

The Administrator role in the Health Systems Developer Portal allows users to manage their organisation and subscribe to API products for the organisation/s for which they are a member.

Application Details Form (ADF)

Used to apply for NOI or NOC testing for an application. It can be accessed via the Certification tile on the home page of the Health Systems Developer Portal.

API

Application Programming Interface.

API event

An event such as response time, HTTP response code, payload of the request and response body, etc. An API event is logged each time an API operation is invoked via the gateway server.

API Gateway

Service that acts as a single entry point or ‘front door’ for provider APIs and back-end services. The API Gateway accepts and processes concurrent API calls, performs traffic management, authorisation and access control, monitoring, and API version management.

API operation

REST API call consisting of an HTTP verb and a URL path (endpoint). For example, GET http://myserver.com/api/users that returns a list of users.

API product

An API product is an API, or a collection of APIs which have been grouped into a package intended for a particular use. Products contain plans that developers can subscribe their application to.

Application

The application is the software product built by the software developer. It is also known as the Client System (CS), pharmacy dispensing software (PDS), or Practice Management Software (PMS).

On the Health Systems Developer Portal, the software development organisation populates their product details in the Application field(s) in the Your Applications tab.

Note: It is mandatory for the software developer to include a version number for their product, e.g. Application name V1.0.

Australian Business Hours

8:30 am to 5:00 pm AEDT/AEST on each Business Day

Australian Government Security Vetting Agency (AGSVA)

Currently within the Commonwealth Department of Defence which is responsible for the processing and granting of security clearances for the majority of Australian government agencies and state and territory agencies.

Australian Signals Directorate (ASD)

Australia’s national authority for signals intelligence and information security, currently within the Commonwealth Department of Defence

Authorised officer

The software product owner; often the CEO or director of the company. The authorised officer is responsible for signing the licence agreement, inviting and delegating user roles within the company and modifying organisation details.

B2B Device

The PRODA Business to Business (B2B) unattended pattern is used as the authentication and authorisation framework for web services APIs.

Each installation of an application that uses web services APIs needs to be registered as a B2B Device in the healthcare location’s PRODA Organisation. The term B2B Device is used interchangeably with Software Instance, as the instance of software resides on the device. The installation can be on a physical server, a virtual server (cloud) or a desk top computer.

Business day

Any day other than a Saturday, Sunday or public holiday (including public service holidays) throughout Australia. The Developer Liaison team provides notification of public holiday arrangements.

Certification

Once a third party software developer has developed their web services solution they are required to book in for testing with the Online Technical Support (OTS) Product Integration team. Previously the developer’s solution was called their product, however with the introduction of web services the solution is now referred to as the application. The application can be booked in for certification by clicking on the Certification tile in the portal which takes them to the Developer Testing Support System (DTSS).

After testing is passed the application will be granted a Notice of Integration (NOI) or Notice of Connection (NOC).

Client ID

Upon creation of an application in the Health Systems Developer Portal, a Client ID will be produced. The Client ID will be used in the web services transmission in the vendor testing environment as the X-IBM-Client-Id. This value is found in the headers of the APIs for each of the health programs (e.g. Medicare Online, ECLIPSE, PBS Online, AIR, and Aged Care).

The X-IBM-Client-Id for production transmissions will not have the same value as in the vendor test environment. Once your application has been issued with product certification, the Developer Liaison team will supply your production X-IBM-Client-Id via email.

Note. The Client ID used in the PRODA APIs is known as the ISAM Client ID and is supplied as part of your test data from the Developer Liaison team.

Client Secret

A Client Secret will be produced when an application is created in the Health Systems Developer Portal. An API can be configured to require that client applications supply their Client Secret with their Client ID.

The Client Secret is not currently used for any health systems APIs.

Cloud computing

A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Client system (CS)

See ‘Application’.

Developer (role)

The developer role in the Health Systems Developer Portal allows users to create applications and subscribe to API products for the organisation/s for which they are a member. The Developer role should be used for staff responsible for the technical implementation of APIs and don’t need to perform administration of the organisation in the portal.

Developer Liaison team

This team assists with all triaging, administrative and business issues raised by software developers. Responsibilities include processing Interface Agreements, access to the Health Systems Developer Portal, issuing test data for development in the vendor environment and general portal enquiries.

The team can be contacted at developerliaison@servicesaustralia.gov.au

Device

See ‘B2B Device’.

Device Activation Code (DAC)

Generated in PRODA when registering and refreshing the B2B Device. See ‘B2B Device’.

Developer Testing Support System (DTSS)

Part of the Health Systems Developer Portal that allows developers to manage the integration testing process for their software application. It is accessed using the Certification tile from the home page.

eBusiness Service Centre

Provides support to health care locations for production systems including:

  • PRODA
  • organisation service provider linking
  • PKI certificates
  • adaptors transmissions
  • web services transmissions.

They can be reached on 1800 700 199 or via email to ebusiness@servicesaustralia.gov.au

Email notification preferences

The email addresses supplied when registering for the Health Systems Developer Portal. They will be used when receiving email communications from Services Australia. The owner can update the email notification preferences on the Organisation Details tab.

Forum

The Health Systems Developer Portal forum provides an online collaborative space for software developers to interact with one another, share ideas and troubleshoot etc. This space is moderated and monitored by Developer Liaison staff.

Gateway

See ‘API Gateway’.

Head Office

The principal office of a business organisation, constituting the centre for administration and policy making.

The Hypertext Transfer Protocol (HTTP)

A stateless application-level protocol for distributed, collaborative, hypertext information systems.

Identity provider

A trusted provider that authenticates users looking to interact with a system.

For web services PRODA is the identity provider.

Intellectual property

The business names, copyrights, registered and unregistered designs, registered and unregistered trademarks, patents and patent applications, inventions, semi-conductors and circuit layouts, confidential information (whether in writing or recorded in any other form), know-how and other proprietary or personal rights arising from intellectual activity in the business, industrial, scientific, technical or artistic fields, whether created, formed or arising before or after the date of agreement to the Interface Agreement in Australia or elsewhere.

Interface Agreement

The Interface Agreement is a single, system agnostic agreement that a third party must sign to interface with Services Australia’s systems using the web services APIs. The 2018 licence agreements are still active until adaptor technology ceases in March 2022, but will only grant access to the web services APIs and documentation, not production access. To gain production access for the web services solution, the Interface Agreement will need to be accepted.

Integration Testing Result (ITR)

A document outlining the application details including: functionality, service type and versions that have been certified during the product certification process. The Developer Liaison team use the ITR to ensure the software developer’s application has the correct permissions made available in production. For web services the ITR will be issued via the DTSS.

JavaScript Object Notation (JSON)

An open-standard file format that uses human-readable text to transmit data objects consisting of object-property pairs and array data types (or any other serialisable value) between electronic devices.

JSON Web Key (JWK)

A JSON formatted cryptographic key. Refer to the Internet Engineering Task Force (IETF) request for comments 7517.

JSON Web Signature (JWS)

A JWT formatted digital signature, used to authenticate a client. Refer to the Internet Engineering Task Force (IETF) request for comments 7515.

JSON Web Token (JWT)

An Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. Refer to the Internet Engineering Task Force (IETF) request for comments 7519.

Jurisdiction

A State or Territory health department in its capacity as the developer and/or implementer of software applications. Jurisdictions that develop their own software products, undertake integration testing to interface their software with Services Australia’s digital health and aged care channels. All jurisdictions that use either their own or third party software also implement that software with their internal IT infrastructure.

Licence Agreement

A Licence Agreement is the legal contract between Services Australia and third party software developers who wish to interface with the agency’s adaptors. A separate licence agreement is required for each program the developer wishes to interface with.

By signing a 2018 Licence Agreement, current production access will be granted for the adaptor solution and access to the web services API and  documentation will be available. To gain production access for the web services solution, the Interface Agreement will need to be accepted. Refer to ‘Interface agreement’.

Location ID

See ‘Minor ID’.

Logic pack

A discrete software unit deployed within the adaptors solution that encapsulates a set of related business processes. The logic pack contains the relevant schema, data models, data formatting, parsing code, business rules and data validations. Logic packs are not applicable to the web services solution.

Medicare

Medicare is Australia’s universal health care system. More information is available on Services Australia’s website.

Minor ID

This is the software developer’s unique identifier which is created and designated by the Developer Liaison team. The Minor ID comprises 3 alpha followed by 5 numeric characters e.g. AAA00000.

Production Minor IDs are allocated by the developer to each site or location using the developer’s application. The Minor ID uniquely represents that site and should not be issued per business, organisation or ABN.

The Minor ID is also known as the Minor Customer ID, Location ID or Software ID.

News and Updates

This tab contains news and updates from Services Australia for users of the Health Systems Developer Portal, along with all editions of the Software Developer Newsletter. Real-time access to service status is also available on this page.

Notice of Connection (NOC)

A document issued by Services Australia to show that a specific version of a third party software application has been tested for use with online claiming for Healthcare Identifiers.

See ‘Certification’.

Notice of Integration (NOI)

A document issued by Services Australia to show that a specific version of a third party software application has been tested for use with online claiming for the functions specified in the NOI.

See ‘Certification’.

OAuth 2.0

OAuth 2.0 authorisation framework. Enables third-party applications access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. Refer to the Internet Engineering Task Force (IETF) request for comments 6749.

OAuth provider

The OAuth provider supplies the OAuth authentication for logins. PRODA is Services Australia’s OAuth provider.

Open Data Protocol (ODATA)

OData is an open protocol, which allows the creation and consumption of queryable and interoperable RESTful APIs in a simple and standard way.

Open Data Protocol is an International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) approved, OASIS Open standard that defines a set of best practices for building and consuming RESTful APIs. More information is available at https://www.odata.org/.

Organisation

The entity that owns APIs or applications that use APIs. A provider organisation owns APIs and associated plans, and can additionally own applications. A consumer organisation owns only applications.

For the Health Systems Developer Portal the provider organisation is Services Australia.

Online Technical Support (OTS) Product Integration team

This team assists software developers during integration testing of their application. Applications are tested in a production-like environment to ensure transmission and claims are legitimate including no errors.

The Product Integration Team can be contacted through the DTSS (See ‘DTSS’) or by emailing itest@servicesaustralia.gov.au

Online Technical Support (OTS) Software Vendor Technical Support Team

This team assists software developers with diagnosing and resolving technical issues during the development, testing and production stages.

The helpdesk can be contacted, 8.30am-5.00pm Monday to Friday (AEST/AEDT) excluding national public holidays on 1300 550 115 or via email for the particular channel you are developing:

Owner (role)

The owner or Authorised Officer is responsible for:

  • the initial registration of the organisation’s account in the Health Systems Developer Portal
  • accepting the Interface Agreement.

An owner has access to invite and delegate user roles within the organisation, modify the organisation details, add application/s and subscribe to APIs.

Path

Defines the route through which users access REST APIs. A path consists of one or more HTTP operations such as GET or POST.

Pharmacy Dispensing Software (PDS)

See ‘Application’.

Personal information

The meaning given by section 6(1) of the Privacy Act 1988 (Cth).

PKI Site Certificate RA number

Uniquely identifies the organisation that holds the Public Key Infrastructure (PKI) certificate to be able to authenticate adaptor transmissions. Also known as location certificate number.

Note: PKI RA numbers are not used for web services, but may need to be provided when linking to a web services ‘Service Provider’ in PRODA.

Practice Management Software/System (PMS)

See ‘Application’.

Privacy Commissioner

The officer appointed as the Privacy Commissioner under an Act of Parliament, or their successor.

Privileged access

Considered to be access which allows a user one or more of the following:

  • the ability to change key system configurations
  • the ability to change control parameters
  • access to audit and security monitoring information
  • the ability to circumvent security measures
  • access to data, files and accounts used by other users, including backups and media
  • special access for troubleshooting a system.

N.B. Privileged access is also known as Administrator access.

Provider Digital Access (PRODA)

The Services Australia online identity verification and authentication system. PRODA is used to validate the credentials of the Authorised Officer and any users with the administrator role to access the Health Systems Developer Portal, and to authenticate and manage identities for individuals and organisations using production web services APIs. PRODA is the replacement authentication solution for Public Key Infrastructure (PKI), which will cease on 13 March 22.

PRODA requires official documentation for a reference check.

PRODA Registration Authority (RA) number

Uniquely identifies an individual with a registered a PRODA account.

PRODA Organisation RA number

Also known as the Org RA or PRODA Org ID, it uniquely identifies an organisation or sub-organisation that has been registered in PRODA. It is generated after a director or a person that holds an associated role with the ABR registers the organisation in PRODA.

The PRODA Org ID is used for signing web services transmissions.

Product

Product can refer to:

  • the software product and any associated documentation created by a development organisation (see ‘Application’)
  • the API products, which are also called functions, produced by Services Australia and made available on the Health Systems Developer Portal.

Production support office

The physical location from where the application is supported and maintained.

Program

Government initiatives or schemes. Health Systems programs include:

  • Aged Care
  • Australian Immunisation Register
  • Healthcare Identifiers
  • Medicare Online, including Department of Veterans’ Affairs and ECLIPSE
  • Pharmaceutical Benefits Scheme
  • Pharmaceutical Benefits Scheme Authorities
  • PRODA

Protected Information

The information that is protected by any provision of an Act, regulation or other legislative instrument which requires secrecy or confidentiality in dealing with information, including but not limited to:

(a) section 135A of the National Health Act 1953 (Cth)

(b) section 130 of the National Health Insurance Act 1973 (Cth)

(c) Division 86 of the Aged Care Act 1997 (Cth), or

(d) Part 3 of the Healthcare Identifiers Act 2010 (Cth).

Proxy

API that forwards requests to a user-defined back-end resource and relays responses back to the calling application.

Registered/authenticated software developer

Software developers that have accepted the Interface Agreement or signed a 2018 Licence Agreement and their organisation has been set up in the Health Systems Developer Portal.

Release

Each stage of functionality implemented into production through the development and change process is called a release.

Relying Party

See ‘Service Provider’.

Representational State Transfer (REST)

Defines a set of architectural principles by which a developer can design web services that focus on a system’s resources, including how resource states are addressed and transferred over HTTP by a wide range of clients written in different languages.

RESTful

RESTful APIs enable the developer to develop any kind of web application with all possible CRUD (create, retrieve, update and delete) operations.

Role

Defines permissions that enable functionality for users. Each role has a different set of permissions. See ‘Administrator (role)’, ‘Developer (role)’, ‘Owner (role)’ and ‘Viewer (role)’.

Rivest–Shamir–Adleman (RSA)

A public-key cryptosystem that is widely used for secure data transmission.

Service provider

An entity that relies on PRODA for authentication of clients to use their API services. It is also known as a relying party.

Software development office

The location of where the software is being developed.

Software instance

See ‘B2B Device’.

Software product

See ‘Application’.

SoapUI

SoapUI is an open-source web service testing application for service-oriented architectures and representational state transfers. Its functionality covers web service inspection, invoking, development, simulation and mocking, functional testing, load and compliance testing.

A sample SoapUI Project & SoapUI User Guide is provided on the Developers Portal for each program to assist developers in developing their software and are optional to use.

Subscription

The means by which an application developer gains access to the resources provided by an API. An application developer uses the Health Systems Developer Portal to subscribe to the plan in which the API is published.

Support

Software developers are responsible for supporting the healthcare providers utilising their software.

Healthcare providers can receive support from Services Australia by contacting the eBusiness Service Centre on 1800 700 199.

See ‘Online Technical Support (OTS) Software Vendor Technical Support Team’ for information on support for developers.

Swagger

An open-source software framework backed by a large ecosystem of tools that helps developers design, build, document, and consume RESTful web services. While most users identify Swagger by the Swagger UI tool, the Swagger toolset includes support for automated documentation, code generation, and test-case generation.

TECH.SIS

Technical System Interface Specification. The TECH.SIS documents form part of the licenced development material on the Developer Portal. They provide software developers and Private Health Insurers with the function-specific technical information needed to develop for the agency’s web services programs.

Uniform Resource Identifier (URI)

A string of characters used to identify a resource. Such identification enables interaction with representations of the resource over a network, typically the World Wide Web, using specific protocols. Schemes specifying a concrete syntax and associated protocols define each URI. The most common form of URI is the Uniform Resource Locator (URL), frequently referred to as a web address. More rarely seen in usage is the Uniform Resource Name (URN), which was designed to complement URLs by providing a mechanism for the identification of resources in particular namespaces.

Uniform Resource Locator (URL)

See ‘URI’.

Uniform Resource Name (URN)

See ‘URI’.

Vendor testing environment

A deployment of Services Australia’s systems that allows third party developers to test their application’s interface with our systems. This environment is also used by the Integration Testing team to validate the third party’s application’s functions during product certification testing.

Viewer (role)

The viewer role on the Health Systems Developer Portal allows users view only access for the organisations they are a member of. A viewer can be a member of one or more organisations.

Webinar

A web-based seminar. A number of webinar videos for each health systems program have been loaded to the Health Systems Developer Portal under the User Documentation tab.

These videos are on a number of topics and may be useful to developers when they are developing their web services solution.

Web services

A piece of software that makes itself available over the internet and uses a standardised XML messaging system. It is an industry standard technology that is platform agnostic and allows developers to provide solutions on any operating system.

Services Australia is replacing its older adaptor technology with new web services functions.

Extensible Mark-up Language (XML)

A simple and flexible text format.

X-IBM-Client-Id

See ‘Client ID’.

YAML Ain't Markup Language (YAML)

A human-readable data serialisation language that is commonly used for configuration files, but could be used in many applications where data is being stored (e.g. debugging output) or transmitted (e.g. document headers).

YAML is used to define data requirements within the web service request.