...
Normally, NHN performs a code review as part of its acceptance process for software that calls national health APIs protected by HelseID. NHN also performs code reviews of APIs that protect sensitive health information. For other software NHN performs code reviews on a case-to-case basis. In special cases where the software supplier cannot share their source code an alternative approach can be discussed.
Software that only does user logon via HelseID | A code review or interview is recommended |
Software that only calls machine-to-machine APIs | A code review or interview is recommended |
Software that combines user logon with API access | A code review or interview is mandatory |
APIs protected by HelseID | A code review or interview is mandatory |
...