Required parameters are marked with "*"

Якщо інформації по відповідному параметру немає, потрібно зазначити: “APIparagraph not found”.

Purpose*

This WS intended to get detailed information of patient approval.

Specification

...

Apiary

...

*

Logic*

Returns approval details by it's identifier in patient context. It is allowed only for the doctor who has an active declaration with a patient from url (can get all approvals) or approval is granted to user (can get own approval).

Input parameters

Request structure*

API paragraph not found

Authorize*

• Verify the validity of access token

  • Return (401, 'Invalid access token') in case of validation fails

• Verify that token is not expired

  • in case of error - return (401, 'Invalid access token')

• Check user scopes in order to perform this action (scope = 'approval:read')

  • Return (403, 'Your scope does not allow to access this resource. Missing allowances: approval:read') in case of invalid scope(s)

Request to process the request using a token in the headers

Headers*

Наприклад:

• Content-Type:application/json

• Authorization:Bearer c2778f3064753ea70de870a53795f5c9

• api-key:uXhEczJ56adsfh3Ri9SUkc4en

Request data validation*

Validate Patient

• Get Patient identifier from the URL

• Check it exists in DB

  • Return 404 ('not found') in case of error

...

• Extract user_id from token.

• Check user has an active declaration with a patient from URL (can get all approvals) or approval is granted to user (can get own approval):

  • Return 200 with empty array in case the employee doesn't have an active declaration with the patient or approval is granted to user

Processing*

Service logic

Service returns detailed information of the patient approval:

• Get approval by patient_id and approval id from approvals collection (MongoDB)

• Render a response according to specification.

• Block “authentication_method_current” represents the type of auth method and the telephone number (for methods with ability to specify it)

Response structure*

See on Apiary

Example:

{
  "meta": {
    "code": 200,
    "url": "http://example.com/resource",
    "type": "object",
    "request_id": "req-adasdoijasdojsda"
  },
  "data": {
    "id": "d5a5d991-0bf7-476f-b3cf-bec73f044b2e",
    "granted_resources": [
      {
        "identifier": {
          "type": {
            "coding": [
              {
                "system": "eHealth/resources",
                "code": "episode_of_care"
              }
            ]
          },
          "value": "d5a5d991-0bf7-476f-b3cf-bec73f044b2e"
        },
        "display_value": "null"
      }
    ],
    "granted_to": {
      "identifier": {
        "type": {
          "coding": [
            {
              "system": "eHealth/resources",
              "code": "employee"
            }
          ]
        },
        "value": "9183a36b-4d45-4244-9339-63d81cd08d9c"
      },
      "display_value": "null"
    },
    "expires_at": 1498749591,
    "reason": {
      "identifier": {
        "type": {
          "coding": [
            {
              "system": "eHealth/resources",
              "code": "service_request"
            }
          ]
        },
        "value": "9183a36b-4d45-4244-9339-63d81cd08d9c"
      },
      "display_value": "null"
    },
    "status": "new",
    "access_level": "read",
    "authentication_method_current": {
      "type": "OTP",
      "number": "+38093*****85"
    }
  }
}

Post-processing processes*

API paragraph not found

HTTP status codes*