Versions Compared

Old Version 30

changes.mady.by.user Aleksandra Novokhatnia

Saved on

compared with

New Version 31

changes.mady.by.user Serhii Boldin (SoE eHealth)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel3

Required parameters are marked with "*"

Якщо інформації по відповідному параметру немає, потрібно зазначити: “APIparagraph not found”.

Purpose*

This process describes adding an additional authentication method to an existing person, update authentication method and delete it.

Use GET persom/{id}/ authentication_method to find authentication method' id of person

Table of Contents

Specification

Apiary

Authorize

  1. Verify the validity of access token

    • Check user scope authentication_method_request:write in order to perform this action

Get global parameters

Invoke Global parameters to get following parameter:Confluence - https://e-health-ua.atlassian.net/wiki/x/FwC_J

Specification*

Page Properties

Link

https://uaehealthapi.docs.apiary.io/#reference/public.-medical-service-provider-integration-layer/persons/create-authentication-method-request

Resource

/api/persons/{{id}}/authentication_method_requests

Scope

API paragraph not found

Components

API paragraph not found

Microservices

API paragraph not found

Protocol type

Тип протоколу, який використовується запитом, наприклад: SOAP | REST

Request type

POST

Sync/Async

Метод є синхронним чи асинхронним?

Logic*

API paragraph not found

Global and configurable parameters

Variable

Values

Description

phone_number_auth_limit

...

Check if in table person_authentication_methods  with type = OTP > N, then error 422, such a phone already exists more N times

third_person_limit

...

In table person_auth_methods with type = THIRD_PERSON > N, then error 422

third_person_term

person_with_third_person_limit

cURL example

Expand
titleRequest example
Code Block
curl -X GET \
  {:host}/prm/api/global_parameters

Input parameters

Input parameter

Values

Type

Description

Example

id

String

Person identifier

b075f148-7f93-4fc2-b2ec-2d81b19a9b7b

Request structure*

See on Apiary

Example:

Expand
titleRequest example
Code Block
{
  "object": {
    "action": "DEACTIVATE",
    "authentication_method": {
      "id": "7b100a9c-daaa-490e-b88d-2a911059b055"
    }
  }
}

Authorize*

  1. Verify the validity of access token

    • Check user scope authentication_method_request:write in order to perform this action

Request to process the request using a token in the headers

Headers*

Наприклад:

  • Content-Type:application/json

  • Authorization:Bearer c2778f3064753ea70de870a53795f5c9

  • api-key:uXhEczJ56adsfh3Ri9SUkc4en

Request data validation*

Validate request

if action = deactivate

Code Block
languagejson
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
  "action": "deactivate",
  "authentication_method": {
    "id": "057413fb-2c2e-4f33-b2d6-433469212744"
    }
  }
}

...

Code Block
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
  "action": "insert",
  "authentication_method": {
    "type": "THIRD_PERSON",
    "value": "d12888c0-1159-4296-8f03-a592c136f673",
    "phone_number` : "+380656779678",
    "alias": "roksolana"
    }
  }
}

Validate ids

Fiend value is person.id

  • validate person.id UUID

    • in case error return 404

  • search person by person.id in MPI or person.is_active = false

    • in case error return 404, "Such person doesn't exist"

  • validate that person is active ( person.status = active)

    • in case error return 409, "Such person isn't active"

  • validate that auth_method is active ( person.auth_method.ended_at > now())

    • in case error return 422, “Authentication method isn’t active”

Search auth requests by person id

 To prevent requests duplication search in il.auth_method_requests.person_id = $.person_id and il.auth_method_requests.status = NEW, then

Change status of all found person requests:

Code Block
SET   IL_DB.authentication_method_requests.status = 'CANCELED'
WHERE IL_DB.authentication_method_requests.id IN (:LIST)

Validate by actions

if action = deactivate

  1. Field type must be THIRD_PERSON. (where person_auth_method.id = $authentication_method.id)

    1. check this auth_method is not primary

    2. auth_method_current != NA

if action = update

  1. validate authentication_methods.id belong to this person. Search auth method of this person where  MPI.person_authentication_method.person_id = $.person.id

    1. in case error return 422, "such authentication method does not belong to this person"

  2. alias is required.

  3. auth_method_current != NA

if action = insert

  1. if type = OTP ,

    1. phone_number is required and value shouldn’t be set. And field alias is optional.

    2. validate that person.age >global_parameters.no_self_auth_age

    3. Verificate that il.authentication_method_request.authentication_method.phone_number is in DB.VERIFICATION.VERIFIED_PHONES

  2. if type = OFFLINE ,

    1. phone_numberand value shouldn’t be set . And field alias is optional.

    2. validate that person.age > global_parameters.no_self_auth_age

    3. auth_method_current != OFFLINE

      1. error - "Person already has auth method OFFLINE"

    4. auth_method_current = OTP ( if config AUTH_REQUEST_SECURITY_REDUCTION = False)

      1. error - Person cannot set OFFLINE auth method if person had OTP

  3. if type = THIRD_PERSON,

    1. value ,phone_number, alias are required.

    2. Validate phone_number with mpi.person_auth_method.phone_number where mpi.person_auth_method.person_id = auth_method_request.authentication_method.value

    3. auth_method_current != NA

    4. if config THIRD_PERSON_OFFLINE = False - validate that third_person has self method = OTP, else:

      1. error THIRD PERSON can't have OFFLINE self auth method type

...

  1. validate person.id is UUID

    • in case error return 422

  2. search person by person.id in MPI 

    • in case error return 422, "such person doesn't exist"

  3. search person by person.id in MPI 

    • in case error return 422, "third person must be active"

  4. search third_person.age > prm.global_parameters.no_self_auth_age years:

    • in case error return 422, "third person must be adult"

  5. validate third_person.auth_method !=N/A

    • in case error return 422, "third person must has auth method OTP or OFFLINE"

  6. validate that person hasn’t this third_person isn’t already as third_person

Processing*

Set auth_method_current

Set default auth method of person on IL.auth_method_request.auth_method_current - use function in mpi, that return primary auth method.

  • Validate that auth_method_current !=NA if

    • action = deactivate

    • action = update

    • action = insert and type= THIRD_PERSON and person.age>no_self_auth_method

  • else errror - “Person can't be authorized with NA authentication method

Generate verification code

If auth_method_requests.auth_method_current = OTP 

Invoke Initialize OTP to generate one time password and send it where auth_method_requests.auth_method_current = OTP.

cURL example

Code Block
curl -X POST \
  http://localhost:4000/verifications \
  -H 'content-type: application/json' \
  -d '{
  "phone_number": "+380936235985"
}'

Generate upload URL

If auth_method_requests.auth_method_current = OFFLINE 

...

  1. Generate URL's with type person.{$.person.documents.[:].type}

Response structure*

See on Apiary

Example:

Expand
titleResponse example
Code Block
{
  "meta": {
    "code": 201,
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "6617aeec-15e2-4d6f-b9bd-53559c358f97#17810"
  },
  "data": {
    "id": "b075f148-7f93-4fc2-b2ec-2d81b19a9b7b",
    "status": "NEW",
    "channel": "MIS"
  },
  "urgent": {
    "authentication_method_current": [
      {
        "type": "OTP",
        "phone_number": "+38093*****81"
      }
    ],
    "documents": [
      {
        "type": "PASSPORT",
        "url": "https://storage.ehealth.world"
      }
    ]
  }
}

Expand
titleResponse example
Code Block
{
  "meta": {
    "code": "422",
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "6617aeec-15e2-4d6f-b9bd-53559c358f97#17810"
  },
  "error": {
    "type": "unverified",
    "message": "Unverified phone number"
  }
}

Post-processing processes*

API paragraph not found

HTTP status codes*

Page Properties

HTTP status code

Message

What caused the error

 201

 

 

 422