Versions Compared

Old Version 35

changes.mady.by.user Serhii Boldin (SoE eHealth)

Saved on

compared with

New Version 36

changes.mady.by.user Dmytro Kulibaba (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel3

Required parameters are marked with "*"

...

Purpose

...

This process describes adding an additional authentication method to an existing person, update authentication method and delete it.Confluence - https://e-health-ua.atlassian.net/wiki/x/FwC_J

Specification

...

Page Properties

Link

https://uaehealthapiehealthmisapi1.docs.apiary.io/#reference/public.-medical-service-provider-integration-layer/persons/create-authentication-method-request

Resource

/api/persons/{{id}}/authentication_method_requests

Scope

API paragraph not foundauthentication_method_request:write

Components

Patient registry

Microservices

API paragraph not found

Protocol type

API paragraph not foundREST

Request type

POST

Sync/Async

Sync

Public/Private/Internal

Public

Logic

...

API paragraph not found

Global and configurable parameters

...

Input parameter

Values

Type

Description

Example

id

String

Person identifier.

Required

b075f148-7f93-4fc2-b2ec-2d81b19a9b7b

Request structure

...

See on Apiary

Example:

Expand
titleRequest example
Code Block
{
  "object": {
    "action": "DEACTIVATE",
    "authentication_method": {
      "id": "7b100a9c-daaa-490e-b88d-2a911059b055"
    }
  }
}

Authorize

...

  1. Verify the validity of access token

    • Check user scope authentication_method_request:write in order to perform this action

Request to process the request using a token in the headers

Headers

...

Наприклад:

Content-Type:application/json

Authorization:Bearer c2778f3064753ea70de870a53795f5c9

api-key:uXhEczJ56adsfh3Ri9SUkc4en

Request data validation

...

Validate request

if action = deactivate

...

Code Block
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
  "action": "insert",
  "authentication_method": {
    "type": "THIRD_PERSON",
    "value": "d12888c0-1159-4296-8f03-a592c136f673",
    "phone_number` : "+380656779678",
    "alias": "roksolana"
    }
  }
}

Validate ids

Fiend value is person.id

  • validate person.id UUID

    • in case error return 404

  • search person by person.id in MPI or person.is_active = false

    • in case error return 404, "Such person doesn't exist"

  • validate that person is active ( person.status = active)

    • in case error return 409, "Such person isn't active"

  • validate that auth_method is active ( person.auth_method.ended_at > now())

    • in case error return 422, “Authentication method isn’t active”

...

Validate by actions

if action = deactivate

  1. Field type must be THIRD_PERSON. (where person_auth_method.id = $authentication_method.id)

    1. check this auth_method is not primary

    2. auth_method_current != NA

if action = update

  1. validate authentication_methods.id belong to this person. Search auth method of this person where  MPI.person_authentication_method.person_id = $.person.id

    1. in case error return 422, "such authentication method does not belong to this person"

  2. alias is required.

  3. auth_method_current != NA

if action = insert

  1. if type = OTP ,

    1. phone_number is required and value shouldn’t be set. And field alias is optional.

    2. validate that person.age >global_parameters.no_self_auth_age

    3. Verificate that il.authentication_method_request.authentication_method.phone_number is in DB.VERIFICATION.VERIFIED_PHONES

  2. if type = OFFLINE ,

    1. phone_numberand value shouldn’t be set . And field alias is optional.

    2. validate that person.age > global_parameters.no_self_auth_age

    3. auth_method_current != OFFLINE

      1. error - "Person already has auth method OFFLINE"

    4. auth_method_current = OTP ( if config AUTH_REQUEST_SECURITY_REDUCTION = False)

      1. error - Person cannot set OFFLINE auth method if person had OTP

  3. if type = THIRD_PERSON,

    1. value ,phone_number, alias are required.

    2. Validate phone_number with mpi.person_auth_method.phone_number where mpi.person_auth_method.person_id = auth_method_request.authentication_method.value

    3. auth_method_current != NA

    4. if config THIRD_PERSON_OFFLINE = False - validate that third_person has self method = OTP, else:

      1. error THIRD PERSON can't have OFFLINE self auth method type

validate value:

...

  1. validate person.

...

  1. id is UUID

    • in case error return 422

  2. search person

...

  1. by person.

...

  1. id in MPI 

    • in case error return 422, "such person doesn't exist"

  2. search person

...

  1. by person.

...

  1. id in MPI 

    • in case error return 422, "third person must be active"

  2. search third_person.age > prm.global_parameters.no_self_auth_age years:

    • in case error return 422, "third person must be adult"

  3. validate third_person.auth_method !=N/A

    • in case error return 422, "third person must has auth method OTP or OFFLINE"

  4. validate that person hasn’t this third_person isn’t already as third_person

Processing

...

Set auth_method_current

Set default auth method of person on IL.auth_method_request.auth_method_current - use function in mpi, that return primary auth method.

...

If auth_method_requests.auth_method_current = OTP 

Invoke Initialize OTP to generate one time password and send it where auth_method_requests.auth_method_current = OTP.

...

If auth_method_requests.auth_method_current = OFFLINE 

  1. Generate URL's with type person.{$.person.documents.[:].type} (or Generate URL's with type third_person.{$.third_person.documents.[:].type})

If action = insert and il.auth_method_request.authentication_method.type = OFFLINE:

  1. Generate URL's with type person.{$.person.documents.[:].type}

Response structure

...

See on Apiary

Example:

Expand
titleResponse example. Code: 201
Code Block
{
  "meta": {
    "code": 201,
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "6617aeec-15e2-4d6f-b9bd-53559c358f97#17810"
  },
  "data": {
    "id": "b075f148-7f93-4fc2-b2ec-2d81b19a9b7b",
    "status": "NEW",
    "channel": "MIS"
  },
  "urgent": {
    "authentication_method_current": [
      {
        "type": "OTP",
        "phone_number": "+38093*****81"
      }
    ],
    "documents": [
      {
        "type": "PASSPORT",
        "url": "https://storage.ehealth.world"
      }
    ]
  }
}

Expand
titleResponse example. Code: 422
Code Block
{
  "meta": {
    "code": "422",
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "6617aeec-15e2-4d6f-b9bd-53559c358f97#17810"
  },
  "error": {
    "type": "unverified",
    "message": "Unverified phone number"
  }
}

Post-processing processes

...

API paragraph not found

HTTP status codes

...

Page Properties

HTTP status code

Message

What caused the error

 201201

 Response

 

 

 422

404

Validation error

409

Validation error

422

  

Validation error