Table of Contents | ||||
---|---|---|---|---|
|
...
Request to process the request using a token in the headers
Headers
Наприклад:
Verify the validity of access token
Return 401 in case validation fails
Verify token is not expired
in case of error return 401
Check user scopes in order to perform this action (scope = 'episode:write')
Return 403 in case invalid scope(s)
Headers
Content-Type:application/json
Authorization:Bearer mF_9.B5f-4.1JqMapi{{access_token}}
API-key:aFBLVTZ6Z2dON1V{{secret}}
Request data validation
Validate patient status
Medical_data status for this patient must be in "active" status
in case of error return 409 - "Patient is not active"
Validate episode id is unique
$.id is unique
in case of error return 422 - "Episode with such id already exists"
Validate that episode number is unique$.number is uniquein case of error return 409 - "Episode with such number already exists. Episode number must be unique"
Validate request according to JSON Schema LINK
in case of error return 422
Validate type
according to legal entity type: Medical Events Dictionaries and configurations#legal_entity_episode_types
in case of error return 409 "Episode type <type> is forbidden for your legal entity type"
according to employee type: Medical Events Dictionaries and configurations#employee_episode_types
in case of error return 409 "Episode type <type> is forbidden for your employee type"
Validate status= "active"- resolved by JSON schemaValidate managing_organization
Only one item is allowed in coding array
in case of error return 422 "Only one item is allowed in "coding" array "
$.managing_organization.identifier.type.coding.[0].code = "legal_entity"
in case of error return 422 "Only legal_entity could be submitted as a managing_organization"
$.managing_organization.identifier.value = token.client_id
in case of error return 422 "Managing_organization does not correspond to user`s legal_entity"
$.managing_organization.identifier.type.coding.[0].system = "eHealth/resources"
in case of error return 422 "Submitted system is not allowed for this field"
Validate period
$.period.start <= current_date
in case of error return 422 - "Start date of episode must be in past"
$.period.end is absent
in case of error return 422 - "End date of episode could not be submitted on creation"
Validate care_manager
$.care_manager.identifier.type.coding.[0].code = "employee"
in case of error return 422 "Only employee could be submitted as a care_manager"
$.care_manager.identifier.type.coding.[0].system = "eHealth/resources"
in case of error return 422 "Submitted system is not allowed for this field"
$.care_manager.identifier.value must meet the following requirements
PRM.employee.type = "DOCTOR" OR "SPECIALIST" OR "ASSISTANT"
in case of error return 409 "Employee submitted as a care_manager is not in the list of allowed employee types"
PRM.employee.status= "active"
in case of error return 409 "Employee submitted as a care_manager is not active"
PRM.employee.legal_entity = token.client_id
in case of error return 409 "User can create an episode only for the doctor that works for the same legal_entity"
$.care_manager.identifier.value belongs to one of the user’s employee
in case of error return 422 "Employee is not care manager of episode"
...
|
Validate token
Verify the validity of access token
Return 401 in case validation fails
Verify token is not expired
in case of error return 401
Validate scopes
Check user scopes in order to perform this action (scope = 'episode:write')
...
Access to the resource is also managed by ABAC module.
...