Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

...

Purpose

API paragraph not found

Specification

  1. Get Service Requests list

  2. Get Service Request details

Page Properties

...

Validations

...

idAPI_Specification

Link

Посилання на Apiary або Swagger

Resource

Посилання на ресурс, наприклад: /api/persons/create

Scope

Scope для доступу

Components

Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription

Microservices

Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC

Protocol type

Тип протоколу, який використовується запитом, наприклад: SOAP | REST

Request type

Тип запиту API, наприклад: GET, POST, PATCH…

Sync/Async

Метод є синхронним чи асинхронним?

Public/Private/Internal

Потрібно зазначити тип методу за ступенем доступності

Logic

  1. Return all service requests related to specified episode of care

    1. Find all encounters related to specified episode of care (Medical Events DB: $.encounters[*].episode.identifier.value == :episode_id)

    2. Find all service requests related to received encounters (Medical Events DB: $.service_requests[*].context.identifier.value IN :encounters)

...

Request structure

API paragraph not found

Authorize

  • Verify the validity of access token

    • Return (401, 'unauthorized') in case of validation fails

  • Verify that token is not expired

    • in case of error - return (401, 'unauthorized')

  • Check user scopes in order to perform this action (scope = 'service_request:read')

    1. Return (403, 'invalid scopes') in case of invalid scope(s)

Headers

API paragraph not found

Request data validation

Validate data consistency

  • Ensure that requested episode of care relates to requested patient

    1. Return (404, 'not found') in case of error

Check user privileges

If ANY of this rules is met - user has privileges to access this data

Otherwise - access to this data is denied. Return (403, 'forbidden')

Rule 1: User who has active declaration with patient is "authorized" to manage all patient's data

If ANY employee related to this user in this legal entity has active declaration with this patient - it has the privileges to access this data

...

Code Block
languagesql
SELECT d.id
FROM declarations d
WHERE d.legal_entity_id = :client_id
AND d.employee_id IN (:employees)
AND d.status IN ('active', 'pending_verification')
AND d.person_id = :patient_id;

Rule 2: User with active approval to this episode can view episode details and its child entities

TBD

Service logic

Return all service requests related to specified episode of care

...

Find all encounters related to specified episode of care (Medical Events DB: $.encounters[*].episode.identifier.value == :episode_id)

...

Processing

API paragraph not found

Response structure

API paragraph not found

Post-processing processes

API paragraph not found

HTTP status codes

API paragraph not found