Versions Compared

Old Version 25

changes.mady.by.user Dmytro Omelchenko (SoE eHealth)

Saved on

compared with

New Version 26

changes.mady.by.user Dmytro Omelchenko (SoE eHealth)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel3

Purpose

Use this method to approve previously created Authentication method Request.

Specification

Page Properties

Link

https://ehealthmisapi1.docs.apiary.io/#reference/public.-medical-service-provider-integration-layer/persons/approve-authentication-method-request

Resource

/api/persons/{{id}}/authentication_method_requests/{{request_id}}/actions/approve

Scope

authentication_method_request:write

Components

Patient registry

Microservices

mpi/api

fe/admin-web

Protocol type

REST

Request type

PATCH

Sync/Async

Sync

Public/Private/Internal

Public

Preconditions

Authentication method Request must be created.

Logic

Use this method to approve previously created Authentication method Request.

In case if person's or third person's authent authentication_method is OTP, request example:

{ "verification_code": 7590 }

In case if authentication_method is OFFLINE, request body should be empty. Before approve patient's scanned documents should be uploaded to the (Signed URL's). All links are generated for one one-page document in jpeg format. Document should be no more than 10MB.

Input parameters

Input parameter

Values

Type

Description

Example

id

String

Person identifier

b075f148-7f93-4fc2-b2ec-2d81b19a9b7b

request_id

String

Request identifier

1096f147-7f93-3fc6-bddc-9d71b198fb7f

Request structure

See on Apiary

Example:

Expand
titleRequest example
Code Block
{
  "verification_code": 7489
}

Authorize

  1. Verify the validity of access token

    1. Return 401 in case validation fails

  2. Check scopes in order to perform this action (scope = 'authentication_method_request:write')

    1. Return 403 in case invalid scope(s)

Request to process the request using a token in the headers

Headers

  • Content-Type:application/json

  • Authorization:Bearer {{access_token}}

  • Api-key:{{secret}}

Request data validation

Check if Person should be sent for verification*

  • - please note,

(GraphQL) Create auth method refers to this validation.

Rules for validation of Persons

  1. Person has OFFLINE auth method (check in Request)

  2. Person's age >= no_self_auth_age and no_tax_id = true (check in DB)

  3. Person's age >= no_self_auth_age and Person’s tax_id is invalid: not match with birth date and gender (check in DB)

  4. Person’s age < no_self_auth_age and has document with type BIRTH_CERTIFICATE_FOREIGN (check in DB)

  5. Person’s age >= no_self_auth_age and has document with type PERMANENT_RESIDENCE_PERMIT (check in DB)

action = deactivate

  1. validate auth_method_request.auth_method_current:

    1. If auth_method_request.auth_method_current = OTP - Verificate sms (Invoke verification module to verify OTP (OTP Verification))

    2. If auth_method_request.auth_method_current = OFFLINE - verificate download documents ( Media Content Storage)

  2. Update authentication method request

    1. Change entity status in IL_DB.authentication_method_request to COMPLETED

    2. Set updated_at - now() (Get current date-time)

    3. Set updated_by - user_id (Extract user from token)

  3. Update mpi.person_authentication_method:

    1. set ended_at = now() (Get current date-time)

action = update

  1. validate auth_method_request.auth_method_current:

    • If auth_method_request.auth_method_current = OTP - Verificate sms (Invoke verification module to verify OTP (OTP Verification))

    • If auth_method_request.auth_method_current = OFFLINE - verificate download documents

  2. Update authentication method request

    1. Change entity status in IL_DB.authentication_method_request to COMPLETED

    2. Set updated_at - now() (Get current date-time)

    3. Set updated_by - user_id (Extract user from token)

  3. Update mpi.person_authentication_method:

    1. set alias (if it passed in request)

action = insert

  1. validate auth_method_request.auth_method_current:

    1. If auth_method_request.auth_method_current = OTP - Verificate sms (Invoke verification module to verify OTP (OTP Verification))

    2. If auth_method_request.auth_method_current = OFFLINE - verificate download documents

  2. If il.authentication_method_request.authentication_method.type = OFFLINE

    1. verificate download documents

  3. if type = THIRD_PERSON, set

    1. value = il.authentication_method_request.authentication_method.value

    2. alias = il.authentication_method_request.authentication_method.alias

    3. Start date: start_date = Current_date()

    4. End date:

      Code Block
      if (person.age < 14) { end_date =birth_date + no_self_auth_age - 1d;} else {  end_date = start_date + third_person_term;}

       

  4. Update authentication method request

    1. Change entity status in IL_DB.authentication_method_request to COMPLETED

    2. Set updated_at - now() (Get current date-time)

    3. Set updated_by - user_id (Extract user from token)

  5. Update mpi.person_asuthentication_methods

    1. If active il.authentication_method_request.authentication_method.type = OTP or OFFLINE or NA,

      1. person’s auth method that was before becomes inactive - set ended_at = now() (Get current date-time)

      2. set new auth_method in person_auth_methods. Set fields - type,phone_numer, alias(if it is in request)

  6. If il.authentication_method_request.authentication_method.type = THIRD_PERSON

    1. Add to table person_auth_methods row with type = third_person. Set fields - type,value, alias, ended_at,started_at

Processing

Send Person to verification process

checking Rule 01

  • If $.authenticationMethod.type = OFFLINE and action = insert then (
    verification is needed

    • Set MPI.persons.verification_status = VERIFICATION_NEEDED and

    • Set MPI.persons.verification_reason = AUTO and

    • Create StateChangeEvent in event manager with new verification status )

  • elseif $.authenticationMethod.type = OTP and action = insert and MPI.persons.verification_status != VERIFIED
    then (
    checking Rule 02-05

    • if (Person's age >= no_self_auth_age and no_tax_id = true) or
      (Person's age >= no_self_auth_age and Person’s tax_id is invalid: not match with birth date or gender or checksum) or
      (Person’s age < no_self_auth_age and has document with type BIRTH_CERTIFICATE_FOREIGN) or (Person’s age >= no_self_auth_age and has document with type PERMANENT_RESIDENCE_PERMIT) then
      manual verification is needed

      • Set MPI.persons.verification_status = VERIFICATION_NEEDED and

      • Set MPI.persons.verification_reason = RULES_TRIGGERED and

      • Create StateChangeEvent in event manager with new verification status

    • else
      person will be verified with Registers

      • Set MPI.persons.verification_status = VERIFICATION_NEEDED and

      • Set MPI.persons.verification_reason = RULES_PASSED and

      • Set MPI.persons.verification_comment = NULL and

      • Create StateChangeEvent in event manager with new verification status

)

Response structure

See on Apiary

Example:

Expand
titleResponse example
Code Block
{
  "meta": {
    "code": 201,
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "6617aeec-15e2-4d6f-b9bd-53559c358f97#17810"
  },
  "data": {
    "id": "b075f148-7f93-4fc2-b2ec-2d81b19a9b7b",
    "status": "COMPLETED",
    "channel": "MIS"
  }
}

Expand
titleResponse example
Code Block
{
  "meta": {
    "code": "422",
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "6617aeec-15e2-4d6f-b9bd-53559c358f97#17810"
  },
  "error": {
    "type": "request_malformed",
    "message": "This doctor has X declarations and could not sign more"
  }
}

HTTP status codes

Page Properties

HTTP status code

Message

What caused the error

 201

 

Completed

 422

 This doctor has X declarations and could not sign more

  Request is malformed