...

1. If authentication_method_current.type = OTP

   1. system checks verification code via otp_verification service PATCH /verifications/:phone_number/actions/complete

   2. if verification code matches - change status to active

   3. If not - return error

2. If authentication_method_current.type = offline

   1. change status to active

3. Search if there exists active and not expired approvals with current patient_id, for the same granted_resources, granted_to and access_level as in request:

   • If found - set for existing approvals:

     • status = terminated

     • updated_at = now()

     • updated_by = current user

     • expired_at = now()

Request structure

See on Apiary

...

1. Verify the validity of access token

2. Check user scope approval:create in order to perform this action

Headers

Наприклад:

• Content-Type:application/json

• Authorization:Bearer d368a4b0-4a0e-457a-b267-32359fa6288f

...