...

Logic

1. If approval has resource != (care_plan & terms_of_service = ‘INPATIENT’ for care_plan & granted_to.employees.legal_entity_id = care_plans.managing_organization):

   1. If authentication_method_current.type = OTP

   2. system checks verification code via otp_verification service PATCH /verifications/:phone_number/actions/complete

   3. if verification code matches - change status to active

   4. If not - return error

2. If authentication_method_current.type = offline or null OR approval with resource = care_plan where terms_of_service = ‘INPATIENT’ for care_plan & granted_to.employees.legal_entity_id = care_plans.managing_organization:

   1. change status to active

3. Search if there exists active and not expired approvals with current patient_id, for the same granted_resources, granted_to and access_level as in request:

   • If found - set for existing approvals:

     • status = terminated

     • updated_at = now()

     • updated_by = current user

     • expired_at = now()

...

1. Verify the validity of access token

2. Check user scope approval:create in order to perform this action

Headers

Наприклад:

• Content-Type:application/json

• Authorization:Bearer d368a4b0-4a0e-457a-b267-32359fa6288f

...