REST API method / Метод REST API (настанова) (remove the link block before publishing the document)
...
Properties of a REST API method document
Document type | Метод REST API |
---|---|
Document title | [Document status] REST API [Назва методу] [ID методу] |
Guideline ID | GUI-0011 |
Author | @ |
Document version | 1 |
Document status | DRAFT |
Date of creation | ХХ.ХХ.ХХХХ (дата фінальної версії документа – RC або PROD) |
Date of update | ХХ.ХХ.ХХХХ (дата зміни версії) |
Method API ID | API-010-001-004-0375 |
Microservices (namespace) | MPI |
Component | Master Patient Index |
Component ID | COM-010-001 |
Link на API-специфікацію | |
Resource |
|
Scope | person_request:write |
Protocol type | REST |
Request type | POST |
Sync/Async | Sync |
Public/Private | Public |
...
GENDER
DOCUMENT_TYPE
ADDRESS_TYPE
COUNTRY
SETTLEMENT_TYPE
STREET_TYPE
PHONE_TYPE
AUTHENTICATION_METHOD
CONFIDANT_PERSON_TYPE
PREFERRED_WAY_COMMUNICATION
DOCUMENT_RELATIONSHIP_TYPE
Input parameters
Description of input parameters
Input parameter | Mandatory | Type | Description | Example | |
---|---|---|---|---|---|
1 | composition_id | M | String ($uuid) (path) | Composition object ID | 89678f60-4cdc-4fe3-ae83-e8b3ebd35c59 |
2 |
|
|
|
|
|
Request structure
See on API-specification
...
Verify the validity of access token
Return (401, 'Invalid access token') in case of validation fails
Verify that token is not expired
in case of error - return (401, 'Invalid access token')
Check user scopes in order to perform this action (scope = 'person_request:write')
Return (403, 'Your scope does not allow to access this resource. Missing allowances: person_request:write') in case of invalid scope(s)
validate client_id belongs to legal_entity with type in ('MSP', 'OUTPATIENT', 'EMERGENCY', 'PRIMARY_CARE')
Return (401, 'Invalid legal entity type') in case of validation fails
If BLOCK_UNVERIFIED_PARTY_USERS is true, then check party's data match following condition: verification_status != NOT_VERIFIED or (verification_status = NOT_VERIFIED and updated_at <= current_date - UNVERIFIED_PARTY_PERIOD_DAYS_ALLOWED):
in case not match - return 403 ("Access denied. Party is not verified")
If BLOCK_DECEASED_PARTY_USERS is true, check that party is not deceased (party_verification record does not equal to: dracs_death_verification_status = VERIFIED and dracs_death_verification_reason = MANUAL_CONFIRMED):
in case of error - return 403 ("Access denied. Party is deceased")
validate user belongs to employee with type in "Doctor, Specialist, Receptionist, Assistant"in case error return 409
Headers
Key | Value | Mandatory | Description | Example | |
---|---|---|---|---|---|
1 | Content-Type | application/json | Тип контенту | Content-Type:application/json | |
2 | Authorization | Bearer {{access_token}} | Перевірка користувача | Authorization:Bearer {{access_token}} | |
3 | api-key | {{secret}} |
| Секретний ключ | api-key:{{secret}} |
Request data validation
Validate request
Validate request using JSON schema
Check presence of extra parameters
In case of error - return 422 ('schema does not allow additional properties')
Check presence of required parameters
In case of error - return 422 ('required property %{property} was not present')
...
title | JSON Schema |
---|
...
api-key:{{secret}} |
Request data validation
Validate request
Validate request using JSON schema
Check presence of extra parameters
In case of error - return 422 ('schema does not allow additional properties')
Check presence of required parameters
In case of error - return 422 ('required property %{property} was not present')
Expand | ||
---|---|---|
| ||
|
Validate confidant person
...
issued_at, issued_by is mandatory for documents
Validate dates
issued_at <= now() and issued_at => birth_date
in case `issued_at > now()` show error 422, "Document issued date should be in the past"
in case `issued_at < person.birth_date` show error 422, "Document issued date should greater than person.birth_date "
expiration_date > now()
in case error show 422, "Document expiration_date should be in future"
expiration_date is mandatory for document_type
NATIONAL_ID
COMPLEMENTARY_PROTECTION_CERTIFICATE
PERMANENT_RESIDENCE_PERMIT
REFUGEE_CERTIFICATE
TEMPORARY_CERTIFICATE
TEMPORARY_PASSPORT
in case error return 422, "expiration_date is mandatory for document_type $.documents.type"
Validate documents_type.number according to json schema
PASSPORT - `^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$`
NATIONAL_ID - `^[0-9]{9}$`
BIRTH_CERTIFICATE - `^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$`
COMPLEMENTARY_PROTECTION_CERTIFICATE - `^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$`
REFUGEE_CERTIFICATE - `^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$`
TEMPORARY_CERTIFICATE - `^(((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{4,6}|[0-9]{9}|((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{5}\\/[0-9]{5})$`
TEMPORARY_PASSPORT - `^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$`
if unzr exists and is not null, check pattern match
"^[0-9]{8}-[0-9]{5}$"
in case error return 422, msg 'string does not match pattern \"%{pattern}\"'
if documents.type=NATIONAL_ID
check if unzr exists in request, in case error return 422, msg "unzr is mandatory for document type NATIONAL_ID"
Document numbersmaxLength < 25
...
If person <prm.global_parameters.no_self_auth_age years, then person.auth_methods.type =
third_person
. Validate that third_person has auth method.type = OTPif third_person.auth_method.type = OFFLINE - error `THIRD PERSON can't have OFFLINE self auth method type`
if third_person.auth_method.type doesn't have active auth method - error `THIRD PERSON doesn't have active valid authentication methods`
If third person >= prm.global_parameters.no_self_auth_age years
in case error return 422, msg "Incorrect person age for such an action"
...
Person.auth_methods.type = third_persont.id. But on get Person request
or Person
display third_person.auth_method.phone_number.
...
Each link is generated for one one-page document in .pdf, .jpg, .png, .bmp format. Document should be no more than 20 MB. For each type of documents, if couple of rules worked - only one single link is generated.
Validate flag no_tax_id, if $.person_request.person.no_tax_id = true:Generate URL with type person.no_tax_id
Validate if $.person_request.person.tax_id is not empty and $.person_request.person.no_tax_id = false thenIf (GetBirthDateFromTaxId($.tax_id) != $.birth_date) or (GetGenderFromTaxId($.tax_id) != $.gender) or CheckValidity($.tax_id) = false (i.e. invalid checksum) thenGenerate URL with type person.tax_id
Validate block confidant person. If person.confidant is not null:
Generate URL's with type confidant_person.{confidant_person.type}.{$.person_request.person.confidant_person.[:].documents_relationship.[:].type}
Generate URL's with type confidant_person.{confidant_person.type}.{$.person_request.person.confidant_person.[:].documents_person.[:].type}
Validate block of person documents. If one of the documents has document.type = BIRTH_CERTIFICATE_FOREIGN and there is no same document in {$.person_request.person.confidant_person.[:].documents_relationship.[:]}
and age < no_self_auth_age then
Generate URL with type person.{$.person_request.person.documents.[with type BIRTH_CERTIFICATE_FOREIGN].type}
Validate block of person documents. If one of the documents has document.type = PERMANENT_RESIDENCE_PERMIT and age >= no_self_auth_age then
Generate URL with type person.{$.person_request.person.documents.[with type PERMANENT_RESIDENCE_PERMIT].type}
Validate authentication_method. If authentication method = OFFLINE or third_person (and this third_person.auth_method = OFFLINE) -
Generate URL's with type person.{$.person_request.person.documents.[:].type} (or Generate URL's with type third_person.{$.third_person.documents.[:].type})
Validate unzr. If $.person_request.person.unzr is not empty and first 8 digits of $.person_request.person.unzr != $.person_request.person.birth_date then
Generate URL with type person.{$.person_request.person.unzr}
Invoke Media Content Storage to generate upload URL for each document obtained by executing logic above
...
Update person’s data with empty value of the second name is possible by setting second_name = null
.
Authorize
Verify the validity of access token
Check user scope person_request:write in order to perform this action
Request data validation
Validate request
...
Each link is generated for one one-page document in jpeg format. Document should be no more than 10MB. For each type of documents only one single link is generated.
Validate flag no_tax_id, if $.person_request.person.no_tax_id = true:Generate URL with type person.no_tax_id
Validate if $.person_request.person.tax_id is not empty and $.person_request.person.no_tax_id = false thenIf (GetBirthDateFromTaxId($.tax_id) != $.birth_date) or (GetGenderFromTaxId($.tax_id) != $.gender) or CheckValidity($.tax_id) = false (i.e. invalid checksum) thenGenerate URL with type person.tax_id
Validate block confidant person. If person.confidant is not null:
Generate URLs with type confidant_person.{confidant_person.type}.{$.person_request.person.confidant_person.[:].documents_relationship.[:].type}
Generate URLs with type confidant_person.{confidant_person.type}.{$.person_request.person.confidant_person.[:].documents_person.[:].type}
Validate block of person documents. If one of the documents has document.type = BIRTH_CERTIFICATE_FOREIGN and there is no same document in {$.person_request.person.confidant_person.[:].documents_relationship.[:]}
and age < no_self_auth_age then
Generate URL with type person.{$.person_request.person.documents.[with type BIRTH_CERTIFICATE_FOREIGN].type}
Validate block of person documents. If one of the documents has document.type = PERMANENT_RESIDENCE_PERMIT and age >= no_self_auth_age then
Generate URL with type person.{$.person_request.person.documents.[with type PERMANENT_RESIDENCE_PERMIT].type}
Validate authentication_method. If authentication method = OFFLINE or third_person (and this third_person.auth_method = OFFLINE) -
Generate URLs with type person.{$.person_request.person.documents.[:].type} (or Generate URL's with type third_person.{$.third_person.documents.[:].type})
Validate unzr. If $.person_request.person.unzr is not empty and first 8 digits of $.person_request.person.unzr != $.person_request.person.birth_date then
Generate URL with type person.{$.person_request.person.unzr}
Code Block |
---|
{
"documents":[
{
"type":"person.no_tax_id",
"url": "https://storage.googleapis.com/..."
}
]
} |
Save documents to DB.
Generate verification code
...
Response code | HTTP Status code | Message | Internal name | Description | |
---|---|---|---|---|---|
1 | Базові | ||||
2 | 201 | Response | |||
3 | 401 | Invalid access token | |||
4 | 401 | Invalid legal entity type | |||
5 | 403 | Access denied. Party is not verified | |||
6 | 403 | Your scope does not allow to access this resource. Missing allowances: person_request:write | |||
7 | 409 | Invalid legal entity type | |||
8 | 409 | Such person can't be updated. Deduplication update score is lower than system value (less changes should be made) | |||
9 | 409 | Such person exists. Update this person | |||
10 |
| 422 | Confidant person is mandatory for children |
| |
11 | 422 | Cannot be confirmed by a method with type= NA. Use a different method. | |||
12 | 422 | Document expiration_date should be in future | |||
13 | 422 | Document issued date should be in the past | |||
14 | 422 | Document issued date should greater than person.birth_date | |||
15 | 422 | Expiration_date is mandatory for document_type $.documents.type | |||
16 | 422 | Incorrect person age for such an action | |||
17 | 422 | Required property %{property} was not present | |||
18 | 422 | Required property patient_signed was not present | |||
19 | 422 | Schema does not allow additional properties | |||
20 | 422 | String does not match pattern ... | |||
21 | 422 | Such person doesn't exist | |||
22 | 422 | Such a phone already exists more N times | |||
23 | 422 | Such authentication method doesn't exist | |||
24 | 422 | Such authentication method does not belong to this person | |||
25 | 422 | This phone number is present more then $.global_parameters.phone_number_auth_limit times in the system | |||
26 | 422 | Unverified phone number | |||
27 | 422 | Unzr is mandatory for document type NATIONAL_ID | |||
28 | 422 | Unzr or birthdate are not correct | |||
29 | 422 | Value is not allowed in enum | |||
30 | Специфічні | ||||
31 |
| 422 | Only for active MPI record can be created medication request! |
|
|
Post-processing processes
Description of actions performed on data after processing
Technical modules where the method is used
List of pages describing technical modules where the method is used
Название | ID ТМ | Статус |
---|---|---|
TM0112 | ||
...