Info |
---|
/wiki/spaces/EN/pages/17591304241 (remove the link block before publishing the document) |
Table of Contents |
---|
Properties of a REST API method document
Page Properties | ||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||||||||||
|
Purpose
The process is initiated by responsible person from NHS side which created and approved contract request previously and involves the transfer of a signed contract request with electronic digital signature.
...
Contract must be 2 time signed: from legal_entity and NHS sides. There is a particular order who must signed first - NHS side. After that legal entity owner can either sign contract request (will be created contract) or terminate contract request.
Logic
This WS is designed to sign contract request from NHS side. Contract request's status must be ='PENDING_NHS_SIGN'. Method receives signed message (pkcs7) including signed content, digital signature, digital stamp and signer public key in signed_content property. All signature fields will be validated (including signer certificate authority).This service will store signed copy of Contract Request in Media Content Storage. Signed content MUST consists of JSON object with Contract Request data and printout template. Object that need to be signed is returned by Get Contract request details response, JSON.Path: $.data. data.prinout content must be changed to Print out content taken from Get Contract Request Printout Content
In DS EDRPOU/DRFO must be equal to contractor_legal_entity.edrpou
Configuration parameters
Description of the configuration parameters that are used when processing a request in the system
Dictionaries
Provides a list of links to dictionaries that are available in Confluence
Input parameters
Description of input parameters
Input parameter | Mandatory | Type | Description | Example | |
---|---|---|---|---|---|
1 | id |
| String |
|
|
2 |
Request structure
See on API-specification (посилання на сторінку з API-специфікацією)
Description of the REST API request structure, example
Expand | ||
---|---|---|
| ||
|
Headers
Key | Value | Mandatory | Description | Example | |
---|---|---|---|---|---|
1 | Content-Type | application/json | M | Тип контенту | Content-Type:application/json |
2 | Authorization | Bearer c2778f3064753ea70de870a53795f5c9 | M | Перевірка користувача | Authorization:Bearer c2778f3064753ea70de870a53795f5c9 |
3 |
Request data validation
Validate EDRPOU
Check that EDRPOU in Certificate details exists and not empty
in case of error return 422 error ('Invalid EDRPOU in DS')
Check that EDRPOU in Certificate details is equal to EDRPOU in legal entity
Get client_id from token.
Find prm.legal_entities id by client_id
Compare EDRPOU in Certificate with legal_entities.edrpou
In case validation fails - generate 422 error
Get party.last_name using nhs_signer_id from contract_request
employees.employee_id=nhs_signer_id and client_id=employee.legal_entity_id → party.last_name
Convert prm.parties.LAST_NAME and Certificate details.SURNAME to uppercase
Compare prm.parties.LAST_NAME and Certificate details.SURNAME as Cyrillic letters
In case validation fails - generate 422 error
Validate DRFO
Get parties.tax_id using party_users.party_id by user_id.
Compare DRFO in Certificate with party.tax_id
Convert DRFO and TAX_ID to uppercase
Compare DRFO and TAX_ID as Cyrillic letters
Convert DRFO to Cyrillic and compare as Cyrillic letters
In case validation fails - generate 422 error
Validate Digital Stamp
Check that EDRPOU in Digital Stamp details exists and not empty
in case of error return 422 error ('Invalid EDRPOU in DS')
Check that EDRPOU in Certificate details is equal to EDRPOU in legal entity
Get client_id from token.
Find prm.legal_entities id by client_id
Compare EDRPOU in Certificate with legal_entities.edrpou
In case validation fails - generate 422 error
Check that EDRPOU in Digital Stamp details is equal to EDRPOU in Digital signature
Get EDRPOU from Digital signature.
Get EDRPOU from Digital Stamp.
Compare EDRPOU in Digital signature with Digital signature
In case validation fails - generate 422 error
Check employee
Contract_request can be signed by owner or nhs_signer with necessary scopes in equal legal_entity_id and same id as was previously input in contract_request.
Extract legal_entity_id (client_id) from token. Take contract_request_id.
Check client_id=nhs_legal_entity_id (nhs_side) - in case of error return 403 Error ('Invalid client id')
Validate that contract_request hasn't been signed by nhs_side already
Check if status= 'PENDING_NHS_SIGNED'
In case of error return 422 error ('The contract can't be signed by status')
Digital signature
Decode content that is encrypted in an electronic digital signature.
Use Digital signature WS. Method checks digital signature and returns result.
Check signed content
Check decoded signed content with previously created on IL.db.
...
In case if they are not equal - generate 422 error (message: "Signed content does not match the previously created content")
Validate request
Validate request using JSON schema
In case validation fails - generate 422 error
Check contract request status
If status is not PENDING_NHS_SIGN - return error 422 'Incorrect status'
Validate contractor_divisions
Check divisions belongs to legal_entity and divisions.status='active'
in case of error return 422 error view $divisions ('Division must be active and within current legal_entity')
Capitation only: Validate contractor_employee_divisions
Employees from employee_divisions has employee_type='DOCTOR', status='APPROVED'
in case of error return 422 error view $employee ('Employee must be an active DOCTOR')
Check contractor_employee_divisions.division_id is present in contractor_divisions.id
in case of error return 422 error $divisions ('The division is not belong to contractor_divisions')
Check contract_number is null
in case of error return 422 error view $employee ('Employee can't be updated via Contract Request')
Validate start_date
start_date>now()
in case of error return 422 error $start_date ('Start date must be greater than create date')
Check whether all id is resolved and valid. For
contractor_legal_entity_id and nhs_legal_entity_id in status='active' and nhs_verified = true (prm.legal_entities)
contractor_owner_id and nhs_signer_id in status = 'APPROVED' (prm.employees)
Invoke service Get Printout Form by Contract Request ID and compare to $printout_content from request
in case of error return 422 error $printout_content ('Invalid printout content')
Reimbursement only: Validate medical_program_id is an ID of an ACTIVE medical program with type 'medication'
in case of error return 409: "Program is not active"
For Capitation only: do not sing optional fields
contractor_employee_divisions, external_contractor_flag and external_contractors
Processing
Save signed contract to media storage
Get url for declaration upload
...
Upload signed contract to media storage.
Save Printout form
After status is changed to NHS_SIGNED save printout_content to db.contract_requests.printout_content by $contract_id
Update contract request
Change contract_request.status='NHS_SIGNED'
set nhs_signed_date=now()::date
Add status to event manager
After status was changed (status = NHS_SIGNED) - add new status to event_manager
...
field | value |
---|---|
|
|
| Contract_request |
| $.id |
| $.status |
| $.update_at |
| $. |
Dictionaries
CONTRACT_PAYMENT_METHOD
CONTRACT_TYPE
REIMBURSEMENT_CONTRACT_TYPE
Response structure examples
Description of the REST API response structure, example
Expand | ||
---|---|---|
| ||
|
Expand | ||
---|---|---|
| ||
|
HTTP status codes
Response code | HTTP Status code | Message | Internal name | Description | |
---|---|---|---|---|---|
1 | Базові | ||||
2 | 200 | ||||
3 | 401 | Unauthorized | Помилка підтвердження | ||
4 | 403 | Invalid client id | |||
5 | 1000 | 404 | Composition not found | COMPOSITION_NOT_FOUND_404 | Не знайдено медичний висновок |
6 | 422 | Division must be active and within current legal_entity | |||
7 | 422 | Employee must be an active DOCTOR | |||
8 | 422 | Employee can't be updated via Contract Request | |||
9 | 422 | Invalid EDRPOU in DS | |||
10 | 422 | Invalid printout content | |||
11 | 422 | Incorrect status | |||
12 | 422 | Start date must be greater than create date | |||
13 | 422 | The contract can't be signed by status | |||
14 | 422 | The division is not belong to contractor_divisions | |||
15 | Специфічні | ||||
16 | 422 | Only for active MPI record can be created medication request! |
Post-processing processes
Description of actions performed on data after processing
Technical modules where the method is used
List of pages describing technical modules where the method is used
Page Properties Report | ||||
---|---|---|---|---|
|
...