Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

/wiki/spaces/EN/pages/17591304241 (remove the link block before publishing the document)

...

Properties of a REST API method document

Document type

Метод REST API

Document title

[Document statusDRAFT] REST API [Назва методу] [ID методуNEW] Resend SMS on Composition [API-007-011-001-0474]

Guideline ID

GUI-0011

Author

@

Document version

1

Document status

DRAFT

Date of creation

ХХ.ХХ.ХХХХ (дата фінальної версії документа – RC або PROD)

Date of update

ХХ.ХХ.ХХХХ (дата зміни версії)

Method API ID

API-007-011-001-0474

Microservices (namespace)

MPIME

Component

AuthCompositions_ME

Component ID

COM-007-011

Link на API-специфікацію

https://ehealthmisapi1.docs.apiary.io/#reference/public.-medical-service-provider-integration-layer/manage-client-configuration/get-client-details

Resource

{{host}}//api.ehealth.gov.ua/api/patients/id/encounter_package

Scope

Protocol type

REST

Request type

Sync/Async

Public/Private

...

  1. Only authenticated and authorized user with appropriate scope can resend SMS.

  2. SMS with composition number can be resent only to person with auth_method with type OTP.

  3. SMS with composition number can be resent only for Composition in FINAL status.

Logic

Description of the working algorithm of the API method and the interaction of services with each other add Service logic (if necessary)N/A

Configuration parameters

Description of the configuration parameters that are used when processing a request in the system

Dictionaries

Provides a list of links to dictionaries that are available in ConfluenceN/A

Dictionaries

N/A

Input parameters

Description of input parameters

Input parameter

Mandatory

Type

Description

Example

1

composition_id

 M

String ($uuid) (path)

Composition object ID

 89678f60-4cdc-4fe3-ae83-e8b3ebd35c59

2

 

 

 

 

 

Request structure

See on API-specification (посилання на сторінку з API-специфікацією)Description of the REST API request structure, example

Expand
titleExample
Code Block

Headers

...

Key

...

Value

...

Mandatory

...

Description

...

Example

...

Content-Type

...

application/json

...

M

...

Тип контенту

...

Content-Type:application/json

...

Authorization

...

Bearer c2778f3064753ea70de870a53795f5c9

...

M

...

Перевірка користувача

...

Authorization:Bearer c2778f3064753ea70de870a53795f5c9

...

 

...

 

...

 

...

 

...

 

Headers

Request data validation

Validations

  1. Validate person

    1. Check if person with patient_id from request exists

      1. in case of error - return 404 (“Not found”)

    2. Check if person with patient_id from request is not preperson

      1. in case of validation fails skip all steps below

  2. Check if Composition with composition_id from request is exist

    1. in case of error - return 404 (“Not found”) in case of validation fails

  3. Validate Composition

    1. Check that status is not 'entered_in_error'

      1. in case of error - return 409 error ('You can not resend SMS for Composition in status %status%')

  4. Validate legal entity

    1. Check that legal_entity_type is included in chart variables ME_ALLOWED_TRANSACTIONS_LE_TYPES config parameter

      1. in case of error return 409 "Action is not allowed for the legal entity"

    2. Check that legal_entity has status = active

      1. in case of error return 409 "Action is not allowed for the legal entity" 

...

Authorization

  1. Verify the validity of access token

    1. in case of error - return 401 (“Invalid access token”) in case of validation fails

  2. Verify that token is not expired

    1. in case of error - return 401 (“Invalid access token”)

  3. Check user scopes in order to perform this action (scope = 'composition:resend_sms')

    1. return 403 (“Your scope does not allow to access this resource. Missing allowances: composition:resend_sms”) in case of invalid scope(s)

Processing

  1. Call [Transferred] SMS timeout procedure to check if resending is allowed using:

    • COMPOSITION_MAX_ATTEMPTS_COUNT as MAX_ATTEMPTS_COUNT

    • COMPOSITION_SEND_TIMEOUT as SEND_TIMEOUT

    • "composition" as entity_name

    • composition_id as entity_id

    in case of error - return 429 ("Sending SMS timeout. Try later. Next attempt will be available at <attempts.oldest.value + SEND_TIMEOUT>")

  2. Get person's authentication_method according to logic:

    1. If authorize_with exists in Composition and is not empty, check:

      1. Authentication method exists in person_authentication_methods table in MPI DB (with is_active=true), is active (ended_at > now() or null)

      2. Get value of THIRD_PERSON_CONFIDANT_PERSON_RELATIONSHIP_CHECK config parameter

        1. if it is set to true - for authentication method with type = THIRD_PERSON check that person from value is an approved confidant for a person from Composition:

          1. exists active and approved confidant person relationship between patient from the Composition and confidant_person_id from authentication method value (using following logic: Check confidant person relationship with person_id = person from request and confidant_person_id = value from auth method - expected :ok, :approved response)

        2. in case any validation failed - return 409 ('Authentication method doesn't exist or is inactive')

        3. else - get authentication_method from authorize_with

      3. If authorize_with does not exist in composition request or is empty - get default authentication_method of person from MPI using logic https://e-health-ua.atlassian.net/wiki/spaces/EH/pages/622133300

    2. If authentication_method == OTP or THIRD_PERSON (with OTP) 

      1. Generate text SMS with template CREATE_{{COMPOSITION_TYPE}}_COMPOSITION_SMS_TEMPLATE.

      2. Send SMS

      3. else, if authentication_method is not OTP or THIRD_PERSON (with OTP) return an error

        1. return 409 ('Authentication method doesn't exist or is inactive')

Response structure examples

See on API-specification (посилання на сторінку з API-специфікацією)Description of the REST API response structure, example

Expand
titleExample
Code Block

HTTP status codes

Response code

HTTP Status code

Message

Internal name

Description

1000 

Response code

HTTP Status code

Message

Internal name

Description

1

Базові

2

401

Invalid access token

3

 

401

Unauthorized

 

Помилка підтвердження

4

403

Your scope does not allow to access this resource. Missing allowances: composition:resend_sms

54

404

Composition not found

COMPOSITION_NOT_FOUND_404

Не знайдено медичний висновок

6

404

Not found

75

409

Action is not allowed for the legal entity

86

409

Authentication method doesn't exist or is inactive

97

409

Authentication method doesn't exist or is inactive

108

409

You can not resend SMS for Composition in status %status%

119

429

Sending SMS timeout. Try later. Next attempt will be available at <attempts.oldest.value + SEND_TIMEOUT>

1210

Специфічні

13

 

422

Only for active MPI record can be created medication request!

11

 

Post-processing processes

Description of actions performed on data after processing

Technical modules where the method is used

List of pages describing technical modules where the method is used