Versions Compared

Old Version 5

changes.mady.by.user Iryna Biiovska

Saved on

compared with

New Version 6

changes.mady.by.user Iryna Biiovska

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

This web service is designed to obtain full information about capitation or reimbursement contract by NHS employee(private API) or MSP employee(public API).

Contract type should be declared in the URL.

Overview

  • only employee with scopes contract:read can see details of contract

...


Validation

Validate token

  • Verify the validity of access token
    • Return 401 in case validation fails
  • token is not expired
    • in case error return 401 

Validate scopes

  • Check user scopes in order to perform this action (scope = 'contract:read')
    1. Return 403 in case invalid scope(s)

...

  • if TOKENS_TYPES_PERSONAL
    • Check client_id = contracts.contractor_legal_entity_id
      • in case error return 403 "User is not allowed to view this contract"

...