Required parameters are marked with "*"

...

Purpose

...

Use this method to approve previously created Declaration Request.

Specification

...

Link

Apiary

Approve declaration request v3
Resource	/api/v3/declaration_requests/{{id}}/actions/approve
Scope	declaration_request:approve
Components

Необхідно зазначити перелік компонентів, які використовують цей метод, наприклад: ePrescription

Declarations

Using

Dictionaries

Потрібно вказати словники, які використовує метод API

Using Microservices

Вкажіть перелік мікросервісів, які використовує метод API. Наприклад: Auth, ABAC

Protocol type

Вкажіть тип протоколу, який використовується запитом, наприклад: SOAP | REST | JSON

Microservices	il/api ops/api
Protocol type	REST
Request type	PATCH
Sync/Async

Метод є синхронним чи асинхронним?

...

	Sync
Public/Private/Internal	Public

Key points

1. In case if persons current authentication

...

1. method is OTP, request

...

1. body must contain verification_code

...

1. field with OTP.

2. For any other authentication method, request body

...

1. must be empty

...

Input parameters

...

Filter

...

Values

...

Type

...

Description

...

Example

...

 id

...

String

...

b075f148-7f93-4fc2-b2ec-2d81b19a9b7b

Request structure*

See on Apiary

{
  "verification_code": 3748
}

Authorize*

1. Verify the validity of access token

2. Check user scopes declaration_request:write in order to perform this action

   1. In case error - generate 401 response

Request to process the request using a token in the headers

Headers*

• Content-Type:application/json

• Authorization:Bearer c2778f3064753ea70de870a53795f5c9

...

1. , but additional documents upload is needed for OFFLINE authentication method.

Validate request

1. Validate request using JSON schema

   1. In case validation failed - generate 422 error

JSON Schema 

{
    "$schema": "http://json-schema.org/draft-04/schema#",
    "type": "object",
    "properties": {
        "verification_code": {
            "type": "string"
        }
    },
    "required": [
        "verification_code"
    ],
    "additionalProperties": false
}

...

Authorize user

1. Verify the validity of access token

2. Check user scopes declaration_request:write in order to perform this action

   1. In case error - generate 401 response

Validate person verification status

• validate patient's verification_status is not equal to NOT_VERIFIED.

  • in case of error return 409, "Patient is not verified"

...

Get declaration request details

Get declaration request from IL_DB.declaration_request

Determine authorization method

Get authorization_method from IL_DB.declaration_request

SELECT IL_DB.declaration_request.authentication_method
FROM   IL_DB.declaration_request
WHERE IL_DB.declaration_request.id = :id

If authentication_method_current is NULL - return Error

...

If authentication_method_current = OTP - verify SMS code

If authentication_method_current = NA - verify Parent declaration

Verify code

Invoke verification module to verify OTP

OTP Verification

Check uploaded documents

Invoke Media Content Storage to check documents exist

Media Content Storage

Generate hash ‘seed’

Generate hash seed - Hash of previous block in declarations chain or other random component that should be signed with declaration

Change patient request

1. Change entity status in IL_DB.declaration_request to APPROVED

2. Set updated_at - now() (Get current date-time)

3. Set updated_by - user_id (Extract user from token)

Generate printout form

Invoke MAN to render print form.

Request mapping:

...

Parameter

...

Source

...

id

...

DECLARATION REQUEST

cURL example

...

Verify Parent declaration

Get parent_declaration_id from IL_DB.declaration_requests.parent_declaration_id:

• If parent_declaration_id is null, validate declaration request with current authentication_method_current = NA logic

• If parent_declaration_id is not null, check that parent declaration exists and in status 'active'

  • In case of error - return 404 (‘Active parent declaration was not found’)

Processing

Generate printout form

Prepare data for declaration request printout form

1. Call MAN service to render printout form

2. Get template id from config (DECLARATION_REQUEST_PRINTOUT_FORM_TEMPLATE_ID)

3. Prepare printout content based on declaration request data

4. Render printout form and save to declaration request

Set IL.declaration_request.printout_content:

Response structure*

See on Apiary

Code 201

...

...

Change patient_signed and process_disclosure_data_consent values

If parent_declaration_id is not null and authentication_method_current = NA, update following fields values at data_to_be_signed

...

Code 422

{
  "meta": {
    "code": "422",
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "req-adasdoijasdojsda"
  },
  "error": {
    "type": "request_malformed",
    "message": "This doctor has X declarations and could not sign more"
  }
}

Post-processing processes*

Що має відбутися в ЦБД після опрацювання та відправлення відповіді, тощоfield:

• patient_signed = null

• process_disclosure_data_consent = null

Generate hash ‘seed’

Generate hash seed - Hash of previous block in declarations chain or other random component that should be signed with declaration

Change declaration request

1. Change entity status in IL_DB.declaration_request to APPROVED

2. Set status_reason to doctor_confirmed

3. Set is_shareable to true

4. Set updated_at - now() (Get current date-time)

5. Set updated_by - user_id (Extract user from token)

HTTP status codes

Backward compatibility

...