...

...

1. Signed content of procedure must be equal to procedure stored in DB. See Get Procedure by search params

2. status_reason and explanatory_letter (optional) must be added to signed content

Please see Cancel Procedure and [Dummy Cancel Procedure for more detailsВідкликання процедури (entered in error)

Request structure

See on Apiary

Example:

{
  "signed_data": "ew0KICAicGVyaW9kIjogew0KIC..."
}

...

Request to process the request using a token in the headers

Headers

Наприклад:

...

Content-Type:application/json

...

...

api-key:aFBLVTZ6Z2dON1V

Request data validation

Validate token

• Verify the validity of access token

  • Return return 401 in case validation fails

• Verify token is not expired

  • in case error - return 401 

Validate scopes

• Check user scopes in order to perform this action (scope = 'procedure:write')

  Return

  • return 403 in case invalid scope(s)

Headers

Наприклад:

• Content-Type:application/json

• Authorization:Bearer {{access_token}}

• API-key:{{secret}}

Request data validation

Validate legal entity

• Validate procedure belongs to the legal entity where the current user works

  • ME.procedure.managing_organization==token.client_id

    • in case of error return 409 "Managing_organization in the procedure does not correspond to user`s legal_entity"

...

• Extract user_id and client_id from token

• Get list of APPROVED employees with this user_id in current Legal Entity

• Check that for user one of the conditions is TRUE:

  • user has an employee that specified as author of the procedure ($.procedure.recorded_by.identifier.value is in the list of APPROVED employees)

  • OR check that user has an employee which has approval granted by the patient with access_level:write for this procedure resource ($.approvals.granted_resources.identifier.value==$.procedure._id AND $.approvals.granted_to.identifier.value==PRM.employees.id AND $.approvals.access_level='write')

  • OR user has an employee which has MED_ADMIN employee type

  • otherwise, return error 409  "Employee is not performer of procedure, don't has approval or required employee type"

• If BLOCK_UNVERIFIED_PARTY_USERS is true, then check user's party data match following condition: verification_status != NOT_VERIFIED or (verification_status = NOT_VERIFIED and updated_at <= current_date - UNVERIFIED_PARTY_PERIOD_DAYS_ALLOWED):

  •  in case not match - return 403 ("Access denied. Party is not verified")

Request validation

1. Validate digital signature

   1. ds.drfo == PRM.parties.tax_id where (PRM.parties.id==PRM.employees.party_id where (PRM.employees.id==$.performer.identifier.value))

      1. in case of error - return 409 ("Signer DRFO doesn't match with requester tax_id")

2. Compare signed_content to previously created content

   1. select procedure, select * from procedures context.identifier.value=procedure_id and compare to signed_content (do not include status, status_reason and explanatory_letter )

      1. in case of inconsistencies return "Submitted signed content does not correspond to previously created content"

3. Validate status_reason is in dictionary eHealth/procedure_status_reasons

   1. in case error return 422, "status_reason not in a dictionary eHealth/procedure_status_reasons"

4. Validate user performs action with procedure that belong to his legal entity

   1. ME.patient{patinet_id}.procedures{procedure_id}.managing_organization==token.client_id

      1. in case of error return 422 "Managing_organization in the procedure does not correspond to user`s legal_entity"

...

1. Save signed_content to Media Storage

2. Set status `ENTERED_IN_ERROR` for procedure

3. Set cancellation_reason

4. Set explanatory_letter 

Response structure

See on Apiary

Example:

{
  "data": {
    "status": "pending",
    "eta": "2018-08-02T10:45:16.000Z",
    "links": [
      {
        "entity": "job",
        "href": "/Jobs/NBXk9EyErUZv1RhXgyvgg"
      }
    ]
  },
  "meta": {
    "code": 202,
    "url": "http://example.com/resource",
    "type": "object",
    "request_id": "req-adasdoijasdojsda"
  }
}

...