Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel3

Required parameters are marked with "*"

...

Purpose

...

Use this method to approve previously created Authentication method Request.

Specification

...

Page Properties
API paragraph not found

Link

https://uaehealthapiehealthmisapi1.docs.apiary.io/#reference/public.-medical-service-provider-integration-layer/persons/approve-authentication-method-request

Resource

/api/persons/{{id}}/authentication_method_requests/{{request_id}}/actions/approve

Scope

API paragraph not foundauthentication_method_request:write

Components

API paragraph not foundPatient registry

Microservices

mpi/api

fe/admin-web

Protocol type

Тип протоколу, який використовується запитом, наприклад: SOAP | REST

Request type

PATCH

Sync/Async

Метод є синхронним чи асинхронним?

...

Sync

Public/Private/Internal

Public

Preconditions

Authentication method Request must be created.

Logic

Use this method to approve previously created Authentication method Request.

...

In case if authentication_method is OFFLINE, request body should be empty. Before approve patient's scanned documents should be uploaded to the (Signed URL's). All links are generated for one one-page document in jpeg format. Document should be no more than 10MB.

Confluence - https://e-health-ua.atlassian.net/wiki/x/G4DJJ

Input parameters

Input parameter

Values

Type

Description

Example

id

String

Person identifier

b075f148-7f93-4fc2-b2ec-2d81b19a9b7b

request_id

String

Request identifier

1096f147-7f93-3fc6-bddc-9d71b198fb7f

Request structure

...

See on Apiary

Example:

Expand
titleRequest example
Code Block
{
  "verification_code": 7489
}

Authorize

...

  1. Verify the validity of access token

    1. Return 401 in case validation fails

  2. Check scopes in order to perform this action (scope = 'authentication_method_request:write')

    1. Return 403 in case invalid scope(s)

Request to process the request using a token in the headers

Headers

...

  • Content-Type:application/json

  • Authorization:Bearer c2778f3064753ea70de870a53795f5c9api{{access_token}}

  • Api-key:uXhEczJ56adsfh3Ri9SUkc4en{{secret}}

Request data validation

...

Check if Person should be sent for verification*

...

Rules for validation of Persons

  1. Person has OFFLINE auth method (check in Request)

  2. Person's age >= no_self_auth_age and no_tax_id = true (check in DB)

  3. Person's age >= no_self_auth_age and Person’s tax_id is invalid: not match with birth date and gender (check in DB)

  4. Person’s age < no_self_auth_age and has document with type BIRTH_CERTIFICATE_FOREIGN (check in DB)

  5. Person’s age >= no_self_auth_age and has document with type PERMANENT_RESIDENCE_PERMIT (check in DB)

action = deactivate

  1. validate auth_method_request.auth_method_current:

    1. If auth_method_request.auth_method_current = OTP - Verificate sms (Invoke verification module to verify OTP (OTP Verification))

    2. If auth_method_request.auth_method_current = OFFLINE - verificate download documents ( Media Content Storage)

  2. Update authentication method request

    1. Change entity status in IL_DB.authentication_method_request to COMPLETED

    2. Set updated_at - now() (Get current date-time)

    3. Set updated_by - user_id (Extract user from token)

  3. Update mpi.person_authentication_method:

    1. set ended_at = now() (Get current date-time)

action = update

  1. validate auth_method_request.auth_method_current:

    • If auth_method_request.auth_method_current = OTP - Verificate sms (Invoke verification module to verify OTP (OTP Verification))

    • If auth_method_request.auth_method_current = OFFLINE - verificate download documents

  2. Update authentication method request

    1. Change entity status in IL_DB.authentication_method_request to COMPLETED

    2. Set updated_at - now() (Get current date-time)

    3. Set updated_by - user_id (Extract user from token)

  3. Update mpi.person_authentication_method:

    1. set alias (if it passed in request)

action = insert

  1. validate auth_method_request.auth_method_current:

    1. If auth_method_request.auth_method_current = OTP - Verificate sms (Invoke verification module to verify OTP (OTP Verification))

    2. If auth_method_request.auth_method_current = OFFLINE - verificate download documents

  2. If il.authentication_method_request.authentication_method.type = OFFLINE

    1. verificate download documents

  3. if type = THIRD_PERSON, set

    1. value = il.authentication_method_request.authentication_method.value

    2. alias = il.authentication_method_request.authentication_method.alias

    3. Start date: start_date = Current_date()

    4. End date:

      Code Block
      if (person.age < 14) { end_date =birth_date + no_self_auth_age - 1d;} else {  end_date = start_date + third_person_term;}

       

  4. Update authentication method request

    1. Change entity status in IL_DB.authentication_method_request to COMPLETED

    2. Set updated_at - now() (Get current date-time)

    3. Set updated_by - user_id (Extract user from token)

  5. Update mpi.person_asuthentication_methods

    1. If active il.authentication_method_request.authentication_method.type = OTP or OFFLINE or NA,

      1. person’s auth method that was before becomes inactive - set ended_at = now() (Get current date-time)

      2. set new auth_method in person_auth_methods. Set fields - type,phone_numer, alias(if it is in request)

  6. If il.authentication_method_request.authentication_method.type = THIRD_PERSON

    1. Add to table person_auth_methods row with type = third_person. Set fields - type,value, alias, ended_at,started_at

Processing

...

Send Person to verification process

...

  • If $.authenticationMethod.type = OFFLINE and action = insert then (
    verification is needed

    • Set MPI.persons.verification_status = VERIFICATION_NEEDED and

    • Set MPI.persons.verification_reason = AUTO and

    • Create StateChangeEvent in event manager with new verification status )

  • elseif $.authenticationMethod.type = OTP and action = insert and MPI.persons.verification_status != VERIFIED
    then (
    checking Rule 02-05

    • if (Person's age >= no_self_auth_age and no_tax_id = true) or
      (Person's age >= no_self_auth_age and Person’s tax_id is invalid: not match with birth date or gender or checksum) or
      (Person’s age < no_self_auth_age and has document with type BIRTH_CERTIFICATE_FOREIGN) or (Person’s age >= no_self_auth_age and has document with type PERMANENT_RESIDENCE_PERMIT) then
      manual verification is needed

      • Set MPI.persons.verification_status = VERIFICATION_NEEDED and

      • Set MPI.persons.verification_reason = RULES_TRIGGERED and

      • Create StateChangeEvent in event manager with new verification status

    • else
      person will be verified with Registers

      • Set MPI.persons.verification_status = VERIFICATION_NEEDED and

      • Set MPI.persons.verification_reason = RULES_PASSED and

      • Set MPI.persons.verification_comment = NULL and

      • Create StateChangeEvent in event manager with new verification status

)

Response structure

...

See on Apiary

Example:

Expand
titleResponse example
Code Block
{
  "meta": {
    "code": 201,
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "6617aeec-15e2-4d6f-b9bd-53559c358f97#17810"
  },
  "data": {
    "id": "b075f148-7f93-4fc2-b2ec-2d81b19a9b7b",
    "status": "COMPLETED",
    "channel": "MIS"
  }
}

Expand
titleResponse example
Code Block
{
  "meta": {
    "code": "422",
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "6617aeec-15e2-4d6f-b9bd-53559c358f97#17810"
  },
  "error": {
    "type": "request_malformed",
    "message": "This doctor has X declarations and could not sign more"
  }
}

Post-processing processes*

API paragraph not found

HTTP status codes

...

Page Properties

HTTP status code

Message

What caused the error

 201

  

Completed

 422

 

  This doctor has X declarations and could not sign more

  Request is malformed