/wiki/spaces/EN/pages/17591304241 (remove the link block before publishing the document)
...
Properties of a REST API method document
Document type | Метод REST API |
|---|---|
Document title | [Document statusDRAFT] REST API [Назва методуUPD] [ID методуVerify approval [API-007-011-001-0479] |
Guideline ID | GUI-0011 |
Author | @ |
Document version | 1 |
Document status | DRAFT |
Date of creation | ХХ.ХХ.ХХХХ (дата фінальної версії документа – RC або PROD) |
Date of update | ХХ.ХХ.ХХХХ (дата зміни версії) |
Method API ID | API-007-011-001-0479 |
Microservices (namespace) | MPIME |
Component | AuthCompositions_ME |
Component ID | COM-007-011 |
Link на API-специфікацію | |
Resource | {{host}}//api.ehealth.gov.ua/api/patients/id/encounter_package |
Scope | |
Protocol type | REST |
Request type | |
Sync/Async | |
Public/Private |
Purpose
Key items
user PATCH /api/patients/{id}/approvals/{id} with the verification code received from the patient
...
If approval has resource != (care_plan & terms_of_service = ‘INPATIENT’ for care_plan&granted_to.employees.legal_entity_id = care_plans.managing_organization):
If authentication_method_current.type = OTP
system checks verification code via otp_verification service PATCH /verifications/:phone_number/actions/complete
if verification code matches - change is_verified to true
If not - return error
if resource from granted_to = employee AND access_level=read:Check if there are itemsMedical Events filtration by Forbidden groups#Medical-events-to-filterfor entities from granted_resource and\or from reason included to the forbidden groupsif there are active items from forbidden groupcreate approval on each forbidden_group block whose elements appear entities from granted_resource and\or from reasonset is_verified = trueset reason = id of the approval which was verifiedset created_by - the same user as for approval, which is verifiedset granted_to - the same employee as for approval, which is verifiedset granted_by - the same patient as for approval, which is verified
If there are some some values in approval.forbidden_groups - create approval for each forbidden group mentioned in the list
set is_verified = true
set reason = id of the approval which was verified
set created_by - the same user as for approval, which is verified
set granted_to - the same employee as for approval, which is verified
set granted_by - the same patient as for approval, which is verified
If authentication_method_current.type = offline or null OR approval with resource = care_plan where terms_of_service = ‘INPATIENT’ for care_plan&granted_to.employees.legal_entity_id = care_plans.managing_organization::
change is_verified to true
Search if there exists not expired approvals with current patient_id, for the same granted_resources, granted_to and access_level as in request:
If found - set for existing approvals:
updated_at = now()
updated_by = current user
expired_at = now()
Configuration parameters
Description of the configuration parameters that are used when processing a request in the system
Dictionaries
Provides a list of links to dictionaries that are available in ConfluenceN/A
Dictionaries
N/A
Input parameters
Description of input parameters
Input parameter | Mandatory | Type | Description | Example | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| 1 | composition_id | M | String ($uuid) (path) | Composition object ID | 89678f60-4cdc-4fe3-ae83-e8b3ebd35c59 | |||||
| 2 |
|
|
|
|
|
Request structure
See on API-specification (посилання на сторінку з API-специфікацією)Description of the REST API request structure, example
| Expand | ||
|---|---|---|
| ||
|
Headers
...
...
Request data validation
...
Mandatory
...
Description
...
Example
...
Content-Type
...
application/json
...
M
...
Тип контенту
...
Content-Type:application/json
...
Authorization
...
Bearer c2778f3064753ea70de870a53795f5c9
...
M
...
Перевірка користувача
...
Authorization:Bearer c2778f3064753ea70de870a53795f5c9
...
...
...
...
...
Request data validation
Authorize
Verify the validity of access token
Check user scope approval:create in order to perform this action
Validate confidant person relationship
Get value of THIRD_PERSON_CONFIDANT_PERSON_RELATIONSHIP_CHECK config parameter, if it is set to true:
If
authorize_within approval exists, not empty and contains auth method with type = THIRD_PERSON - validate that person from value is an approved confidant for a person from request – exists active and approved confidant person relationship between person from request and person_id from authentication method value (using following logic: /wiki/spaces/PCAB/pages/17415995422 withperson_id= person from approval andconfidant_person_id= value from auth method - expected:ok, :approvedresponse)in case of error - return 422 ('Cannot be verified by method with not approved confidant person relationship')
Processing
A list of processes related to receiving, changing or transmitting data according to the logic defined in the REST APIN/A
Response structure examples
See on API-specification (посилання на сторінку з API-специфікацією)Description of the REST API response structure, example
| Expand | ||
|---|---|---|
| ||
|
HTTP status codes
Response code | HTTP Status code | Message | Internal name | Description | Response code | HTTP Status code | Message | Internal name | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | Базові | ||||||||||||||||
| 2 |
| 401 | Unauthorized |
| Помилка підтвердження | 3 | 1000 | 404 | Composition not found | COMPOSITION_NOT_FOUND_404Не знайдено медичний висновок | 4 | 422 | Cannot be verified by method with not approved confidant person relationship | ||||
| 53 | Специфічні | ||||||||||||||||
| 64 | 422 | Only for active MPI record can be created medication request! |
|
| |||||||||||||
Post-processing processes
Description of actions performed on data after processing
Technical modules where the method is used
List of pages describing technical N/A
Technical modules where the method is used
Название | ID ТМ | Статус |
|---|---|---|
TM0112 | ||
...