Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties

ID метода

Note

Сторінка знаходиться в процесі розробки. Інформація на ній може бути застарілою.

Info

/wiki/spaces/EN/pages/17591304241 (remove the link block before publishing the document)

Properties of a REST API method document

Document type

Метод REST API

Document title

[DRAFT] Get authentication factor [API-005-

...

010-006-

...

0206]

Guideline ID

GUI-0011

Author

Viacheslav Tybin (SoE eHealth)

...

Версія документа

...

1.0

...

Статус документа

...

Status
titledraft

...

Назва метода (укр.)

...

Отримати фактор автентифікації

...

Назва метода (eng.)

...

Get authentication factor

...

Короткий опис метода

...

Document version

1

Document status

DRAFT

Date of creation

ХХ.ХХ.ХХХХ (дата фінальної версії документа – RC або PROD)

Date of update

ХХ.ХХ.ХХХХ (дата зміни версії)

Method API ID

API-005-010-006-0206

Microservices (namespace)

IL

Component

Patient Cabinet

Component ID

COM-005-010

Link на API-специфікацію

https://ehealthmisapi1.docs.apiary.io/#reference/public.-patient-cabinet/cabinet/get-authentication-factor

Resource

{{host}}/api/cabinet/authentication_factor

Scope

person:read

Protocol type

REST

Request type

GET

Sync/Async

Sync

Public/Private

Public

Purpose

This WS allows to see 2FA number via Cabinet.

Logic

N/A

Configuration parameters

N/A

Dictionaries

N/A

Input parameters

Input parameter

Mandatory

Type

Description

Example

1

2

 

 

 

 

 

Request structure

See on API-specification

Expand
titleExample
Code Block

Headers

Headers

Request data validation

Authorize

Request to process the request using a token in the headers.

Validate token

  • Check token existance

    • in case error return 404 - token was not found

  • Check expiration date tokens.expires_at 

    • if  tokens.expires_at < now() return 401 - access denied

  • Extract user_id from token

  • Check user scopes in order to perform this action (scope = ''person:read")

    1. Return 403 in case invalid scope(s) - "Your scope does not allow to access this resource. Missing allowances: "person:read"

Validate person

  • Check if users.is_blocked = false

    • in case error return 401 message "User blocked."

  • Check mpi.persons.status = 'active'

    • in case error return 409 message "Person is not active"

Authentication factor

  • Search authentication factor by user   

    SELECT id, type, factor, is_active, user_id FROM authentication_factors where user_id=$user_id;

Processing

N/A

Response structure examples

See on API-specification

Expand
titleExample
Code Block
languagejson
{
  "meta": {
    "code": 200,
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "6617aeec-15e2-4d6f-b9bd-53559c358f97#17810"
  },
  "data": {
    "id": "d290f1ee-6c54-4b01-90e6-d701748f0851",
    "type": "sms",
    "factor": "+380881234567",
    "is_active": true,
    "user_id": "d290f1ee-6c54-4b01-90e6-d701748f0851"
  }
}

HTTP status codes

Response code

HTTP Status code

Message

Internal name

Description

1

Базові

2

200

Response

3

401

Access denied

4

401

User blocked

 

5

403

Your scope does not allow to access this resource. Missing allowances: "person:read"

Validation failed

6

404

Token was not found

Validation failed

7

409

Person is not active

Validation failed

8

Специфічні

9

Post-processing processes

N/A

Technical modules where the method is used