Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Purpose

This WS merges a person with a preperson after the merge request has been signed by employeemethod is used to sign merge request. Method receives signed message (pkcs7) including signed content, digital signature and signer public key in signed_content property. All signature fields will be validated (including signer certificate authority).

Specification

Page Properties
idAPI_Specification

Link

https://ehealthmisapi1.docs.apiary.io/#reference/public.-medical-service-provider-integration-layer/merge-request/sign-merge-request

Посилання на Apiary або Swagger

Resource

/api/merge_requests/{{id}}/actions/sign

Посилання на ресурс, наприклад: /api/persons/create

Scope

merge_request:sign

Scope для доступу

Components

Patient registry

Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription

Microservices

API paragraph not foundil/api

mpi/api

fe/admin-web

Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC

Protocol type

REST

Тип протоколу, який використовується запитом, наприклад: SOAP | REST

Request type

PATCH

Тип запиту API, наприклад: GET, POST, PATCH…

Sync/Async

Sync

Метод є синхронним чи асинхронним?

Public/Private/Internal

Public

Потрібно зазначити тип методу за ступенем доступності

Preconditions

Merge request must be approved.

Logic

  1. Only authenticated and authorized SPECIALIST employees can use this WS.

  2. Usage of this WS allowed in EMERGENCY or OUTPATIENT legal entities.

  3. Employee should sign merge request to link person with preperson.

  4. Only request APPROVED by person can be signed.

  5. The request can be signed only by employee who made the request.

  6. Create objects in DB should be done in one transaction.

  7. Status change of the merge request and preperson should be logged in the Event manager.

  8. Succesfull merge does not create record in MPI.persons table for preperson, but deactivates record in MPI.prepersons and linked document in patient collection (mongo)

  9. Data from the field data_to_be_signed used as request data for sign method.

Input parameters

Input parameter

Values

Type

Description

Example

id

String

Identifier of the merge request. Required

7c3da506-804d-4550-8993-bf17f9ee0404

Request structure

See on Apiary

...

  1. Verify the validity of access token

    1. Return 401 in case validation fails

  2. Check user scopes in order to perform this action (scope = 'merge_request:sign')

    1. Return 403 in case invalid scope(s)

  3. Check the employee has created this merge request. Thus select inserted_by from il.merge_requests of this merge request and compare it with user_id from the token.

  4. Check that client_id from the token maches with il.merge_requests.legal_entity_id

    1. If not match - return 422 error (User doesn’t belong to legal entity where the merge request was created)

Headers

Наприклад:

Content-Type:application/json

Authorization:Bearer c2778f3064753ea70de870a53795f5c9{{access_token}}

api-key:uXhEczJ56adsfh3Ri9SUkc4en{{secret}}

Request data validation

Validate digital signature

...

  • Check decoded signed content with previously created on IL.db.

Code Block
SELECT data
FROM merge_requests
WHERE id = {:id}

In case if they are not equal - generate 422 error (message: "Signed content does not match the previously created content")

...

  1. Get url for merge request upload.

Parameter

Source

action

'GET'

bucket

'MERGE_REQUESTS'

resource_id

: MERGE_REQUEST_ID

resource_name

: MERGE_REQUEST_NAME

timestamp

:TIMESTAMP

  1. Upload signed merge request to media storage.

Create object in DB

mpi.merged_pairs table

Parameter

Source

Description

id

uuid

Authogenerated, required.

master_person_id

merge_requests.master_person_id

Identifier of the person in MPI.persons, required

merge_person_id

merge_requests.merge_person_id

Identifier of the preperson in MPI.prepersons, required

inserted_at

timestamp

Get current date-time

updated_at

timestamp

Get current date-time

Update object in DB

1. il.merge_requeststable

Parameter

Source

Description

status

string

Status of the request, required. Set SIGNED

merged_pair_id

uuid

Identifier of merged pair. Get from mpi.merged_pair.id

patient_signed

bool

Evidence that person has signed the merge request. Set from Request, should be true.

updated_by

uuid

Extract user from token

updated_at

timestamp

Get current date-time

2. mpi.prepersons table

Parameter

Source

Description

status

string

Status of the preperson, required. Set inactive

updated_by

uuid

Extract user from token

updated_at

timestamp

Get current date-time

3. patients collection (mongo, separate job)

Parameter

Source

Description

status

string

Status of the preperson, required. Set inactive

updated_by

uuid

Extract user from token

updated_at

timestamp

Get current date-time

Response structure

See on Apiary

...

Expand
titleResponse example
Code Block
{
  "meta": {
    "code": 200,
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "6617aeec-15e2-4d6f-b9bd-53559c358f97#17810"
  },
  "data": {
    "id": "7c3da506-804d-4550-8993-bf17f9ee0404",
    "master_person_id": "7c3da506-804d-4550-8993-bf17f9ee0402",
    "merge_person_id": "7c3da506-804d-4550-8993-bf17f9ee0403",
    "status": "SIGNED",
    "inserted_at": "2017-04-20T19:14:13Z",
    "inserted_by": "e1453f4c-1077-4e85-8c98-c13ffca0063e",
    "updated_at": "2017-04-20T19:14:13Z",
    "updated_by": "2922a240-63db-404e-b730-09222bfeb2dd"
  }
}

...

API paragraph not found

HTTP status codes

Page Properties
idAPI_HTTP status codes

HTTP status code

Message

What caused the error

200

Response

 

401

Access token validation failed

 Access token validation failed

403

Invalid scope

404

Validation failed

409

Preperson has no episodes

Validation failed

422

User doesn’t belong to legal entity where the merge request was created

Error

2. Validation failed