Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Purpose

This WS allows to link linking medical data of an unidentified person to a person in eHealth. Thus it helps a person who was unidentified during some period to store all its medical history.

Specification

Page Properties
idAPI_Specification

...

або Swagger

Resource

/api/merge_requests

Посилання на ресурс, наприклад: /api/persons/create

Scope

merge_request:write

Scope для доступу

Components

Patient registry

Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription

Microservices

il/api

mpi/api

fe/admin-web

Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC

Protocol type

REST

Тип протоколу, який використовується запитом, наприклад: SOAP | REST

Request type

POST

Тип запиту API, наприклад: GET, POST, PATCH…

Sync/Async

Sync

Метод є синхронним чи асинхронним?

Public/Private/Internal

Public

Потрібно зазначити тип методу за ступенем доступності

Logic

  1. Only authenticated and authorized SPECIALIST, ASSISTANT or RECEPTIONIST employees can merge prepersons with prepersons.

  2. Prepersons can be merged in EMERGENCY or OUTPATIENT legal entities.

  3. Employee can merge any active preperson to any active person.

  4. To merge person with preperson only their MPI ids needed.

  5. Change status should be logged in the Event manager.

...

Dictionaries

  • AUTHENTICATION_METHOD

  • DOCUMENT_TYPE

Request structure

Example:

Expand
titleRequest example
Code Block
{
  "master_person_id": "7c3da506-804d-4550-8993-bf17f9ee0402",
  "merge_person_id": "7c3da506-804d-4550-8993-bf17f9ee0403",
  "authorize_with": "cc949559-5dfe-420f-ac05-065e443b2cc6"
}

Authorize

  1. Verify the validity of access token

...

    • return 401 in case validation fails

  1. Check user scopes in order to perform this action (scope = '

...

  1. merge_request:write')

...

    • return 403 in case invalid scope(s)

  1. If BLOCK_UNVERIFIED_PARTY_USERS is true, then check party's data match following condition: verification_status != NOT_VERIFIED or (verification_status = NOT_VERIFIED and updated_at <= current_date - UNVERIFIED_PARTY_PERIOD_DAYS_ALLOWED):

    • in case not match - return 403 ("Access denied. Party is not verified")

Headers

Content-Type:application/json

Authorization:Bearer {{access_token}}

Api-key:{{secret}}

Request data validation

Validate request

Validate request using schema (TBD)

Validate legal entity

Check that legal entity is active (status = ACTIVE, SUSPENDED)

  1. Extract client_id from

...

  1. token

...

  1. Check legal entity status (status = ACTIVE

...

  1. )

    1. In case of error - return 409 (Legal entity must be ACTIVE

...

    1. )

Validate person

Ensure the person existsmaster_person_id is person

  1. Validate master_person_id UUID

    1. In case of error - return 422

  2. Find person by id in mpi.persons

    1. In case of error - return

...

    1. 404 ( Person not found)

  1. Check person status is active

    1. In case of error - return 409 (Person is not active)

Validate preperson

Ensure the preperson existsmerge_person_id is preperson

  1. Validate

...

  1. merge_person_id UUID

    1. In case of error - return 422

...

  1. Find preperson by id in mpi.prepersons

    1. In case of error - return

...

    1. 404 (Preperson not found)

  1. Check preperson status is active in mpi.

...

  1. prepersons

    1. In case of error - return 409 (Preperson is not active)

  2. Check if exists another preperson merge requests with status NEW or APPROVED for this preperson

    1. if exists - update status of another requests to

...

    1. CANCELLED

  1. Check if preperson has at least one episode( status!= "entered_in_error")

    1. if no episodes - return

...

    1. 409 (Preperson has no episodes)

Validate employee

...

Extract user_id and legal_entity_id from token and find corresponding employee_id

...

Check employee status is APPROVED

  1. In case of error - return 422 error (Only active employee can create preperson merge request)

If employee has division - validate it has status ACTIVE

...

Validate authorize_with

If submitted, validate authorize_with field for a person as described on create Person request process. But for success case set it to il.merge_requests.authentication_method_current field instead.

Generate verification code

Validate person authentication method in mpi.person_authentication_methods table:

In case no auth methods found (null) - return error with code 409 (Person has no auth methods)

Processing

Save object to DB

il.merge_requeststable

Validate person authentication method in mpi.person_authentication_methods table:

...

Parameter

Source

Description

id

uuid

Autogenerated

data

jsonb

Data from the request

Contains data for signed_content in json format.

Required

At this step is null. Optional field

master_person_id

Request: master_person_id

Person identifier in MPI (mpi.persons.id). Required

merge_person_id

Request:

preperson

merge_person_id

Preperson identifier that corresponds to MPI.prepersons.id (returned on create preperson). Required

status

string

Status of the request, required. Set NEW

merged_pair_id

uuid

Reference to mpi.merged_pairs table when person becomes merged with preperson (on sign). By default is null.

printout_form

text

Printout form of preperson merge request in html format. By default is null at this step

legal_entity_id

Request: client_id

Legal entity where request was created. Client_id extracted from token. Required

documents

jsonb

urls of the person`s documents if chosen authentication method is OFFLINE

authentication_method_current

jsonb

Person current authentication method.

is_active

bool

Technical flag. By default is true

inserted_by

uuid

Extract user from token

inserted_at

timestamp

Get current date-time

updated_by

uuid

Extract user from token

updated_at

timestamp

Get current date-time

Generate verification code

Response structure

See on Apiary

Example:

Expand
titleResponse example
Code Block
{
  "meta": {
    "code": 201,
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "6617aeec-15e2-4d6f-b9bd-53559c358f97#17810"
  },
  "data": {
    "id": "7c3da506-804d-4550-8993-bf17f9ee0404",
    "master_person_id": "7c3da506-804d-4550-8993-bf17f9ee0402",
    "merge_person_id": "7c3da506-804d-4550-8993-bf17f9ee0403",
    "status": "NEW",
    "inserted_at": "2017-04-20T19:14:13Z",
    "inserted_by": "e1453f4c-1077-4e85-8c98-c13ffca0063e",
    "updated_at": "2017-04-20T19:14:13Z",
    "updated_by": "2922a240-63db-404e-b730-09222bfeb2dd"
  },
  "urgent": {
    "authentication_method_current": [
      {
        "type": "OTP",
        "phone_number": "+38093*****85"
      }
    ],
    "documents": [
      {
        "type": "PASSPORT",
        "url": "https://storage.ehealth.world"
      }
    ]
  }
}

HTTP status codes

Page Properties
idAPI_HTTP status codes

HTTP status code

Message

What caused the error

201

 Response

 

401

 

Access token validation failed

403

Invalid scope

404

Person not found

Preperson not found

Validation failed

409

Legal entity must be ACTIVE

Person is not active

Preperson is not active

Preperson has no episodes

Person has no auth methods

Validation failed

422

Validation failed