Versions Compared

Version Old Version 4 New Version Current
Changes made by

Nickolay Kolotov (SoE eHealth)

Pavlo Nosenko (UA SoE eHealth) (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Service specification

Сценарій поведінки:

Для підтвердження верифікації необхідно ввести номер телефону та ОТР (одноразовий код) в систему

...

Table of Contents
minLevel1
maxLevel7

Purpose

This method is designed to verify that provided in the declaration request phone number is valid and is in service. Final stage

Specification

Link

https://ehealthmisapi1.docs.apiary.io/#reference/public.-medical-service-provider-integration-layer/otp-verification/complete-otp-verification

Resource

/api/verifications/{{phone_number}}/actions/complete

Scope

otp:write

Components

SMS

Using Dictionaries

API paragraph not found

Using Microservices

API paragraph not found

Protocol type

REST

Request type

PATCH

Sync/Async

Sync

Public/Private/Internal

Public

Logic

API paragraph not found

Input parameters

Input parameter

Values

Type

Description

Example

phone_number

String

Required

+380508887700

Attributes

Attribute

Values

Type

Description

Example

code

Number

3782

Filters

None

Request structure

See on Apiary

Example

Expand
titleRequest example
Code Block
{
  "code": 3782
}

Authorize

Request to process the request using a token in the headers

Headers

Example

Expand
titleHeader example
Code Block
Content-Type: application/json
Authorization: Bearer {token}
api-key: {secret}

API paragraph not found

Processing

To confirm the verification, you must enter the phone number and OTP (one-time code) in the system

If the code entered by the user is correct, the system will send a reply:

{
   "meta": {
       "code": 200,
        "url": "https://example.com/resource",
        "type": "object",
         "request_id": "req-adasdoijasdojsda"
},
 "data": {
    "id": "7d23bebb-1cf3-4221-bf21-18aada444756",
    "status": "VERIFIED",
    "code_expired_at": "2017-07-10T12:20:16.300597Z",
     "active": true
    }
}

...

Where:

  1. id-

...

  1. request id

  2. code_expired_at=

...

  1. the time until which the code is valid in the system

  2. Active- code activity status in the system

    1. "TRUE" - 

...

    1. if verification is possible:

      1. when creating a default query,

      2. if there were less than 4 attempts to use

      3. if the code has not expired (up to 300 seconds after creation)

    2.  "FALSE"  -

...

  1. якщо використали код
  2. якщо більше 3 спроб погашення
  3. якщо сплинув термін для верифікації при  верифікації, в тому числі успішній верифікації

...

    1. if verification is impossible:

      1. if code has been already used

      2. if more then 3 repayment attemptes has been made

      3. if the verification deadline has expired, including successful verification

  2. Status- displays the verification status

"status": "NEW"

"status": "VERIFIED"

"status": "UNVERIFIED"

"status": "EXPIRED"

"status": "CANCELED"

при створенні запиту, за замовчуванням При успішному проходженніпри неуспішному проходженні верифікації (більше 3 спроб)Сплив строк придатності кодуВстановлюється провайдером, у випадку, якщо СМС не може бути доставленим.

Якщо код введений користувачем невірний, то:

Якщо це одна з перших трьох невірних спроб, система відповість

when creating a query, by default

upon successful completion

upon unsuccessful verification (more than 3 attempts)

the code has expired коду

installed by the provider, in case the SMS cannot be delivered

If the code entered by the user is incorrect, then:

If this is one of the first three incorrect attempts, the system will respond:

{
  "error": {
  "message": "Invalid verification code",
  "type": "forbidden"
},
  "meta": {
    "code": 403,
    "request_id": "xxx",
    "type": "object",
    "url": "http://api-svc.verification/verifications/{{phone_number}}/actions/complete"
   }
}

Якщо, це четверта (і більше) невдала спроба ввести код, то система відповість

If this is the fourth (or more) failed attempt to enter the code, the system will respond:

{
  "error": {
     "message": "Maximum attempts exceed",
     "type": "forbidden"
          },
  "meta": {
      "code": 403,
      "request_id": "xxx",
      "type": "object",
      "url": "http://api-svc.verification/verifications/{{phone_number}}/actions/complete"
          }
}

Якщо вірний код введено після сплину строку придатності коду

If the correct code is entered after the expiration of the code (OTP_LIFETIME = 300

секунд

seconds) :

{
  "data": {
     "active": false,
     "code_expired_at": "2020-03-13T15:14:45.640890Z",
      "id": "6b5c534c-1664-4fdc-8128-96caaeb27089",
      "status": "expired"
  },
 "meta": {
     "code": 200,
     "request_id": "xxx",
     "type": "object",
      "url": "http://api-svc.verification/verifications/{{phone_number}}/actions/complete"
   }
}

Якщо невірний код введено після сплину строку придатності коду

If an incorrect code is entered after the expiration of the code :

{
  "error": {
     "message": "Invalid verification code",
     "type": "forbidden"
   },
   "meta": {
     "code": 403,
     "request_id": "xxx",
     "type": "object",
     "url": "http://api-svc.verification/verifications/{{phone_number}}/actions/complete"
    }
}

Verify code

  • Search active code for phone number

  • Check code expiration period

  • Compare codes

Matched

  • Deactivate code

  • Add phone number to verified_phones

Not matched

  • Deactivate code

  • Invoke Send verification code

  • Return error

Response structure

See on Apiary

Example:

Expand
titleResponse example
Code Block
{
  "meta": {
    "code": 200,
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "req-adasdoijasdojsda"
  },
  "data": {
    "id": "7d23bebb-1cf3-4221-bf21-18aada444756",
    "status": "NEW",
    "code_expired_at": "2017-07-10T12:20:16.300597Z",
    "active": true
  }
}

Post-processing processes

API paragraph not found

HTTP status codes

HTTP status code

Message

What caused the error

200

Response

 

403

Error

Backward compatibility

API paragraph not found