Table of Contents |
---|
Purpose
This method is designed to create a or update Person Request (as part of the process of creating a Person without a Declaration)
Specification
Link | |
Resource | /api/person_requests |
Scope | person_request:write |
Components |
Patient registry |
Using Dictionaries
API paragraph not found
Using Microservices
Microservices | il/api fe/admin-web |
Protocol type | REST |
Request type | POST |
Sync/Async | Sync |
Logic
Public/Private/Internal | Public |
Logic
Patient creation request statuses
...
API paragraph not found
Global and configuration parameters
Invoke Global parameters to get following parameters:
...
person_request_expiration and person_request_term_unit
person_with_third_person_limit
no_self_auth_age
cURL example
Code Block |
---|
curl -X GET \ {:host}/prm/api/global_parameters |
Input parameters
Filters
...
Dictionaries
GENDER
DOCUMENT_TYPE
ADDRESS_TYPE
COUNTRY
SETTLEMENT_TYPE
STREET_TYPE
PHONE_TYPE
AUTHENTICATION_METHOD
CONFIDANT_PERSON_TYPE
PREFERRED_WAY_COMMUNICATION
DOCUMENT_RELATIONSHIP_TYPE
Request structure
Example
Expand | ||
---|---|---|
| ||
|
Authorize
Verify the validity of access token
Check user scope person_request:write in order to perform this action
validate client_id belongs to legal_entity with type in ('MSP', 'OUTPATIENT', 'EMERGENCY', 'PRIMARY_CARE')
in case error return 409, "Invalid legal entity type"
validate user belongs to employee with type in "Doctor, Specialist, Receptionist, Assistant"
in case error return 409
Headers
Example
...
title | Header example |
---|
...
Validate request (JSON schema)
Validate request using JSON schema
Expand | ||
---|---|---|
| ||
|
Authorize
Verify the validity of access token
Return (401, 'Invalid access token') in case of validation fails
Verify that token is not expired
in case of error - return (401, 'Invalid access token')
Check user scopes in order to perform this action (scope = 'person_request:write')
Return (403, 'Your scope does not allow to access this resource. Missing allowances: person_request:write') in case of invalid scope(s)
validate client_id belongs to legal_entity with type in ('MSP', 'OUTPATIENT', 'EMERGENCY', 'PRIMARY_CARE')
Return (401, 'Invalid legal entity type') in case of validation fails
If BLOCK_UNVERIFIED_PARTY_USERS is true, then check party's data match following condition: verification_status != NOT_VERIFIED or (verification_status = NOT_VERIFIED and updated_at <= current_date - UNVERIFIED_PARTY_PERIOD_DAYS_ALLOWED):
in case not match - return 403 ("Access denied. Party is not verified")
If BLOCK_DECEASED_PARTY_USERS is true, check that party is not deceased (party_verification record does not equal to: dracs_death_verification_status = VERIFIED and dracs_death_verification_reason = MANUAL_CONFIRMED):
in case of error - return 403 ("Access denied. Party is deceased")
validate user belongs to employee with type in "Doctor, Specialist, Receptionist, Assistant"in case error return 409
Headers
Content-Type:application/json
Authorization:Bearer {{access_token}}
api-key:{{secret}}
Request data validation
Validate request
Validate request using JSON schema
Check presence of extra parameters
In case of error - return 422 ('schema does not allow additional properties')
Check presence of required parameters
In case of error - return 422 ('required property %{property} was not present')
Expand | ||
---|---|---|
| ||
|
Validation data request
Validate confidant person
If person age < prm.global_parameters.no_self_auth_age check existence of confidant_person
in case error return 422 - msg "Confidant person is mandatory for children"
Validate confidant person age ( >=14):
in case error return 422, " Confidant person must be older than 14 years.
Validate "tax_id"
tax_id has validation pattern - `^[0-9]{10}$`
if doesn't match, return error 422 "string does not match pattern ..."
Check "no_tax_id" flag
If "no_tax_id"= true, tax_id field should be empty, in case error return 422
If "no_tax_id"=false and age>14, tax_id should be present, in case error return 422
Check "patient_signed" flag
If "patient_signed" is not present in request, return 422 ("required property patient_signed was not present")
If "patient_signed"=true in request, return 422 ("value is not allowed in enum")
Validate person documents
issued_at, issued_by is mandatory for documents
Validate dates
issued_at <= now() and issued_at => birth_date
in case `issued_at > now()` show error 422, "Document issued date should be in the past"
in case `issued_at < person.birth_date` show error 422, "Document issued date should greater than person.birth_date "
expiration_date > now()
in case error show 422, "Document expiration_date should be in future"
expiration_date is mandatory for document_type
NATIONAL_ID
in case error return 422, "expiration_date is mandatory for document_type $.documents.type"
Validate documents_type.number according to json schema
PASSPORT - `^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$`
NATIONAL_ID - `^[0-9]{9}$`
BIRTH_CERTIFICATE - `^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$`
COMPLEMENTARY_PROTECTION_CERTIFICATE - `^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$`
REFUGEE_CERTIFICATE - `^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$`
TEMPORARY_CERTIFICATE - `^(((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{4,6}|[0-9]{9}|((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{5}\\/[0-9]{5})$`
TEMPORARY_PASSPORT - `^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$`
if `unzr`exists and is not null and matches "^[0-9]{8}-[0-9]{5}$" check if first 8 symbols = birth_date
in case error return 422, msg "unzr or birthdate are not correct"
if documents.type=NATIONAL_ID
check if unzr exists in request, in case error return 422, msg "unzr is mandatory for document type NATIONAL_ID"
Document numbersmaxLength < 25
Search pending person requests
Search persons request in IL_DB.person_requests to prevent requests duplication:
Code Block |
---|
WHERE IL_DB.person_requests.data.person.tax_id = :($.person_requests.person.tax_id)
AND IL_DB.person_requests.data.person.documents.number = :($.person_requests.person.documents.number)
AND IL_DB.person_requests.status IN ('NEW', 'APPROVED') |
if tax_id is null
Code Block |
---|
WHERE IL_DB.person_requests.data.person.documents.number = :($.person_requests.person.documents.number)
AND IL_DB.person_requests.data.person.first_name = :($.person_requests.person.first_name)
AND IL_DB.person_requests.data.person.last_name = :($.person_requests.person.last_name)
AND IL_DB.person_requests.status IN ('NEW', 'APPROVED') |
Cancel person request
Change status of all found person requests:
Code Block |
---|
SET IL_DB.person_requests.status = 'CANCELED'
WHERE IL_DB.person_requests.id IN (:LIST) |
Search pending declaration requests
Search declarations in IL_DB.declaration_requests to prevent requests duplication:
if tax_id is not null
Code Block |
---|
WHERE IL_DB.declaration_requests.data.person.tax_id = :($.person_requests.person.tax_id)
AND IL_DB.declaration_requests.status IN ('NEW', 'APPROVED') |
if tax_id is null
Code Block |
---|
WHERE IL_DB.declaration_requests.data.person.documents.number = :($.person_requests.person.documents.number)
AND IL_DB.declaration_requests.status IN ('NEW', 'APPROVED')
|
If found declaration request - don't create person request. Return error "This person already has a declaration request"
Search person
We are looking for a person to prevent duplication of a person:
We create pairs of new person with people from clusters(tax_id, phone_number and number of the document) and send to the model.
in case deduplication model gave score < PERSON_ONLINE_DEDUPLICATION_MATCH_SCORE, create new person
else return error 409, "such person exists. Update this person.
Validate phone number limit
USE_PHONE_NUMBER_AUTH_LIMIT is a flag in ehealth.charts that shows whether we count phones or not.
in case person is found, person_id will be saved to person_request, and person has the same authentication_methods.phone_number, we do not count phone numbers and do not compare the phone number with global_parameters.phone_number_auth_limit. So that we can update person, but still can not use phone over limit.
In case person is not found
Check if (SELECT count(*) from persons where authentication_methods::json->0->>'phone_number'='$.phone_number' and persons.status='active' and is_active=true)<global_parameters.phone_number_auth_limit
in case error return 422, msg "This phone number is present more then $.global_parameters.phone_number_auth_limit times in the system"
Validate person authentication methods/phone
If person <prm.global_parameters.no_self_auth_age years, then person.auth_methods.type =
third_person
. Validate that third_person has auth method.type = OTP
if third_person.auth_method.type = OFFLINE - error `THIRD PERSON can't have OFFLINE self auth method type`
if third_person.auth_method.type doesn't have active auth method - error `THIRD PERSON doesn't have active valid authentication methods`
Person.auth_methods.type = third_persont.id. But on get Person request
or Person
display third_person.auth_method.phone_number.
If person >
prm.global_parameters.no_self_auth_age and he must have one of auth.method.type (OTP OR OFFLINE). Also person may use new endpoint Append auth methods
to add additional auth_methods.type = third_person.
Don't validate auth_method.phone_number exists in verification.verified_phone.
Save person request
Insert record to IL.person_requests in status 'NEW'
Processing
Generate upload URL
Depending on the payload system generates list of signed urls for document scan-copies upload.
Signed URLs to be expired after some period of time (configurable `SECRETS_TTL`). If it has been expired - new person request should be created.
Each link is generated for one one-page document in jpeg format. Document should be no more than 10MB. For each type of documents, if couple of rules worked - only one single link is generated.
Validate flag no_tax_id, if $.person_request.person.no_tax_id = true:
Generate URL with type person.no_tax_id
Validate if $.person_request.person.tax_id is not empty and $.person_request.person.no_tax_id = false then
If (GetBirthDateFromTaxId($.tax_id) != $.birth_date) or (GetGenderFromTaxId($.tax_id) != $.gender) or CheckValidity($.tax_id) = false (i.e. invalid checksum) then
Generate URL with type person.tax_id
Validate block confidant person. If person.confidant is not null:
Generate URL's with type confidant_person.{confidant_person.type}.{$.person_request.person.confidant_person.[:].documents_relationship.[:].type}
Generate URL's with type confidant_person.{confidant_person.type}.{$.person_request.person.confidant_person.[:].documents_person.[:].type}
Validate block of person documents. If one of the documents has document.type = BIRTH_CERTIFICATE_FOREIGN and there is no same document in {$.person_request.person.confidant_person.[:].documents_relationship.[:]}
and age < no_self_auth_age then
Generate URL with type person.{$.person_request.person.documents.[with type BIRTH_CERTIFICATE_FOREIGN].type}
Validate block of person documents. If one of the documents has document.type = PERMANENT_RESIDENCE_PERMIT and age >= no_self_auth_age then
Generate URL with type person.{$.person_request.person.documents.[with type PERMANENT_RESIDENCE_PERMIT].type}
Validate authentication_method. If authentication method = OFFLINE or third_person (and this third_person.auth_method = OFFLINE) -
Generate URL's with type person.{$.person_request.person.documents.[:].type} (or Generate URL's with type third_person.{$.third_person.documents.[:].type})
Invoke Media Content Storage to generate upload URL for each document obtained by executing logic above
IL.person_request.documents structure:
Code Block |
---|
{
"documents":[
{
"type":"person.no_tax_id",
"url": "https://storage.googleapis.com/..."
}
]
} |
Save documents to DB.
Generate verification code
Invoke Initialize OTP to generate one time password and send it to client number. At this stage, the person receives an SMS message to confirm this phone and the consent to create a person.
Phone_number: ILperson_request.authentication_method_current.$.authentication_number
cURL example
Code Block |
---|
curl -X POST \
http://localhost:4000/verifications \
-H 'content-type: application/json' \
-d '{
"phone_number": "+380936235985"
}' |
Response structure
Example:
...
title | Response example (code: 201) |
---|
...
title | Response example (code: 422) |
---|
...
Post-processing processes
API paragraph not found
HTTP status codes
...
HTTP status code
...
Message
...
What caused the error
...
201
...
...
...
422
...
Unverified phone number
...
Update person request
To update the data of an existing person use an endpoint `Create/Update person request`.
It is necessary to transfer the same json as when creating person, only to transfer the id of an existing person and do not transfer the block with the authentication methods.
If person.id
is in request then
validate person.id is UUID
in case error return 422
search person by person.id in MPI
in case error return 422, "such person doesn't exist"
search persons in mpi (Пошук персон. Версія 3)
validate person be deduplication model (if score > PERSON_ONLINE_DEDUPLICATION_UPDATE_SCORE, then add mpi_id to person request)
else return error 409, "such person can't be updated. Deduplication update score is lower than system value (less changes should be made)"
Authorize
Verify the validity of access token
Check user scope person_request:write in order to perform this action
Validate request
Validate request using JSON schema
Expand | ||
---|---|---|
| ||
|
Validate confidant person
Verify that person age < prm.global_parameters.no_self_auth_age check existence of confidant_person
Return (422, 'Confidant person is mandatory for children') in case of validation fails
Validate confidant person age >= prm.global_parameters.no_self_auth_age
Return (422, 'Incorrect person age for such an action') in case of validation fails
Validate "tax_id"
tax_id has validation pattern - `^[0-9]{10}$`
if doesn't match, return error 422 "string does not match pattern ..."
Check "no_tax_id" flag
If "no_tax_id"= true, tax_id field should be empty, in case error return 422
If "no_tax_id"=false and age>14, tax_id should be present, in case error return 422
Check "patient_signed" flag
If "patient_signed" is not present in request, return 422 ("required property patient_signed was not present")
If "patient_signed"=true in request, return 422 ("value is not allowed in enum")
Validate person documents
issued_at, issued_by is mandatory for documents
Validate dates
issued_at <= now() and issued_at => birth_date
in case `issued_at > now()` show error 422, "Document issued date should be in the past"
in case `issued_at < person.birth_date` show error 422, "Document issued date should greater than person.birth_date "
expiration_date > now()
in case error show 422, "Document expiration_date should be in future"
expiration_date is mandatory for document_type
NATIONAL_ID
COMPLEMENTARY_PROTECTION_CERTIFICATE
PERMANENT_RESIDENCE_PERMIT
REFUGEE_CERTIFICATE
TEMPORARY_CERTIFICATE
TEMPORARY_PASSPORT
in case error return 422, "expiration_date is mandatory for document_type $.documents.type"
Validate documents_type.number according to json schema
PASSPORT - `^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$`
NATIONAL_ID - `^[0-9]{9}$`
BIRTH_CERTIFICATE - `^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$`
COMPLEMENTARY_PROTECTION_CERTIFICATE - `^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$`
REFUGEE_CERTIFICATE - `^((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{6}$`
TEMPORARY_CERTIFICATE - `^(((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{4,6}|[0-9]{9}|((?![ЫЪЭЁ])([А-ЯҐЇІЄ])){2}[0-9]{5}\\/[0-9]{5})$`
TEMPORARY_PASSPORT - `^((?![ЫЪЭЁыъэё@%&$^#`~:,.*|}{?!])[A-ZА-ЯҐЇІЄ0-9№\\/()-]){2,25}$`
if unzr exists and is not null, check pattern match
"^[0-9]{8}-[0-9]{5}$"
in case error return 422, msg 'string does not match pattern \"%{pattern}\"'
if documents.type=NATIONAL_ID
check if unzr exists in request, in case error return 422, msg "unzr is mandatory for document type NATIONAL_ID"
Document numbersmaxLength < 25
Search pending person requests
Search persons request in IL_DB.person_requests to prevent requests duplication:
Code Block |
---|
WHERE IL_DB.person_requests.data.person.tax_id = :($.person_requests.person.tax_id)
AND IL_DB.person_requests.data.person.documents.number = :($.person_requests.person.documents.number)
AND IL_DB.person_requests.status IN ('NEW', 'APPROVED') |
if tax_id is null
Code Block |
---|
WHERE IL_DB.person_requests.data.person.documents.number = :($.person_requests.person.documents.number)
AND IL_DB.person_requests.data.person.first_name = :($.person_requests.person.first_name)
AND IL_DB.person_requests.data.person.last_name = :($.person_requests.person.last_name)
AND IL_DB.person_requests.status IN ('NEW', 'APPROVED') |
Cancel person request
Change status of all found person requests:
Code Block |
---|
SET IL_DB.person_requests.status = 'CANCELED'
WHERE IL_DB.person_requests.id IN (:LIST) |
Search pending declaration requests
Search declarations in IL_DB.declaration_requests to prevent requests duplication:
if tax_id is not null
Code Block |
---|
WHERE IL_DB.declaration_requests.data.person.tax_id = :($.person_requests.person.tax_id)
AND IL_DB.declaration_requests.status IN ('NEW', 'APPROVED') |
if tax_id is null
Code Block |
---|
WHERE IL_DB.declaration_requests.data.person.documents.number = :($.person_requests.person.documents.number)
AND IL_DB.declaration_requests.status IN ('NEW', 'APPROVED')
|
If found declaration request - don't create person request. Return error "This person already has a declaration request"
Search person
We are looking for a person to prevent duplication of a person:
We create pairs of new person with people from clusters(tax_id, phone_number and number of the document) and send to the model.
in case deduplication model gave score < PERSON_ONLINE_DEDUPLICATION_MATCH_SCORE, create new person
else return error 409, "such person exists. Update this person.
Validate phone number limit
USE_PHONE_NUMBER_AUTH_LIMIT is a flag in ehealth.charts that shows whether we count phones or not.
in case person is found, person_id will be saved to person_request, and person has the same authentication_methods.phone_number, we do not count phone numbers and do not compare the phone number with global_parameters.phone_number_auth_limit. So that we can update person, but still can not use phone over limit.
In case person is not found
Check if (SELECT count(*) from persons where authentication_methods::json->0->>'phone_number'='$.phone_number' and persons.status='active' and is_active=true)<global_parameters.phone_number_auth_limit
in case error return 422, msg "This phone number is present more then $.global_parameters.phone_number_auth_limit times in the system"
Validate person authentication methods/phone
If person <prm.global_parameters.no_self_auth_age years, then person.auth_methods.type =
third_person
. Validate that third_person has auth method.type = OTPif third_person.auth_method.type = OFFLINE - error `THIRD PERSON can't have OFFLINE self auth method type`
if third_person.auth_method.type doesn't have active auth method - error `THIRD PERSON doesn't have active valid authentication methods`
If third person >= prm.global_parameters.no_self_auth_age years
in case error return 422, msg "Incorrect person age for such an action"
Person.auth_methods.type = third_persont.id. But on get Person request
or Person
display third_person.auth_method.phone_number.
If person > prm.global_parameters.no_self_auth_age and he must have one of auth.method.type (OTP OR OFFLINE). Also person may use new endpoint
Append auth methods
to add additional auth_methods.type =third_person.
Don't validate auth_method.phone_number exists in verification.verified_phone.
Save person request
Insert record to IL.person_requests in status 'NEW'
Processing
Generate upload URL
Depending on the payload system generates list of signed urls for document scan-copies upload.
Signed URLs to be expired after some period of time (configurable `SECRETS_TTL`). If it has been expired - new person request should be created.
Each link is generated for one one-page document in .pdf, .jpg, .png, .bmp format. Document should be no more than 20 MB. For each type of documents, if couple of rules worked - only one single link is generated.
Validate flag no_tax_id, if $.person_request.person.no_tax_id = true:Generate URL with type person.no_tax_id
Validate if $.person_request.person.tax_id is not empty and $.person_request.person.no_tax_id = false thenIf (GetBirthDateFromTaxId($.tax_id) != $.birth_date) or (GetGenderFromTaxId($.tax_id) != $.gender) or CheckValidity($.tax_id) = false (i.e. invalid checksum) thenGenerate URL with type person.tax_id
Validate block confidant person. If person.confidant is not null:
Generate URL's with type confidant_person.{confidant_person.type}.{$.person_request.person.confidant_person.[:].documents_relationship.[:].type}
Generate URL's with type confidant_person.{confidant_person.type}.{$.person_request.person.confidant_person.[:].documents_person.[:].type}
Validate block of person documents. If one of the documents has document.type = BIRTH_CERTIFICATE_FOREIGN and there is no same document in {$.person_request.person.confidant_person.[:].documents_relationship.[:]}
and age < no_self_auth_age then
Generate URL with type person.{$.person_request.person.documents.[with type BIRTH_CERTIFICATE_FOREIGN].type}
Validate block of person documents. If one of the documents has document.type = PERMANENT_RESIDENCE_PERMIT and age >= no_self_auth_age then
Generate URL with type person.{$.person_request.person.documents.[with type PERMANENT_RESIDENCE_PERMIT].type}
Validate authentication_method. If authentication method = OFFLINE or third_person (and this third_person.auth_method = OFFLINE) -
Generate URL's with type person.{$.person_request.person.documents.[:].type} (or Generate URL's with type third_person.{$.third_person.documents.[:].type})
Validate unzr. If $.person_request.person.unzr is not empty and first 8 digits of $.person_request.person.unzr != $.person_request.person.birth_date then
Generate URL with type person.{$.person_request.person.unzr}
Invoke Media Content Storage to generate upload URL for each document obtained by executing logic above
IL.person_request.documents structure:
Code Block |
---|
{
"documents":[
{
"type":"person.no_tax_id",
"url": "https://storage.googleapis.com/..."
}
]
} |
Save documents to DB.
Generate verification code
Invoke Initialize OTP to generate one time password and send it to client number. At this stage, the person receives an SMS message to confirm this phone and the consent to create a person.
Phone_number: ILperson_request.authentication_method_current.$.authentication_number
cURL example
Code Block |
---|
curl -X POST \
http://localhost:4000/verifications \
-H 'content-type: application/json' \
-d '{
"phone_number": "+380936235985"
}' |
Response structure
Example:
Expand | ||
---|---|---|
| ||
|
Expand | ||
---|---|---|
| ||
|
Update person request
To update the data of an existing person use an endpoint `Create/Update person request`.
It is necessary to transfer the same json as when creating person, only to transfer the id of an existing person and do not transfer the block with the authentication methods.
If person.id
is in request then
validate person.id is UUID
in case error return 422
search person by person.id in MPI
in case error return 422, "such person doesn't exist"
search persons in mpi (Пошук персон. Версія 3)
validate person be deduplication model (if score > PERSON_ONLINE_DEDUPLICATION_UPDATE_SCORE, then add mpi_id to person request)
else return error 409, "Such person can't be updated. New person should be created instead"
Update person’s data with empty value of the second name is possible by setting second_name = null
.
Authorize
Verify the validity of access token
Check user scope person_request:write in order to perform this action
Request data validation
Validate request
Validate request using JSON schema
Expand | ||
---|---|---|
| ||
|
Validate documents, confidant_person, flag no_tax_id
Validate documents, flag `no_tax_id`, confidant_person as on Create person request
Validate authorize_with
The person can pass the id of his auth_method which he wants to confirm the update of the request. The necessary auth method can be found by making Get person's auth methods
validate auth_method.id is UUID
in case error return 422
search auth method in MPI.person_authentication_method
in case error return 422, "such authentication method doesn't exist"
search auth method of this person where MPI.person_authentication_method.person_id = $.person.id
in case error return 422, "such authentication method does not belong to this person"
validate that auth_method.type = NA
in case error return 422, "Сannot be confirmed by a method with type= NA. Use a different method."
validate that this method is active ( authentication_method.ended_at > now() and is_active = true)
This field is optional and set in il.person_reques.authentication_method_current.
If person request doesn't have this field, then choose that method which is returned from mpi as person's default method
Save person request
Insert record to IL.person_request in status 'NEW'. Person_id from request save in field mpi_id
in IL.person_request
Search pending person requests
Search persons request in IL_DB.person_requests to prevent requests duplication:
Code Block |
---|
WHERE IL_DB.person_requests.data.person.id = :($.person_requests.person.id)
AND IL_DB.person_requests.status IN ('NEW', 'APPROVED') |
Cancel person requests
Change status of all found person requests:
Code Block |
---|
SET IL_DB.person_requests.status = 'CANCELED'
WHERE IL_DB.person_requests.id IN (:LIST) |
Validate parameters
Person can't update tax_id. (He can update tax_id from null to tax_id or from null to null).
Also person can update birth_date if it validates with tax_id.
Validate auth_method_current
Set default auth method of person on IL.auth_method_request.auth_method_current - use function in mpi, that return default auth method
Validate that auth_method_current !=NA
Generate upload URL
Depending on the payload system generates list of signed urls for document scan-copies upload.
Signed URLs to be expired after some period of time (configurable `SECRETS_TTL`). If it has been expired - new person request should be created.
Each link is generated for one one-page document in jpeg format. Document should be no more than 10MB. For each type of documents only one single link is generated.
Validate flag no_tax_id, if $.person_request.person.no_tax_id = true:
Generate URL with type person.no_tax_id
Validate if $.person_request.person.tax_id is not empty and $.person_request.person.no_tax_id = false then
If (GetBirthDateFromTaxId($.tax_id) != $.birth_date) or (GetGenderFromTaxId($.tax_id) != $.gender) or CheckValidity($.tax_id) = false (i.e. invalid checksum) then
Generate URL with type person.tax_id
Validate block confidant person. If person.confidant is not null:
Generate URLs with type confidant_person.{confidant_person.type}.{$.person_request.person.confidant_person.[:].documents_relationship.[:].type}
Generate URLs with type confidant_person.{confidant_person.type}.{$.person_request.person.confidant_person.[:].documents_person.[:].type}
Validate block of person documents. If one of the documents has document.type = BIRTH_CERTIFICATE_FOREIGN and there is no same document in {$.person_request.person.confidant_person.[:].documents_relationship.[:]}
and age < no_self_auth_age then
Generate URL with type person.{$.person_request.person.documents.[with type BIRTH_CERTIFICATE_FOREIGN].type}
Validate block of person documents. If one of the documents has document.type = PERMANENT_RESIDENCE_PERMIT and age >= no_self_auth_age then
Generate URL with type person.{$.person_request.person.documents.[with type PERMANENT_RESIDENCE_PERMIT].type}
Validate authentication_method. If authentication method = OFFLINE or third_person (and this third_person.auth_method = OFFLINE) -
Generate URLs with type person.{$.person_request.person.documents.[:].type} (or Generate URL's with type third_person.{$.third_person.documents.[:].type})
Code Block |
---|
{
"documents":[
{
"type":"person.no_tax_id",
"url": "https://storage.googleapis.com/..."
}
]
} |
Save documents to DB.
Generate verification code
Invoke Initialize OTP to generate one time password and send it to client number. At this stage, the person receives an SMS message to confirm updating a person's data.
Phone_number: MPI.person_authentication_method where person_id = $person_request.persin_id and is_primary = True
cURL example
Code Block |
---|
curl -X POST \
http://localhost:4000/verifications \
-H 'content-type: application/json' \
-d '{
"phone_number": "+380958697084"
}' |
Backward compatibility
...
|
Validate documents, confidant_person, flag no_tax_id
Validate documents, flag `no_tax_id`, confidant_person as on Create person request
Validate authorize_with
The person can pass the id of his auth_method which he wants to confirm the update of the request. The necessary auth method can be found by making Get person's auth methods
validate auth_method.id is UUID
in case error return 422
search auth method in MPI.person_authentication_method
in case error return 422, "such authentication method doesn't exist"
search auth method of this person where MPI.person_authentication_method.person_id = $.person.id
in case error return 422, "such authentication method does not belong to this person"
validate that auth_method.type = NA
in case error return 422, "Сannot be confirmed by a method with type= NA. Use a different method."
validate that this method is active ( authentication_method.ended_at > now() and is_active = true)
This field is optional and set in il.person_reques.authentication_method_current.
If person request doesn't have this field, then choose that method which is returned from mpi as person's default method
Save person request
Insert record to IL.person_request in status 'NEW'. Person_id from request save in field mpi_id
in IL.person_request
Search pending person requests
Search persons request in IL_DB.person_requests to prevent requests duplication:
Code Block |
---|
WHERE IL_DB.person_requests.data.person.id = :($.person_requests.person.id)
AND IL_DB.person_requests.status IN ('NEW', 'APPROVED') |
Cancel person requests
Change status of all found person requests:
Code Block |
---|
SET IL_DB.person_requests.status = 'CANCELED'
WHERE IL_DB.person_requests.id IN (:LIST) |
Validate parameters
Person can't update tax_id. (He can update tax_id from null to tax_id or from null to null).
Also person can update birth_date if it validates with tax_id.
Validate auth_method_current
Set default auth method of person on IL.auth_method_request.auth_method_current - use function in mpi, that return default auth method
Validate that auth_method_current !=NA
Processing
Generate upload URL
Depending on the payload system generates list of signed urls for document scan-copies upload.
Signed URLs to be expired after some period of time (configurable `SECRETS_TTL`). If it has been expired - new person request should be created.
Each link is generated for one one-page document in jpeg format. Document should be no more than 10MB. For each type of documents only one single link is generated.
Validate flag no_tax_id, if $.person_request.person.no_tax_id = true:Generate URL with type person.no_tax_id
Validate if $.person_request.person.tax_id is not empty and $.person_request.person.no_tax_id = false thenIf (GetBirthDateFromTaxId($.tax_id) != $.birth_date) or (GetGenderFromTaxId($.tax_id) != $.gender) or CheckValidity($.tax_id) = false (i.e. invalid checksum) thenGenerate URL with type person.tax_id
Validate block confidant person. If person.confidant is not null:
Generate URLs with type confidant_person.{confidant_person.type}.{$.person_request.person.confidant_person.[:].documents_relationship.[:].type}
Generate URLs with type confidant_person.{confidant_person.type}.{$.person_request.person.confidant_person.[:].documents_person.[:].type}
Validate block of person documents. If one of the documents has document.type = BIRTH_CERTIFICATE_FOREIGN and there is no same document in {$.person_request.person.confidant_person.[:].documents_relationship.[:]}
and age < no_self_auth_age then
Generate URL with type person.{$.person_request.person.documents.[with type BIRTH_CERTIFICATE_FOREIGN].type}
Validate block of person documents. If one of the documents has document.type = PERMANENT_RESIDENCE_PERMIT and age >= no_self_auth_age then
Generate URL with type person.{$.person_request.person.documents.[with type PERMANENT_RESIDENCE_PERMIT].type}
Validate authentication_method. If authentication method = OFFLINE or third_person (and this third_person.auth_method = OFFLINE) -
Generate URLs with type person.{$.person_request.person.documents.[:].type} (or Generate URL's with type third_person.{$.third_person.documents.[:].type})
Validate unzr. If $.person_request.person.unzr is not empty and first 8 digits of $.person_request.person.unzr != $.person_request.person.birth_date then
Generate URL with type person.{$.person_request.person.unzr}
Code Block |
---|
{
"documents":[
{
"type":"person.no_tax_id",
"url": "https://storage.googleapis.com/..."
}
]
} |
Save documents to DB.
Generate verification code
Invoke Initialize OTP to generate one time password and send it to client number. At this stage, the person receives an SMS message to confirm updating a person's data.
Phone_number: MPI.person_authentication_method where person_id = $person_request.persin_id and is_primary = True
cURL example
Code Block |
---|
curl -X POST \
http://localhost:4000/verifications \
-H 'content-type: application/json' \
-d '{
"phone_number": "+380958697084"
}' |
HTTP status codes
HTTP status code | Message | What caused the error |
---|---|---|
201 | Response |
|
409 | Invalid legal entity type Such person exists. Update this person Such person can't be updated. Deduplication update score is lower than system value (less changes should be made) | Validation failed |
422 | Unverified phone number Such a phone already exists more N times Confidant person is mandatory for children Incorrect person age for such an action String does not match pattern ... Required property patient_signed was not present Value is not allowed in enum Document issued date should be in the past Document issued date should greater than person.birth_date Document expiration_date should be in future Expiration_date is mandatory for document_type $.documents.type Unzr or birthdate are not correct Unzr is mandatory for document type NATIONAL_ID This phone number is present more then $.global_parameters.phone_number_auth_limit times in the system Such person doesn't exist Such authentication method doesn't exist Cannot be confirmed by a method with type= NA. Use a different method. | Validation failed |