Versions Compared

Old Version 8

changes.mady.by.user Dmytro Kulibaba (Unlicensed)

Saved on

compared with

New Version Current

changes.mady.by.user Yuliia Mazur (UA SoE eHealth)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

...

This method allows to find all the active person's authentication methods. Any user with appropriate scope can read information about authentication method of the person (data is taken from person_authnetication_method by person_id).

Specification

Page Properties
idAPI_Specification

Link

https://ehealthmisapi1.docs.apiary.io/#reference/public.-medical-service-provider-integration-layer/persons/get-person-authentication-methods

Посилання на Apiary або Swagger

Resource

/api/persons/{{id}}/authentication_methods

Посилання на ресурс, наприклад: /api/persons/create

Scope

person:read

Scope для доступу

Components

Patient registry

Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription

Microservices

API paragraph not foundmpi/api

fe/admin-web

Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC

Protocol type

REST

Тип протоколу, який використовується запитом, наприклад: SOAP | REST

Request type

GET

Тип запиту API, наприклад: GET, POST, PATCH…

Sync/Async

Sync

Метод є синхронним чи асинхронним?

Public/Private/Internal

Public

Потрібно зазначити тип методу за ступенем доступності

Logic

API paragraph not foundService returns primary authentication method for person or for confident person if type of authentication method = 'THIRD_PERSON':

  • Get authentication method by person_id from person_authentication_methods where updated_at is the newest

Input parameters

Input parameter

Values

Type

Description

Example

id

String

Required

030d5c41-a945-41ac-89d1-b7c6d1c226c7

Dictionaries

  • AUTHENTICATION_METHOD

Request structure

API paragraph not foundSee on Apiary

Authorize

  • Verify the validity of access tokenCheck user scope person:read 

    • Return (401, 'Invalid access token') in case of validation fails

  • Verify that token is not expired

    • in case of error - return (401, 'Invalid access token')

  • Check user scopes in order to perform this action (scope = 'person:read')

Headers

Наприклад:

    • Return (403, 'Your scope does not allow to access this resource. Missing allowances: person:read ') in case of invalid scope(s)

Headers

Content-Type:application/json

Authorization:Bearer c2778f3064753ea70de870a53795f5c9api{{access_token}}

Api-key:uXhEczJ56adsfh3Ri9SUkc4en{{secret}}

Request data validation

Validate

...

User

...

  • Extract user_id

...

  • validate person.id is UUID

    • in case error return 422

  • search person by person.id in MPI 

    • in case error return 422, "such person doesn't exist"

Processing

Search person’s authentication methods

Search ACTIVE (ended_at > now) person auth methods using person_id in mpi.person_authentiocation_methods.

...

  • from token.

Validate Patient

  • Get person_id from URL

  • Validate patient status is active (status = ‘active' & is_active = 'true’)

    • in case of error - return 404 ('not found')

Response structure

Example:

...

Expand
titleResponse example. Code: 403
Code Block
{
  "meta": {
    "code": 403,
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "6617aeec-15e2-4d6f-b9bd-53559c358f97#17810"
  },
  "error": {
    "type": "forbidden",
    "message": "Such person not found"
  }
}

...

API paragraph not found
HTTP status codes
 Page Properties
idAPI_HTTP status codes
HTTP status code
Message
What caused the error
200
Response
 
401
Invalid access token
Validation error
403
Your scope does not allow to access this resource. Missing allowances: person:read
Such person not found
422Validation error
 404
 Validation error