ЕСОЗ - публічна документація

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Purpose

This method allows to find the active person's authentication methods. Any user with appropriate scope can read information about authentication method of the person.

Specification

Link

https://ehealthmisapi1.docs.apiary.io/#reference/public.-medical-service-provider-integration-layer/persons/get-person-authentication-methods

Посилання на Apiary або Swagger

Resource

/api/persons/{{id}}/authentication_methods

Посилання на ресурс, наприклад: /api/persons/create

Scope

person:read

Scope для доступу

Components

Patient registry

Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription

Microservices

mpi/api

fe/admin-web

Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC

Protocol type

REST

Тип протоколу, який використовується запитом, наприклад: SOAP | REST

Request type

GET

Тип запиту API, наприклад: GET, POST, PATCH…

Sync/Async

Sync

Метод є синхронним чи асинхронним?

Public/Private/Internal

Public

Потрібно зазначити тип методу за ступенем доступності

Logic

Service returns primary authentication method for person or for confident person if type of authentication method = 'THIRD_PERSON':

  • Get authentication method by person_id from person_authentication_methods where updated_at is the newest

Input parameters

Input parameter

Values

Type

Description

Example

id

String

Required

030d5c41-a945-41ac-89d1-b7c6d1c226c7

Dictionaries

  • AUTHENTICATION_METHOD

Request structure

See on Apiary

Authorize

  • Verify the validity of access token

    • Return (401, 'Invalid access token') in case of validation fails

  • Verify that token is not expired

    • in case of error - return (401, 'Invalid access token')

  • Check user scopes in order to perform this action (scope = 'person:read')

    • Return (403, 'Your scope does not allow to access this resource. Missing allowances: person:read ') in case of invalid scope(s)

Headers

Content-Type:application/json

Authorization:Bearer {{access_token}}

Api-key:{{secret}}

Request data validation

Validate User

  • Extract user_id from token.

Validate Patient

  • Get person_id from URL

  • Validate patient status is active (status = ‘active' & is_active = 'true’)

    • in case of error - return 404 ('not found')

Response structure

Example:

 Response example. Code: 200
{
  "meta": {
    "code": 200,
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "6617aeec-15e2-4d6f-b9bd-53559c358f97#17810"
  },
  "data": [
    {
      "id": "b94893f5-b66b-4431-b023-d5b5c037caef",
      "type": "THIRD_PERSON",
      "phone_number": "+38093*****85",
      "value": "34d4aca0-ee15-4d2d-9ab8-336e5ba1f9c7",
      "alias": "husband",
      "ended_at": "2020-01-10 18:23:34.217335"
    }
  ]
}
 Response example. Code: 403
{
  "meta": {
    "code": 403,
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "6617aeec-15e2-4d6f-b9bd-53559c358f97#17810"
  },
  "error": {
    "type": "forbidden",
    "message": "Such person not found"
  }
}

HTTP status codes

HTTP status code

Message

What caused the error

200

Response

 

401

Invalid access token

Validation error

403

Your scope does not allow to access this resource. Missing allowances: person:read

Validation error

404

 Validation error

  • No labels

ЕСОЗ - публічна документація