ЕСОЗ - публічна документація

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Purpose

This WS is designed to return Device request details by identifier.

Specification

Apiary

Authorization

  • Verify the validity of access token

    • Return (401, 'Invalid access token') in case of validation fails

  • Verify that token is not expired

    • in case of error - return (401, 'Invalid access token')

  • Check user scopes in order to perform this action (scope = 'device_request:read')

    • Return (403, 'Your scope does not allow to access this resource. Missing allowances: device_request:read') in case of invalid scope(s)

Access to the resource is also managed by ABAC rules.

Service logic

Service returns specified Device requests related to the patient:

  1. Get Device requests from device_request collection (MongoDB)

  2. Validate data consistency:

    1. Ensure that requested Device requests relates to requested Patient (from URL)

      1. Return 403 ('Access denied') in case of error

  3. Fill in urgent block with current authentication method and verification_code field:

    1. If person has OTP authentication method, then set phone_number and verification_code=null

    2. If person has OFFLINE authentication method, then set verification_code and phone_number=null

  4. Render a response according to specification

  • No labels