ЕСОЗ - публічна документація

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 7 Next »

REST API method / Метод REST API (настанова) (remove the link block before publishing the document)

Properties of a REST API method document

Document type

Метод REST API

Document title

[Document status] REST API [Назва методу] [ID методу]

Guideline ID

GUI-0011

Author

@

Document version

1

Document status

DRAFT

Date of creation

ХХ.ХХ.ХХХХ (дата фінальної версії документа – RC або PROD)

Date of update

ХХ.ХХ.ХХХХ (дата зміни версії)

Method API ID

API-001-001-001-0006

Microservices (namespace)

ABAC

Component

Approvals/ABAC

Component ID

COM-001-001

Link на API-специфікацію

https://ehealthmedicaleventsapi.docs.apiary.io/#reference/approvals/get-approval-details/cancel-approval

Resource

{{host}}/api/patients/{{patiend_id}}/approvals/{{id}}/actions/cancel

Scope

approval:cancel

Protocol type

REST

Request type

PATCH

Sync/Async

Async(def)/Sync

Public/Private

Public

Purpose

Allows to cancel approval by it's identifier in patient context.

Logic

Allows to cancel approval by it's identifier in patient context. It is allowed only for the doctor who has an active declaration with a patient from url (can cancel all approvals) or approval is granted to user (can cancel own approval).

Service logic

Service allow to cancel of the patient approval:

  • Get approval by patient_id and approval id from approvals collection (MongoDB)

  • Update for approvals: status (update also updated_at, updated_by, expired_at = now()

  • If patient's authentication method is OTP or third_person.OTP, send SMS to that patient with info about cancelling.

  • Render a response according to specification.

Add status to event manager

After status was changed (status = CANCELLED) - add new status to event_manager

field

value

event_type

StatusChangeEvent

entity_type

Approval

entity_id

$.id

properties.status.new_value

$.status

event_time

$.update_at

changed_by

$.changed_by

Configuration parameters

Description of the configuration parameters that are used when processing a request in the system

Dictionaries

Provides a list of links to dictionaries that are available in Confluence

Input parameters

Input parameter

Mandatory

Type

Description

Example

1

patiend_id

 

String

identifier of the patient

aff00bf6-68bf-4b49-b66d-f031d48922b3

2

id

 

String

identifier of the approval

aff00bf6-68bf-4b49-b66d-f031d48922b3

Request structure

See on API-specification (посилання на сторінку з API-специфікацією)

Description of the REST API request structure, example

 Example

Headers

Key

Value

Mandatory

Description

Example

1

Content-Type

application/json

M

Тип контенту

Content-Type:application/json

2

Authorization

Bearer c2778f3064753ea70de870a53795f5c9

M

Перевірка користувача

Authorization:Bearer c2778f3064753ea70de870a53795f5c9

3

Request data validation

Authorization

  • Verify the validity of access token

    • Return (401, 'Invalid access token') in case of validation fails

  • Verify that token is not expired

    • in case of error - return (401, 'Invalid access token')

  • Check user scopes in order to perform this action (scope = 'approval:cancel')

    • Return (403, 'Your scope does not allow to access this resource. Missing allowances: approval:cancel') in case of invalid scope(s)

Validate Patient

  • Get Patient identifier from the URL

  • Check it exists in DB

    • Return 404 ('Person is not found') in case of error

Validate Approval

  • Get Approval identifier from the URL

  • Check it exists in DB

    • Return 404 ('not found') in case of error

  • Check approval is not expired (expires_at > now() )

    • Return 409 ('Approval can be cancelled only if it is not expiredhas new or active status') in case of error

Validate User

  • Extract user_id from token.

  • Check user has an active declaration with a patient from URL (can cancel all approvals) or approval is granted to user (can cancel own approval: granted_to OR created_by):

    • Return 403 ('No active declaration with patient found or declaration is not from the same MSP') in case the employee doesn't have an active declaration with the patient

Processing

A list of processes related to receiving, changing or transmitting data according to the logic defined in the REST API

Response structure examples

See on API-specification

Example:

 Response example
{
  "data": {
    "status": "pending",
    "eta": "2018-08-02T10:45:16.000Z",
    "links": [
      {
        "entity": "job",
        "href": "/Jobs/NBXk9EyErUZv1RhXgyvgg"
      }
    ]
  },
  "meta": {
    "code": 202,
    "url": "http://example.com/resource",
    "type": "object",
    "request_id": "req-adasdoijasdojsda"
  }
}
 Response example
{
  "data": {
    "id": "d5a5d991-0bf7-476f-b3cf-bec73f044b2e",
    "granted_resources": [
      {
        "identifier": {
          "type": {
            "coding": [
              {
                "system": "eHealth/resources",
                "code": "episode_of_care"
              }
            ]
          },
          "value": "d5a5d991-0bf7-476f-b3cf-bec73f044b2e"
        },
        "display_value": "null"
      }
    ],
    "granted_to": {
      "identifier": {
        "type": {
          "coding": [
            {
              "system": "eHealth/resources",
              "code": "employee"
            }
          ]
        },
        "value": "9183a36b-4d45-4244-9339-63d81cd08d9c"
      },
      "display_value": "null"
    },
    "expires_at": 1498749591,
    "reason": {
      "identifier": {
        "type": {
          "coding": [
            {
              "system": "eHealth/resources",
              "code": "service_request"
            }
          ]
        },
        "value": "9183a36b-4d45-4244-9339-63d81cd08d9c"
      },
      "display_value": "null"
    },
    "status": "new",
    "access_level": "read",
    "authentication_method_current": {
      "type": "OTP",
      "number": "+38093*****85"
    }
  },
  "meta": {
    "code": 201,
    "url": "http://example.com/resource",
    "type": "object",
    "request_id": "req-adasdoijasdojsda"
  }
}

HTTP status codes

Response code

HTTP Status code

Message

Internal name

Description

1

Базові

2

201

use payload from response

3

202

use Get job details to get processing result. Response payload will be returned in the job details

 async: default method

4

401

Invalid access token

5

403

No active declaration with patient found or declaration is not from the same MSP

6

403

Your scope does not allow to access this resource. Missing allowances: approval:cancel

7

404

Person is not found

8

409

Approval can be cancelled only if it is not expiredhas new or active status

9

Специфічні

10

Post-processing processes

Description of actions performed on data after processing

Technical modules where the method is used

List of pages describing technical modules where the method is used

Generating page properties report...

  • No labels

ЕСОЗ - публічна документація