ЕСОЗ - публічна документація

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

This process describes adding an additional authentication method to an existing person, update authentication method and delete it.

Specification

Apiary

Authorize

  1. Verify the validity of access token

    • Check user scope authentication_method:write in order to perform this action

Get global parameters

Invoke Global parameters to get following parameter:

  • phone_number_auth_limit

Check if in table person_authentication_methods  with type = OTP > N, then error 422, such a phone already exists more N times

  • confidant_person_limit

In table person_auth_methods with type = third_person > N, then error 422

cURL example

curl -X GET \
  {:host}/prm/api/global_parameters

Validate request

if action = delete

{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
  "action": "delete",
  "authentication_methods": {
    "id": "057413fb-2c2e-4f33-b2d6-433469212744"
    }
  }
}

if action = insert

{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
  "action": "insert",
  "authentication_methods": {
    "type": "third_person",
    "value": "d12888c0-1159-4296-8f03-a592c136f673",
    "alias": "roksolana"
    }
  }
}

if action = update

{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object",
  "properties": {
  "action": "update",
  "authentication_methods": {
    "id": "057413fb-2c2e-4f33-b2d6-433469212744",
    "alias": "roksolana",
    "is_primary": "true"
    }
  }
}

Validate ids

Fiend value is person.id

  • validate person.id UUID

    • in case error return 422

  • search person by person.id in MPI 

    • in case error return 422, "Such person doesn't exist"

Validate

Use GET persom/{id}/ authentication_method to find authentication method' id of person

  1. if action = delete

    1. Field type must be third_person. (where person_auth_method.id = $aythentication_method.id)

    2. If person < 14, validate that count(auth_method, where person.auth_methods.person_id = $.person_id) >=1

    3. If delete auth_method where field is_primary = True, then the method that was last added has a flag is_primary = True

  2. if action = insert

    1. if type = OTP or OFFLINE, person’s auth method that was before (off or offline) becomes inactive

  3. if action = update

    1. if the transferred method is the main one (is_primary = TRUE), method that had this flag is_primary = TRUE now has is_primary = FALSE

Generate verification code

Invoke Initialize OTP to generate one time password and send it to third_person number (that is added as a new auth method). At this stage, the patients receive an SMS message.

Phone_numbers: mpi.person_auth_method.value, where person_id = $.third_person.id and type = OTP

cURL example

curl -X POST \
  http://localhost:4000/verifications \
  -H 'content-type: application/json' \
  -d '{
  "phone_number": "+380936235985"
}'
  • No labels

ЕСОЗ - публічна документація