Purpose
This web service is designed to obtain full information about capitation or reimbursement contract by NHS employee(private API) or MSP employee(public API).
Contract type should be declared in the URL.
Overview
- only employee with scopes contract:read can see details of contract
Specification
Public API
Private API
- GraphQL API
Capitation Contract
Reimbursement Contract - Features
Validation
Validate token
- Verify the validity of access token
- Return 401 in case validation fails
- token is not expired
- in case error return 401
Validate scopes
- Check user scopes in order to perform this action (scope = 'contract:read')
- Return 403 in case invalid scope(s)
Validate employee
extract user_id from token
extract client_id from token
- Check if user is active
- in case error return 403 - (user is not active)
- check nhs_legal_entity is active
- in case error return 403 - (Client is not active)
Validate context
extract client_id from token. LE employee can see only this legal entities contracts. NHS employee can see any contracts.
- if TOKENS_TYPES_PERSONAL
- Check client_id = contracts.contractor_legal_entity_id
- in case error return 403 "User is not allowed to view this contract"
- Check client_id = contracts.contractor_legal_entity_id
Validate data
- Validate contract id. Check contract.id = $.id
- in case error return 404 ("Contract with id=$id doesn't exist")
Responses
In response show ops.contracts.id+ops.contractor_employees.id and end_date is null