ЕСОЗ - публічна документація

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Purpose*

This WS allows to create medical program provision by divisions of user’s legal entity. It shows what divisions provides medical program according to legal entity contract.

Specification*

Link

https://ehealthmisapi1.docs.apiary.io/#reference/public.-contracts/medical-program-provision/create-medical-program-provision

Resource

/api/medical_program_provision

Scope

medical_program_provision:write

Components

Medical program provision

Microservices

API paragraph not found

Protocol type

REST

Request type

POST

Sync/Async

Sync

Public/Private/Internal

Public

Logic*

This method allows to create medical program provision by divisions of user’s legal entity. It shows what divisions provide medical program according to legal entity contract. Method receives signed message (pkcs7) that consists of signed content, digital signature and signer public key. All signature fields will be validated (including signer certificate authority). Service will store signed copy of the request in Media Content Storage if all checks is passed.

Key points

  1. This is a REST method.

  2. Only authenticated and authorized legal entity owner with appropriate scope can create a Medical program provision.

  3. Request should be signed with DS.

  4. User can add multiple divisions at once to provide a medical program.

Request structure*

See on Apiary

Example:

 Request example
{
  "signed_content": "ew0KICAicGVyaW9kIjogew0KIC...",
  "signed_content_encoding": "base64"
}

Authorize*

  • Verify the validity of access token

    • in case of error - return 401 “Invalid access token” in case of validation fails

  • Verify that token is not expired

    • in case of error - return 401 “Invalid access token”

  • Check user scopes in order to perform this action (scope = 'medical_program_provision:write')

    • return 403 “Your scope does not allow to access this resource. Missing allowances: medical_program_provision:write” in case of invalid scope(s)

Request to process the request using a token in the headers

Headers*

Наприклад:

  • Content-Type:application/json

  • Authorization:Bearer F3GF124Df565FDS234SDF34

  • api-key:aDGFDFGT46S5gFGD

Request data validation*

Validate Digital Sign

  • Validate request is signed

    • in case of error - return 422 “document must be signed by 1 signer but contains 0 signatures”

  • Check DS is valid and not expired

  • Validate that DS belongs to the user

    • Check that DRFO from DS and party.tax_id matches

      • in case of error - return 409 “Signer DRFO doesn't match with requester tax_id“

Validate legal entity

  • Extract client_id from token.

  • Check client scopes in order to perform this action (scope = 'medical_program_provision:write')

    • in case of error - return 403 “Your scope does not allow to access this resource. Missing allowances: medical_program_provision:write”

  • Check legal entity status (status = ACTIVE, SUSPENDED)

    • In case of error - return 422 “Legal entity is not active”

Validate request

  1. Validate contract_number:

    1. Select contract_number from contracts where:

      1. type = REIMBURSEMENT

      2. is_active=true

      3. status = VERIFIED 

      4. contractor_legal_entity = client_id (from token)

        1. in case of error - return 422 “Your legal entity has no reimbursement contract with number <contract_number> or it is not active”

  2. Validate medical_program_id:

    1. Сheck program exists and active

      1. in case of error - return 422 “Medical program not found”

    2. Check medical program belongs to the contract

      1. in case of error - return 422 “Medical program does not belong to contract”

  3. Validate divisions :

    1. Check divisions are not duplicated in the array

      1. in case of error - return 422 “Division list has duplicated identifiers in the request”

    2. For each division in the array:

      1. Validate it exists and active (is_active = true and status = ACTIVE):

        1. in case of error - return 422 “Division with id <id> does not exist or not active”

      2. If chart parameter DISPENSE_DIVISION_DLS_VERIFY is on, then validate it DLS verified (dls_verified=true)

        1. in case of error - return 422 “Division with id <id> is not verified in DLS”

      3. Validate it belongs to the legal entity (client_id from token)

        1. in case of error - return 422 “Division with id <id> does not belong to legal entity”

      4. Validate there is no existing active records with the same division, medical program and contract number

        1. in case of error - return 422 “The medical program has already been provided by division with id <id> according to the contract“

Processing*

  1. Save signed content to media storage. Look at Bucket structure for details.

  2. Save records to the database according to Data model

Response structure*

See on Apiary

Example:

 Response example
{
  "meta": {
    "code": 201,
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "req-adasdoijasdojsda"
  },
  "data": [
    {
      "id": "3e34da3d-9b8c-4aaf-be8e-24a161279b6a",
      "contract_number": "0000-PAP5-M000",
      "medical_program_id": "04d5ea65-d6e7-44f8-9eef-f0d3c1121d2b",
      "division_id": "15caea3f-cac3-483c-a3da-5875eba96430",
      "is_active": true,
      "deactivate_reason": null,
      "inserted_at": "2017-04-20T19:14:13Z",
      "inserted_by": "e1453f4c-1077-4e85-8c98-c13ffca0063e",
      "updated_at": "2017-04-20T19:14:13Z",
      "updated_by": "2922a240-63db-404e-b730-09222bfeb2dd"
    }
  ]
}

Post-processing processes*

API paragraph not found

HTTP status codes*

HTTP status code

Message

What caused the error

 201

 

 

  • No labels