ЕСОЗ - публічна документація

[DRAFT] Get authentication factor [API-005-010-006-0206]

Owned by Mykhailo Troinin (SoE eHealth) (Unlicensed)
Last updated: yesterday at 8:26 PM by Anastasiia Prokhorova (SoE eHealth)
1 min read

Сторінка знаходиться в процесі розробки. Інформація на ній може бути застарілою.

REST API method / Метод REST API (настанова) (remove the link block before publishing the document)

Properties of a REST API method document

Document type

Метод REST API

Document title

[DRAFT] Get authentication factor [API-005-010-006-0206]

Guideline ID

GUI-0011

Author

@Viacheslav Tybin (SoE eHealth)

Document version

1

Document status

DRAFT

Date of creation

ХХ.ХХ.ХХХХ (дата фінальної версії документа – RC або PROD)

Date of update

ХХ.ХХ.ХХХХ (дата зміни версії)

Method API ID

API-005-010-006-0206

Microservices (namespace)

IL

Component

Patient Cabinet

Component ID

COM-005-010

Link на API-специфікацію

https://ehealthmisapi1.docs.apiary.io/#reference/public.-patient-cabinet/cabinet/get-authentication-factor

Resource

{{host}}/api/cabinet/authentication_factor

Scope

person:read

Protocol type

REST

Request type

GET

Sync/Async

Sync

Public/Private

Public

Purpose

This WS allows to see 2FA number via Cabinet.

Logic

N/A

Configuration parameters

N/A

Dictionaries

N/A

Input parameters

Input parameter

Mandatory

Type

Description

Example

Input parameter

Mandatory

Type

Description

Example

1

 

 

 

 

 

2

 

 

 

 

 

Request structure

See on API-specification

Headers

Headers

Request data validation

Authorize

Request to process the request using a token in the headers.

Validate token

  • Check token existance

    • in case error return 404 - token was not found

  • Check expiration date tokens.expires_at 

    • if  tokens.expires_at < now() return 401 - access denied

  • Extract user_id from token

  • Check user scopes in order to perform this action (scope = ''person:read")

    1. Return 403 in case invalid scope(s) - "Your scope does not allow to access this resource. Missing allowances: "person:read"

Validate person

  • Check if users.is_blocked = false

    • in case error return 401 message "User blocked."

  • Check mpi.persons.status = 'active'

    • in case error return 409 message "Person is not active"

Authentication factor

  • Search authentication factor by user   

    SELECT id, type, factor, is_active, user_id FROM authentication_factors where user_id=$user_id;

Processing

N/A

Response structure examples

See on API-specification

{ "meta": { "code": 200, "url": "https://example.com/resource", "type": "object", "request_id": "6617aeec-15e2-4d6f-b9bd-53559c358f97#17810" }, "data": { "id": "d290f1ee-6c54-4b01-90e6-d701748f0851", "type": "sms", "factor": "+380881234567", "is_active": true, "user_id": "d290f1ee-6c54-4b01-90e6-d701748f0851" } }

HTTP status codes

Response code

HTTP Status code

Message

Internal name

Description

Response code

HTTP Status code

Message

Internal name

Description

1

Базові

2

 

200

Response

 

 

3

 

401

Access denied

 

 

4

 

401

User blocked

 

 

5

 

403

Your scope does not allow to access this resource. Missing allowances: "person:read"

Validation failed

 

6

 

404

Token was not found

Validation failed

 

7

 

409

Person is not active

Validation failed

 

8

Специфічні

9

 

 

 

 

 

Post-processing processes

N/A

Technical modules where the method is used

Название

ID ТМ

Статус

Название

ID ТМ

Статус

RC-V.2.1 [TM-011] Відхилення ЕР фармацевтом

TM0112

 

RC-V.2.1 [TM-011] Відхилення ЕР фармацевтом

 

 

ЕСОЗ - публічна документація