REST API method / Метод REST API (настанова) (remove the link block before publishing the document)
Properties of a REST API method document
Purpose
This process describes adding an additional authentication method to an existing person, update authentication method and delete it.
Use GET person/{id}/ authentication_method to find authentication method' id of person.
Logic
Description of the working algorithm of the API method and the interaction of services with each other add Service logic (if necessary)
Configuration parameters
Variable | Values | Description |
---|---|---|
phone_number_auth_limit |
| Check if in table person_authentication_methods with |
third_person_limit |
| In table person_auth_methods with type = |
third_person_term |
| parameter is used for calculation of ended_at data for authentication method type = THIRD_PERSON |
person_with_third_person_limit |
| In table person_auth_methods with type = THIRD_PERSON >N, then error 422 |
no_self_auth_age |
| In table person now()-birth_date <=N & person_auth_methods with type = |
cURL example
Dictionaries
AUTHENTICATION_METHOD
DOCUMENT_TYPE
Provides a list of links to dictionaries that are available in Confluence
Input parameters
Input parameter | Mandatory | Type | Description | Example | |
---|---|---|---|---|---|
1 | id |
| String | Person identifier. Required |
|
2 |
Request structure
See on API-specification
Headers
Key | Value | Mandatory | Description | Example | |
---|---|---|---|---|---|
1 | Content-Type | application/json |
| Тип контенту | Content-Type:application/json |
2 | Authorization | Bearer {access_token} |
| Перевірка користувача | Authorization:Bearer {access_token} |
3 | api-key | {secret} |
| Секретний ключ | api-key: {secret} |
Request data validation
Validate Patient
Get person_id from URL
Validate id:
Validate request
if action = deactivate
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "deactivate", "authentication_method": { "id": "057413fb-2c2e-4f33-b2d6-433469212744" } } }
if action = update
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "update", "authentication_method": { "id": "057413fb-2c2e-4f33-b2d6-433469212744", "alias": "roksolana" } } }
if action = insert
{ "$schema": "http://json-schema.org/draft-04/schema#", "type": "object", "properties": { "action": "insert", "authentication_method": { "type": "THIRD_PERSON", "value": "d12888c0-1159-4296-8f03-a592c136f673", "phone_number" : "+380656779678", "alias": "roksolana" } } }
Search auth requests by person id
To prevent requests duplication search in il.auth_method_requests.person_id = $.person_id and il.authentication_method_requests.status = NEW, then
Change status of all found person requests:
SET IL_DB.authentication_method_requests.status = 'CANCELED' WHERE IL_DB.authentication_method_requests.id IN (:LIST) |
Validate by actions
if action = deactivate
Field
type
must beTHIRD_PERSON
(where person_auth_method.id = $authentication_method.id), else return error 422“Only THIRD_PERSON authentication method type could be deactivated
"Check this auth_method is not primary & there are more than one authentication method for person:
in case of error return 422, “
You can't deactivate the last authentication method
“
Check if authentication_method_current != NA, else return error 422 “
Person can't be authorized with NA authentication method
"Validate that auth_method is active ( person_authentication_methods.ended_at > now())
in case error return
422
, “Authentication method isn’t active”
if action = update
validate authentication_methods.id belong to this person. Search auth method of this person where MPI.person_authentication_method.person_id = $.person.id
in case error return 422, "such authentication method does not belong to this person"
alias
is required.Check if authentication_method_current != NA, else return error 422 “
Person can't be authorized with NA authentication method
"
if action = insert
if type = OTP ,
phone_number
is required andvalue
shouldn’t be set. And fieldalias
is optional.validate that person.age >global_parameters.no_self_auth_age
validate that il.authentication_method_request.authentication_method.phone_number is in DB.VERIFICATION.VERIFIED_PHONES
if type = OFFLINE
phone_number
andvalue
shouldn’t be set . And fieldalias
is optional.validate that person.age > global_parameters.no_self_auth_age
auth_method_current != OFFLINE
error - "
Person already has auth method OFFLINE
"
auth_method_current = OTP ( if config AUTH_REQUEST_SECURITY_REDUCTION = false)
error -
Person cannot set OFFLINE auth method if person had OTP
if type = THIRD_PERSON
value
,phone_number
,alias
are requiredValidate value:
validate person.id is UUID
in case error return
422
search person by person.id in MPI
in case error return
404
, "such person doesn't exist"
search person by person.id in MPI and validate that is_active = true & status = active, else:
in case error return 422, "third person must be active"
search third_person.age > prm.global_parameters.no_self_auth_age years:
in case error return 422, "
Incorrect person age for such an action
"
validate third_person.auth_method != (MPI.person_auth_methods.ended_at <= now())
in case error return 422, "third person must has auth method OTP or OFFLINE"
Validate
phone_number
with mpi.person_auth_method.phone_number where mpi.person_auth_method.person_id = auth_method_request.authentication_method.valueauth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now())
if config
THIRD_PERSON_OFFLINE
= False - validate that third_person has self method = OTP, else:error
THIRD PERSON can't have OFFLINE self auth method type
validate if THIRD_PERSON != person, else return error 422
Person can't add himself as THIRD_PERSON
validate if person’s authentication method with type THIRD_PERSON with the same value, else return error 422
Such person id is already used in existing person's authorization methods
check if person have authentication method with type THIRD_PERSON less
person_with_third_person_limit
times, else return error 422,Limit of authentication methods with THIRD_PERSON type is exhausted
Processing
Set auth_method_current
Set default auth method of person on IL.auth_method_request.auth_method_current - use function in mpi, that return primary auth method.
Validate that auth_method_current != null (null is set if MPI.person_auth_methods.ended_at <= now()) if
action = deactivate
action = update
action = insert and type= THIRD_PERSON and person.age>no_self_auth_method
else error - “
Person can't be authorized with NA authentication method
“
Generate verification code
If auth_method_requests.auth_method_current = OTP
Invoke Initialize OTP to generate one time password and send it where auth_method_requests.auth_method_current = OTP.
cURL example
Generate upload URL
If auth_method_requests.auth_method_current = OFFLINE
Generate URL's with type person.{$.person.documents.[:].type} (or Generate URL's with type third_person.{$.third_person.documents.[:].type})
If action = insert
and il.auth_method_request.authentication_method.type = OFFLINE:
Generate URL's with type person.{$.person.documents.[:].type}
Response structure examples
See on API-specification
HTTP status codes
Response code | HTTP Status code | Message | Internal name | Description | |
---|---|---|---|---|---|
1 | Базові | ||||
2 | 201 | Response | |||
3 | 404 | Such person doesn't exist | |||
4 | 409 | Such person isn't active | |||
5 | 422 | Authentication method isn’t active | |||
6 | 422 | Incorrect person age for such an action | |||
7 | 422 | Limit of authentication methods with THIRD_PERSON type is exhausted | |||
8 | 422 | Only THIRD_PERSON authentication method type could be deactivated | |||
9 | 422 | Person can't add himself as THIRD_PERSON | |||
10 | 422 | Person can't be authorized with NA authentication method | |||
11 | 422 | Such a phone already exists more N times | |||
12 | 422 | Such authentication method does not belong to this person | |||
13 | 422 | Such person cannot have self authentication method | |||
14 | 422 | Such person id is already used in existing person's authorization methods | |||
15 | 422 | This fiduciary person is present more than N times in the system | |||
16 | 422 | Third person must be active | |||
17 | 422 | Third person must has auth method OTP or OFFLINE | |||
18 | 422 | Unverified phone number | |||
19 | 422 | You can't deactivate the last authentication method | |||
20 | Специфічні | ||||
21 |
Post-processing processes
Description of actions performed on data after processing
Technical modules where the method is used
List of pages describing technical modules where the method is used