ЕСОЗ - публічна документація

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

REST API method / Метод REST API (настанова) (remove the link block before publishing the document)

Properties of a REST API method document

Document type

Метод REST API

Document title

Get authentication factor

Guideline ID

GUI-0011

Author

Viacheslav Tybin (SoE eHealth)

Document version

1

Document status

DRAFT

Date of creation

ХХ.ХХ.ХХХХ (дата фінальної версії документа – RC або PROD)

Date of update

ХХ.ХХ.ХХХХ (дата зміни версії)

Method API ID

API-005-010-006-0206

Microservices (namespace)

IL

Component

Patient Cabinet

Component ID

COM-005-010

Link на API-специфікацію

https://ehealthmisapi1.docs.apiary.io/#reference/public.-patient-cabinet/cabinet/get-authentication-factor

Resource

{{host}}/api/cabinet/authentication_factor

Scope

person:read

Protocol type

REST

Request type

GET

Sync/Async

Sync

Public/Private

Public

Purpose

This WS allows to see 2FA number via Cabinet.

Logic

N/A

Configuration parameters

N/A

Dictionaries

N/A

Input parameters

Input parameter

Mandatory

Type

Description

Example

1

2

 

 

 

 

 

Request structure

See on API-specification

 Example

Headers

Headers

Request data validation

Validate token

  • Check token existance

    • in case error return 404 - token was not found

  • Check expiration date tokens.expires_at 

    • if  tokens.expires_at < now() return 401 - access denied

  • Extract user_id from token

  • Check user scopes in order to perform this action (scope = ''person:read")

    1. Return 403 in case invalid scope(s) - "Your scope does not allow to access this resource. Missing allowances: "person:read"

Validate person

  • Check if users.is_blocked = false

    • in case error return 401 message "User blocked."

  • Check mpi.persons.status = 'active'

    • in case error return 409 message "Person is not active"

Authentication factor

  • Search authentication factor by user   

    SELECT id, type, factor, is_active, user_id FROM authentication_factors where user_id=$user_id;

Processing

N/A

Response structure examples

See on API-specification

 Example
{
  "meta": {
    "code": 200,
    "url": "https://example.com/resource",
    "type": "object",
    "request_id": "6617aeec-15e2-4d6f-b9bd-53559c358f97#17810"
  },
  "data": {
    "id": "d290f1ee-6c54-4b01-90e6-d701748f0851",
    "type": "sms",
    "factor": "+380881234567",
    "is_active": true,
    "user_id": "d290f1ee-6c54-4b01-90e6-d701748f0851"
  }
}

HTTP status codes

Response code

HTTP Status code

Message

Internal name

Description

1

Базові

2

401

Access denied

3

401

User blocked

 

4

403

Your scope does not allow to access this resource. Missing allowances: "person:read"

Validation failed

5

404

Token was not found

Validation failed

6

409

Person is not active

Validation failed

7

Специфічні

8

Post-processing processes

N/A

Technical modules where the method is used

List of pages describing technical modules where the method is used

Название

ID ТМ

Статус

/wiki/spaces/ESOZ/pages/17378181218

TM0112

/wiki/spaces/YK/pages/17837688354

  • No labels

ЕСОЗ - публічна документація