1 Purpose
2 Specification
3 Logic
4 Request structure
5 Authorize
6 Request data validation
- 6.1 Validate legal entity
- 6.2 Validate request
  - 6.2.1 Validate query params
7 Processing
8 Response structure
9 HTTP status codes

Purpose

This method allows to search for a Person (MPI).

Specification

Link	-	Посилання на Apiary або Swagger
Resource	/graphql	Посилання на ресурс, наприклад: /api/persons/create
Scope	person:read	Scope для доступу
Components	Patient registry	Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription
Microservices	mpi/api il/api (rpc) fe/admin-web	Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC
Protocol type	GraphQL	Тип протоколу, який використовується запитом, наприклад: SOAP \| REST
Request type	POST	Тип запиту API, наприклад: GET, POST, PATCH…
Sync/Async	Sync	Метод є синхронним чи асинхронним?
Public/Private/Internal	Private	Потрібно зазначити тип методу за ступенем доступності

Logic

This is a graphQl query method used in Administration panel only to search for a Person . Only authenticated and authorized NHS employee with appropriate scope can search for a persons. User can filter list by search params.

Request structure

Example:

{"query":"query SearchPersonsQuery($first: Int $last: Int $before: String $after: String $filter: PersonFilter! $orderBy: PersonOrderBy) {persons(first: $first filter: $filter orderBy: $orderBy before: $before after: $after last: $last) {nodes {...Persons __typename } pageInfo {...PageInfo __typename} __typename}} fragment Persons on Person {id databaseId firstName lastName secondName birthDate unzr taxId insertedAt status updatedAt verificationStatus verificationDetails {dracsDeath { unverifiedAt verificationReason verificationStatus __typename } drfo { verificationReason verificationStatus __typename } manualRules { verificationReason verificationStatus __typename } __typename }} fragment PageInfo on PageInfo { endCursor hasNextPage hasPreviousPage startCursor __typename } ",
"variables":{
  "first":10,
  "filter":{
    "identity":{
      "lastName":"Сироїд",
      "firstName":"Павло"
      },
    "personal":{
      "authenticationMethod":{
        "phoneNumber":"+380941455543"
        }
      }
    }
  }
}

Authorize

Request to process the request using a token in the headers

Verify the validity of access token
1. Return 401 in case validation fails
Verify that token is not expired
1. in case of error - return (401, 'Invalid access token')
Check user scopes
1. person:read in order to search person
  1. Return 403 in case invalid scope(s) "Your scope does not allow to access this resource. Missing allowances: person:read“

Request data validation

Validate legal entity

Extract client_id from token.
Check legal entity status (status = ACTIVE)
- In case of error - return 409 ('client_id refers to legal entity that is not active')

Validate request

Validate query params

Parameters that could be sent to mpi from admin search:

tax_id
id
first_name + last_name + phone_number (phone number in authentification_method='OTP')
first_name + last_name + birth_date
document type & number + phone_number (phone number in authentification_method='OTP')
document type & number + birth_date
status (optional)
- if no status sent return all statuses

Processing

Render persons array with results that match the search params. Return empty array if no data found

Response structure