PIS. Get Approval details (apps)

Purpose

This WS is designed to show active approval details in PIS made by the user to different clients.

Key points

1. Only active approvals are returned.

2. Service must return only user-related approvals.

Specification

Apiary

Authorization

• Verify the validity of access token

  • in case of error - return 401 (“Invalid access token”)

• Verify that token is not expired

  • in case of error - return 401 (“Invalid access token”)

• Check user scopes in order to perform this action (scope = app:read_pis)

  • return 403 (“Your scope does not allow to access this resource. Missing allowances: app:read_pis”) in case of invalid scope(s)

Validate request

Validate x-consumer-id (user)

• Ensure that header x-consumer-id passed to request

  • in case of error - return 401 ('Unauthorized')

Validate approval

• Check that approval from URL

  • exists in mithril database, apps table

  • belongs to patient

    • in case of error - return 404 ('Approval not found')

Service logic

1. Get user_id from token (x-consumer-id header).

2. Get approval from mithril database, apps table, using user_id and approval id as query params.

3. Render response according to specification.