Purpose

This method allows to find the active person's authentication methods.

Key points

Any user with appropriate scope can read information about authentication method of the person.

Specification

eHealth API · Apiary

Authorization

• Verify the validity of access token

  • Return (401, 'Invalid access token') in case of validation fails

• Verify that token is not expired

  • in case of error - return (401, 'Invalid access token')

• Check user scopes in order to perform this action (scope = 'person:read')

  • Return (403, 'Your scope does not allow to access this resource. Missing allowances: person:read ') in case of invalid scope(s)

Validation of related entities

Validate User

• Extract user_id from token.

Validation of the request

Validate Patient

• Get person_id from URL

• Validate patient status is active (status = ‘active' & is_active = 'true’)

  • in case of error - return 404 ('not found')

Service logic

• Service returns authentication method for person

• Get authentication method by person_id from person_authentication_methods

  • Return confidant_person block for THIRD_PERSON authentication method by authentication_methods.value=confidant_person_relationship.confidant_person_id

    • Mask confidant person personal information:

      • For name use combination: “{last_name} {first letter from first_name} {first letter from second_name}”

      • For phone number use already accepted masking: as example - "+38093*****85"

      • For other fields (tax_id, unzr, documents_person.number) show two last symbols only

    • In case confidant_person_relationship has no records don’t show the confidant_person block

• Render a response according to specification