1 Key features
2 Overview
3 DB Objects
- 3.1 connections
- 3.2 clients
4 Process changes
- 4.1 Create/Update legal entity
- 4.2 Authorize approval
- 4.3 Exchange code grant to access token
5 API
- 5.1 Get clients
  - 5.1.1 Specification
  - 5.1.2 Validation
    - 5.1.2.1 Authorization
    - 5.1.2.2 Context
    - 5.1.2.3 Prepare response
- 5.2 Get client details
  - 5.2.1 Specification
  - 5.2.2 Validation
    - 5.2.2.1 Authorization
    - 5.2.2.2 Context
    - 5.2.2.3 Prepare response
- 5.3 Get client connections
  - 5.3.1 Specification
  - 5.3.2 Validation
    - 5.3.2.1 Authorization
    - 5.3.2.2 Context
    - 5.3.2.3 Prepare response
- 5.4 Get client connection details
  - 5.4.1 Specification
  - 5.4.2 Validation
    - 5.4.2.1 Authorization
    - 5.4.2.2 Context
    - 5.4.2.3 Prepare response
- 5.5 Private. Put client connection
  - 5.5.1 Logic
- 5.6 Update client connection
  - 5.6.1 Specification
  - 5.6.2 Validation
    - 5.6.2.1 Authorization
    - 5.6.2.2 Context
    - 5.6.2.3 Request validation
    - 5.6.2.4 Logic
- 5.7 Delete client connection
  - 5.7.1 Specification
  - 5.7.2 Validation
    - 5.7.2.1 Authorization
    - 5.7.2.2 Context
    - 5.7.2.3 Logic
- 5.8 Refresh client secret
  - 5.8.1 Specification
  - 5.8.2 Validation
    - 5.8.2.1 Authorization
    - 5.8.2.2 Context
    - 5.8.2.3 Logic

Key features

During Legal Entity creation process - create new separated configuration for each consumer (MIS)
Manage different configurations for different consumers via API
Secure Client Secret - do not share Client Secret between different consumers
Handle more than one redirect_uri for each consumer

Overview

DB Objects

connections

Attribute	Type	M/O	Description

Attribute	Type	M/O	Description
id	Uuid	M	Unique record identifier
client_id	Uuid	M	id od client that provides connection. FK clients.id
consumer_id	Uuid	M	id of client that will consume connection. FK clients.id
secret	String	M
redirect_uri	String	M
inserted_at	Timestamp	M
updated_at	Timestamp	M

clients

Some fields must be removed from clients table

Attribute	Type	M/O	Description

Attribute	Type	M/O	Description
secret	String	M
redirect_uri	String	M

Process changes

Create/Update legal entity

Added new API call to create client connection

See IL.Create/Update Legal Entity

Authorize approval

redirect_uri must be validated against all connections related to client and must matches with connections.redirect_uri

Exchange code grant to access token

Validate that there is a connection related to a specified client with this secret
Validate that redirect_uri matches with redirect_uri for found connection

API

Get clients

Specification

Apiary spec

Validation

Authorization

Verify the validity of access token
1. in case of error return 401 ('Access denied')
Check user scope client:read in order to perform this action
1. in case of error generate 403 response ('Invalid scopes')

Context

This service must return list of clients filtered by context depending on client type

Extract client_type from token
Filter response:
1. Mithril Admin - receives all client records without context
2. MSP, MIS, PHARMACY - receives only its own client

Prepare response

Query data from mithril.clients using context

Get client details

Specification

Apiary spec

Validation

Authorization

Verify the validity of access token
1. in case of error return 401 ('Access denied')
Check user scope client:read in order to perform this action
1. in case of error generate 403 response ('Invalid scopes')

Context

This service must returns client details for specified ID and is restricted by context

Extract client_type from token
Validate specified ID according to context:
1. Mithril Admin - receives all client records
2. MSP, MIS, PHARMACY - receives only its own client
  1. in case of error generate 403 response ('forbidden')

Prepare response

Query data from mithril.clients using specified ID

Get client connections

Specification

Apiary spec

Validation

Authorization

Verify the validity of access token
1. in case of error return 401 ('Access denied')
Check user scope connection:read in order to perform this action
1. in case of error generate 403 response ('Invalid scopes')

Context

This service must return list of clients connections for specified client ID. Client connections are restricted by Client ID and its context

Extract client_type from token
Validate specified Client ID according to context:
1. Mithril Admin - receives all client records
2. MSP, MIS, PHARMACY - receives only its own client
  1. in case of error generate 403 response ('forbidden')

Prepare response

Query data from mithril.connections for specified Client ID
Hide secret from response

Get client connection details

Specification

Apiary spec

Validation

Authorization

Verify the validity of access token
1. in case of error return 401 ('Access denied')
Check user scope connection:read in order to perform this action
1. in case of error generate 403 response ('Invalid scopes')

Context

This service must return connections details for specified client ID and connection ID. Client connections are restricted by Client ID and its context

Extract client_type from token
Validate specified Client ID according to context:
1. Mithril Admin - receives all client records
2. MSP, MIS, PHARMACY - receives only its own client
  1. in case of error generate 403 response ('forbidden')

Prepare response

Query data from mithril.connections for specified Client ID and Connection ID
Hide secret from response

Private. Put client connection

This method is only for internal use. There is no public API to create connection (at the moment)

Logic

Generate new secret value
UpSet record in mithril.connections for specified Client ID and Consumer ID

Update client connection

Only redirect uri can be updated using this method

Specification

Apiary spec

Validation

Authorization

Verify the validity of access token
1. in case of error return 401 ('Access denied')
Check user scope connection:write in order to perform this action
1. in case of error generate 403 response ('Invalid scopes')

Context

This service manages connections restricted by Client ID and context

Extract client_type from token
Validate specified Client ID according to context:
1. MSP, MIS, PHARMACY - receives only its own client
  1. in case of error generate 403 response ('forbidden')

Request validation

Validate according JSON Schema
1. Return 422 with list of validation errors in case validation fails

Logic

Update mithril.connections for specified Connection ID and replace redirect_uri with the value from request
Hide secret from response

Delete client connection

Specification

Apiary spec

Validation

Authorization

Verify the validity of access token
1. in case of error return 401 ('Access denied')
Check user scope connection:delete in order to perform this action
1. in case of error generate 403 response ('Invalid scopes')

Context

This service manages connections restricted by Client ID and context

Extract client_type from token
Validate specified Client ID according to context:
1. MSP, MIS, PHARMACY - receives only its own client
  1. in case of error generate 403 response ('forbidden')

Logic

Delete record from mithril.connections for specified Connection ID

Refresh client secret

Specification

Apiary spec

Validation

Authorization

Verify the validity of access token
1. in case of error return 401 ('Access denied')
Check user scope connection:delete in order to perform this action
1. in case of error generate 403 response ('Invalid scopes')

Context

This service manages connections restricted by Client ID and context

Extract client_type from token
Validate specified Client ID according to context:
1. MSP, MIS, PHARMACY - receives only its own client
  1. in case of error generate 403 response ('forbidden')

Logic

Generate new secret for specified Connection ID and update it in mithril.connections for specified Connection ID