ЕСОЗ - публічна документація

[DRAFT] Create/Update Legal Entity V2 [API-005-009-002-0178]

Сторінка знаходиться в процесі розробки. Інформація на ній може бути застарілою.

https://e-health-ua.atlassian.net/wiki/spaces/EN/pages/17591304241 (remove the link block before publishing the document)

Document type

Метод REST API

Document title

[DRAFT] Create/Update Legal Entity V2 [API-005-009-002-0178]

Guideline ID

GUI-0011

Author

@

Document version

1

Document status

DRAFT

Date of creation

ХХ.ХХ.ХХХХ (дата фінальної версії документа – RC або PROD)

Date of update

ХХ.ХХ.ХХХХ (дата зміни версії)

Method API ID

API-005-009-002-0178

Microservices (namespace)

IL

Component

Legal Entities

Component ID

COM-005-009

Link на API-специфікацію

https://ehealthmisapi1.docs.apiary.io/#reference/dummy-methods/dummy-for-legal-entity/create/update-legal-entity-v2

Resource

{{host}}/api/v2/legal_entities

Scope

legal_entity:write

Protocol type

REST

Request type

PUT

Sync/Async

Sync

Public/Private

Public

Purpose

This WS is designed to create legal entities in eHealth system or update existing ones.

Key points

  1. This is a REST method used by MIS

  2. Legal entity request must be signed with DS

  3. This is a second version of create / update legal entity endpoint. Main differences from version 1 are descriped below

Main diffenrences from V1

  1. Legal entity types and licenses are created/updated one by one, i.e. one legal entity type and one license are accepted in one call

  2. medical_services_providers structure is removed, accreditation parameter is moved to edr_legal_entities table

  3. legal entity type calculation rules are removed

  4. Validation and merge of kveds step is removed

  5. Mithrill AuthAPI call is changed

  6. MIS verification is removed

  7. Suspend contract on name change is removed

  8. Owner employee can be updated 

Logic

  1. Search for existing legal entity in PRM DB based on data from request:

    1. legal_entities.edrpou = $.edrpou

    2. legal_entities.type = $.type

    3. legal_entities.status = ‘ACTIVE’ or ‘SUSPENDED’

  2. If such legal entity is not found, proceed to Create legal entity process

  3. If such legal entity is found, proceed to Update legal entity process

Create legal entity

  1. Save signed content to media storage.

  2. Get detailed data from EDR for active EDR record of legal entity (described at EDR data validation )

  3. Create or update edr_data record based on logic:

    1. If active EDR record of legal entity exists in edr_data table in PRM DB (edr_data.edr_id = $.id of EDR response), update record in edr_data table with following fields from EDR response:

      1. name = names.display

      2. short_name = names.short

      3. public_name = names.name

      4. legal_form = olf_code

      5. kveds = activity_kinds

      6. registration_address = address

      7. updated_by = consumer_id from MIS API token

      8. updated_at = now()

    2. If active EDR record of legal entity does not exist in edr_data table in PRM DB (edr_data.edr_id = $.id of EDR response), create new record in edr_data table with following fields from EDR response:

      1. id = generate (uuid)

      2. edr_id = id

      3. name = names.display

      4. short_name = names.short

      5. public_name = names.name

      6. legal_form = olf_code

      7. kveds = activity_kinds

      8. registration_address = address

      9. is_active = true

      10. inserted_by = consumer_id from MIS API token

      11. updated_by = consumer_id from MIS API token

      12. inserted_at = now()

      13. updated_at = now()

  4. Generate legal_entity_id that will be used also as client_id

  5. Create new record in legal_entities table in PRM DB according to received request, also add following fields:

    1. id = legal_entity_id

    2. name = edr_data.name from created EDR data record

    3. public_name = edr_data.public_name from created EDR data record

    4. short_name = edr_data.short_name from created EDR data record

    5. status = value according to LEGAL_ENTITY_CREATE_STATUS chart parameter (described at Legal Entities configurable parameters )

    6. is_active = true

    7. inserted_by = consumer_id from MIS API token

    8. updated_by = consumer_id from MIS API token

    9. inserted_at = now()

    10. updated_at = now()

    11. created_by_mis_client_id = client_id from MIS API token

    12. nhs_unverified_at = now()

    13. nhs_verified = false

    14. nhs_reviewed = false

    15. edr_data_id = edr_data.id from created EDR data record

  6. Create new record in licenses table in PRM DB according to received request, also add following fields:

    1. is_primary = true

    2. legal_entity_id = legal_entities.id

    3. is_active = true

    4. inserted_by = consumer_id from MIS API token

    5. updated_by = consumer_id from MIS API token

    6. inserted_at = now()

    7. updated_at = now()

  7. Create employee request for owner according to Create employee request v2

  8. Create client details and connection in MITHRIL DB:

    1. Generate client record using legal_entities.id in MITHRIL DB.

    2. Get consumer_id from MIS API token

    3. Create client connection in MITHRIL DB for client and consumer

  9. Create response with following data

    1. Legal entity, primary license and edr data details

    2. Created employee request id

    3. Client connection details

Update legal entity

  1. Save signed content to media storage

  2. Get detailed data from EDR for active EDR record (described at EDR data validation )

  3. Create or update edr_data record based on logic:

    1. If active EDR record of legal entity exists in edr_data table in PRM DB (edr_data.edr_id = $.id of EDR response) and corresponds to legal entity that is being updated (legal_entities.edr_data_id=edr_data.id), update record in edr_data table with following fields from EDR response:

      1. name = names.display

      2. short_name = names.short

      3. public_name = names.name

      4. legal_form = olf_code

      5. kveds = activity_kinds

      6. registration_address = address

      7. updated_by = consumer_id from MIS API token

      8. updated_at = now()

    2. If active EDR record of legal entity does not exist in edr_data table in PRM DB (edr_data.edr_id = $.id of EDR response), create new record in edr_data table with following fields from EDR response:

      1. id = generate (uuid)

      2. edr_id = id

      3. name = names.display

      4. short_name = names.short

      5. public_name = names.name

      6. legal_form = olf_code

      7. kveds = activity_kinds

      8. registration_address = address

      9. is_active = true

      10. inserted_by = consumer_id from MIS API token

      11. updated_by = consumer_id from MIS API token

      12. inserted_at = now()

      13. updated_at = now()

  4. If edr_data.state is not in ACTIVE_EDR_STATES chart parameter, update legal entity status in legal_entities table (PRM DB):

    1. status = ‘SUSPENDED’

    2. status_reason = 'MANUAL_LEGAL_ENTITY_STATUS_UPDATE'

  5. If legal entity status was changed to SUSPENDED:

    1. terminate related capitation contract requests

    2. suspend related capitation contracts

  6. Update license with following logic:

    1. If $.license_id is null then

      1. Check if any attribute has changed comparing request and licenses data. If any, then:

        1. Update license data in licenses table (PRM DB) according to received request for is_primary license record, additionally:

          1. updated_by = consumer_id from MIS API token

          2. updated_at = now()

        2. For legal entity record in legal_entities related to the primary license, update following parameters in PRM DB:

          1. set nhs_reviewed = false

          2. set nhs_verified = false

          3. set nhs_unverified_at = now()

    2. If $.license_id is not null then skip license update

  7. Update legal_entities data in PRM DB according to received request, also update following fields:

    1. name = edr_data.name from created EDR data record (if edr_data was updated)

    2. public_name = edr_data.public_name from created EDR data record (if edr_data was updated)

    3. short_name = edr_data.short_name from created EDR data record (if edr_data was updated)

    4. updated_by = consumer_id from MIS API token

    5. updated_at = now()

    6. edr_data_id = edr_data.id from created EDR data record (if edr_data was updated)

  8. Create employee request for owner according to Create employee request v2

  9. Update client details and connection in MITHRIL DB:

    1. Get consumer_id from MIS API token

    2. Create new client connection in MITHRIL DB for client and consumer_id

  10. Create response with following data

    1. Legal entity, primary license and edr data details

    2. Created employee request id

    3. Client connection details

  11. Update accreditation with following logic:

    1. if "category": "NO_ACCREDITATION" than check if only required fields are filled, also update following fields:

      1. “issued_date” set null

      2. “expiry_date" set null

      3. “order_date" set null

    2. if it is another category- update all fields with the values ​​they were filled with

Configuration parameters

N/A

Dictionaries

N/A

Input parameters

Input parameter

Mandatory

Type

Description

Example

Input parameter

Mandatory

Type

Description

Example

1

 

 

 

 

 

2

 

 

 

 

 

Request structure

See on API-specification

{ "signed_legal_entity_request": "...", "signed_content_encoding": "base64" }

Headers

Headers

Request data validation

Authorize

  • Verify that MIS API token exists in request

    • in case of error - return 401 (“Api key is not set")

  • Verify the validity of MIS API token

    • in case of error - return 401 (“Invalid api key”)

  • Verify that MIS API token is not expired

    • in case of error - return 401 (“Invalid api key”)

  • Check MIS scopes in order to perform this action (scope = 'legal_entity:write')

    • return 403 (“Your scope does not allow to access this resource. Missing allowances: legal_entity:write”) in case of invalid scope(s)

Validate Digital signature

  • Validate decoded input data is signed

    • in case of error - return 422 (“document must contain 1 signature and 0 stamps but contains 0 signatures and 0 stamps”)

  • Check DS is valid and not expired

  • Check that Last Name from DS and Owner last_name from request matches

    • in case of error - return 422 (“Does not match the signer last name“)

  • If EDRPOU in Certificate details exists and not empty

    • Check that EDRPOU in Certificate details is valid according to ([0-9]{8,10}|[А-ЯЁЇIЄҐ]{2}\d{6}) regular expression

      • in case of error - return 422 (“string does not match pattern")

    • Check that EDRPOU in Certificate details is equal to $.edrpou in payload

      • in case of error - return 422 (“EDRPOU does not match legal_entity edrpou“)

  • If EDRPOU in Certificate details is empty and if DRFO in Certificate details exists and not empty

    • Check that DRFO in Certificate details is valid according to ([0-9]{9,10}|[А-ЯЁЇIЄҐ]{2}\d{6}) regular expression

      • in case of error - return 422 (“string does not match pattern")

    • Check that DRFO in Certificate details is equal to $.edrpou in payload

      • in case of error - return 422 (“DRFO does not match signer drfo“)

  • If EDRPOU and DRFO in Certificate details are empty - return 422 (“EDRPOU and DRFO is empty in digital sign“)

Validate request

  • Validate request using JSON schema

    • in case of error - return 422

  • Validate decoded input data $.signed_legal_entity_request using JSON schema

    • in case of error - return 422

  • Validate uniqueness of object for arrays

    • $.phones (one unique $.phones.type per array)

    • $.owner.phones (one unique $.owner.phones.type per array)

    • $.owner.documents (one unique $.owner.documents.type per array)

      • in case of error - return 422 (“No duplicate values.”)

Validate residence address

  • Check that $.residence_address.settlement_id exists in uadresses resource

    • in case of error - return 422 (“settlement with id = $.residence_address.settlement_id does not exist“)

  • Check that $.residence_address.settlement corresponds to settlement_name by settlement_id in uadresses resource

    • in case of error - return 422 (“invalid settlement value“)

  • Check that $.residence_address.area corresponds to area_name by settlement_id in uadresses resource

    • in case of error - return 422 (“invalid area value“)

Validate owner

Validate tax_id

  • If $.owner.no_tax_id does not exists in request or exists and equals false, check that $.owner.tax_id is valid according to ^[0-9]{10}$ regular expression

    • in case of error - return 422 (“invalid tax_id value“)

  • If $.owner.no_tax_id equals true, check that $.owner.tax_id is valid according to ([0-9]{9}|[А-ЯЁЇIЄҐ]{2}\d{6}) regular expression

    • in case of error - return 422 (“invalid tax_id value”)

Validate birth date

  • Check that $.owner.birth_date is greater than MIN_BIRTH_DATE chart parameter

    • in case of error - return 422 (“invalid birth_date value”)

  • Check that owners age is greater than MIN_AGE chart parameter

    • in case of error - return 422 (“invalid birth_date value”)

Validate owners position

Validate existing owner

Existing owner must be validated only if $.owner.employee_id is passed in request.

  • Check that employee with id = $.owner.employee_id exists in PRM DB

    • in case of error - return 422 (“Employee not found“)

  • Check that employee with id = $.owner.employee_id corresponds to Legal entity from payload

    • in case of error - return 409 (“Employee doesn't belong to your legal entity“)

  • Check that employee with id = $.owner.employee_id is an employee with employee_type = ‘OWNER’ or ‘PHARMACY_OWNER’

    • in case of error - return 409 (“Invalid employee type”)

  • Check that employee with id = $.owner.employee_id is an employee with status = ‘APPROVED’ and is_active = true

    • in case of error - return 409 (“Invalid employee status“)

  • Check $.owner.tax_id from request is equal to parties.tax_id for $.owner.employee_id

    • in case of error - return 409 (“tax_id doesn't match“)

  • Check $.owner.tax_id from request is not empty if parties.tax_id for $.owner.employee_id is not empty:

    • in case of error - return 422 (“required property tax_id was not present“)

  • Check $.owner.birth_date from request is equal to parties.birth_date of $.owner.employee_id

    • in case of error - return 409 (“birth_date doesn't match“)

  • If parties.no_tax_id for $.owner.employee_id is true check $.owner.tax_id from request:

    • $.owner.tax_id is valid according to ([0-9]{9}|[А-ЯЁЇIЄҐ]{2}\d{6}) regular expression

      • in case of error - return 422 (“string does not match pattern \"^([0-9]{9,10}|[А-ЯЁЇIЄҐ]{2}\\d{6})$\"”)

Validate legal entity with EDR

  • If new legal entity is created or legal entity with empty edr_data_id is updated

    • Check that legal entity $.edrpou exists in EDR

      • in case of error - return 422 (“Provided EDRPOU is not active in EDR”)

    • Check that there is only one active record in EDR for legal entity $.edrpou

      • in case of error - return 422 (“More than 1 active entities in EDR“)

Validate license

Check license according to the schema below.

License from request must be validated with related primary license (licenses.is_primary=true where licenses.legal_entity_id=legal_entities.id).

image2019-4-24_19-37-2.jpg

Check if license is needed for legal entity type is performed based on LEGAL_ENTITY_<LEGAL_ENTITY_TYPE>_PRIMARY_LICENSE_TYPES chart parameter (described at Legal Entities configurable parameters )

Processing

Save signed content

Generate RESOURCE_NAME for signed content

Generate RESOURCE_ID for Legal Entity

Invoke Media Content Storage to get upload URL for the document

 

Parameter

Source

 

Parameter

Source

action

'PUT'

bucket

'LEGAL_ENTITIES'

resource_id

:RESOURCE_NAME

resource_name

:RESOURCE_ID

Refresh EDR data

  1. Get detailed data from EDR for active EDR record: call EDR data validation using id, received on step EDR Validation.

  2. Create or Update record in prm.edr_data for active EDR record data.

Search Legal Entity using EDRPOU from Signer Certificate

Search Legal Entity in prm.legal_entities using EDRPOU from Signer Certificate where legal_entities.type = Request: $.type and status = active or suspended

If Legal Entity not found go to Generate client and legal entity identifier

If Legal Entity found go to Update Client in Auth

Update Client in Auth

Update Redirect URI

Update Legal Entity

See Service specification

Create/Update licenses

  1. If $.license_id is not null then

    1. Check if any attribute has changed comparing request and prm.licenses data. If any, then:

      1. For each record in prm.legal_entities related to the license:

        1. If nhs_reviewed = true reset it to false

        2. If nhs_verified = true

          1. reset it to false

          2. set nhs_verified_change_date to current date

    2.  Update prm.licenses data according to received request

  2.  If $.license_id is null then create new record according to received request

    1. link license and edr_data record

Update legal_entities

  1. Update prm.legal_entities data according to received request

    1. link to the license if license_id is not null 

    2. populate updated_by, updated_at

  2. If nhs_reviewed = true reset it to false

  3. If nhs_verified = true reset it to false and set nhs_verified_change_date to current date

Update LE official name

Extract official name from Digital signature. 

  • Update `legal_entities.public_name` in prm with official name from Digital signature

  • Update `clients.name` in mithril with official name from Digital signature  

Update Contract Request

Find contract requests related to current legal entity in status = NEW, APPROVED, PENDING_NHS_SIGN, NHS_SIGNED, set status = 'TERMINATED', status_reason "Legal Entity Data has changed"

Generate client and legal entity identifier

Generate UUID as client identifier and legal entity identifier

Create client and connection in Auth

  1. Invoke Auth API (idempotent PUT) to register new client and generate client secret key 

  2. Determine MIS_ID (consumer_id) using api-key

  3. Invoke Put client connection in order to UpSet connection in Mithril for this client and consumer

Create new Legal Entity

See Service specification

Create/Update licenses

  1. If $.license_id is not null then

    1. Check if any attribute has changed comparing request and prm.licenses data. If any, then:

      1. For each record in prm.legal_entities related to the license:

        1. If nhs_reviewed = true reset it to false

        2. If nhs_verified = true

          1. reset it to false

          2. set nhs_verified_change_date to current date

    2.  Update prm.licenses data according to received request

  2.  If $.license_id is null then create new record according to received request

    1. link license and edr_data record

Populate legal_entities table

  1. Create new record according to received request

    1. Link it to the license

    2. Link it to edr_data record

  2. Set  `nhs_reviewed` and `nhs_verified` to false

  3. Set status = active suspended

  4. Set nhs_verified_change_date to current date

Save LE official name

Extract official name from Digital signature. 

  • Save LE official name to prm DB = legal_entities.public_name

  • Save LE official name to mithril DB = clients.name 

Data sources which are using during creation of prm.legal_entities

Register employee

Create or update new employee request with employee_type == 'OWNER'

Init Create employee request V2

Mapping

Parameter

Source

Parameter

Source

employee_id

Request: $.employee_id

legal_entity_id

Generated previously

employee_type

Const: OWNER

position

Request: $.owner.position

status

Const: ACTIVE

start_date

now()

party

Request: $.owner

Response structure examples

See on API-specification

{ "meta": { "code": 200, "url": "https://example.com/resource", "type": "object", "request_id": "req-adasdoijasdojsda" }, "data": { "id": "b075f148-7f93-4fc2-b2ec-2d81b19a9b7b", "edr": { "id": "b075f148-7f93-4fc2-b2ec-2d81b19a9b7b", "name": "Клініка Ноунейм", "short_name": "Ноунейм", "public_name": "Ноунейм", "legal_form": "140", "edrpou": "54323454", "kveds": [ { "name": "Діяльність лікарняних закладів", "code": "86.10", "is_primary": true } ], "registration_address": { "zip": "02090", "country": "УКРАЇНА", "address": "Волинська обл., місто Луцьк ВУЛИЦЯ КОНЯКІНА буд. 14 кв. 144", "parts": { "atu": "Волинська обл., місто Луцьк", "atu_code": "0710100000", "street": "ВУЛИЦЯ КОНЯКІНА", "house_type": "буд.", "house": "14", "building_type": "null", "building": "``", "num_type": "кв.", "num": "144" } }, "state": 1 }, "edrpou": "32323454", "type": "PRIMARY_CARE", "residence_address": { "type": "RESIDENCE", "country": "UA", "area": "Житомирська", "region": "Бердичівський", "settlement": "Київ", "settlement_type": "CITY", "settlement_id": "b075f148", "street_type": "STREET", "street": "вул. Ніжинська", "building": "15", "apartment": "23", "zip": "02090" }, "phones": [ { "type": "MOBILE", "number": "+380503410870" } ], "email": "email@example.com", "website": "www.msp.com.ua", "receiver_funds_code": "12345", "beneficiary": "Борисов Борис Борисович", "accreditation": { "category": "SECOND", "issued_date": "2017-02-28", "expiry_date": "2017-02-28", "order_no": "fd123443", "order_date": "2017-02-28" }, "license": { "id": "b075f148-7f93-4fc2-b2ec-2d81b19a9b7b", "type": "MSP", "license_number": "fd123443", "issued_by": "Кваліфікацйна комісія", "issued_date": "2017-02-28", "expiry_date": "2017-02-28", "active_from_date": "2017-02-28", "what_licensed": "реалізація наркотичних засобів", "order_no": "ВА43234" }, "archive": [ { "date": "2017-02-28", "place": "вул. Грушевського 15" } ], "public_offer": { "consent_text": "Consent text", "consent": true }, "status": "ACTIVE", "nhs_verified": false, "nhs_reviewed": false, "nhs_comment": "comment" }, "urgent": { "security": { "secret_key": "secret_key", "client_id": "client_id", "redirect_uri": "redirect_uri" }, "employee_request_id": "d098aee7-5ab3-4a24-a6ba-811f9cf94c6d" } }

HTTP status codes

Response code

HTTP Status code

Message

Internal name

Description

Response code

HTTP Status code

Message

Internal name

Description

1

Базові

2

 

200

Response

 

 

3

 

401

Api key is not set

 

 

4

 

401

Invalid api key

 

 

5

 

403

Your scope does not allow to access this resource. Missing allowances: legal_entity:write

 

 

6

 

409

birth_date doesn't match

 

 

7

 

409

Invalid employee status

 

 

8

 

409

Invalid employee type

 

 

9

 

409

Employee doesn't belong to your legal entity

 

 

10

 

409

tax_id doesn't match

 

 

11

 

422

document must contain 1 signature and 0 stamps but contains 0 signatures and 0 stamps

 

 

12

 

422

Does not match the signer last name

 

 

13

 

422

DRFO does not match signer drfo

 

 

14

 

422

EDRPOU does not match legal_entity edrpou

 

 

15

 

422

Employee not found

 

 

16

 

422

EDRPOU and DRFO is empty in digital sign

 

 

17

 

422

invalid owner position value

 

 

18

 

422

invalid birth_date value

 

 

19

 

422

invalid tax_id value

 

 

20

 

422

invalid area value

 

 

21

 

422

invalid settlement value

 

 

22

 

422

More than 1 active entities in EDR

 

 

23

 

422

No duplicate values.

 

 

24

 

422

Provided EDRPOU is not active in EDR

 

 

25

 

422

required property tax_id was not present

 

 

26

 

422

settlement with id = $.residence_address.settlement_id does not exist

 

 

27

 

422

string does not match pattern

 

 

28

 

422

Validate request using JSON schema

failed

 

 

29

 

422

Validate decoded input data $.signed_legal_entity_request using JSON schema failed

 

 

30

Специфічні

31

 

 

 

 

 

Post-processing processes

N/A

Technical modules where the method is used

N/A

 

ЕСОЗ - публічна документація