Properties of a REST API method document

Document type	Метод REST API
Document title	[DRAFT] REST API Verify approval [API-001-001-001-0002]
Guideline ID	GUI-0011
Author	@
Document version	1
Document status	DRAFT
Date of creation	ХХ.ХХ.ХХХХ (дата фінальної версії документа – RC або PROD)
Date of update	ХХ.ХХ.ХХХХ (дата зміни версії)
Method API ID	API-001-001-001-0002
Microservices (namespace)	ABAC
Component	Approvals/ABAC
Component ID	COM-001-001
Link на API-специфікацію	MEDICAL EVENTS MIS API · Apiary
Resource	{{host}}/api/patients/{{patiend_id}}/approvals/{{id}}
Scope	approval:create
Protocol type	REST
Request type	PATCH
Sync/Async	Sync
Public/Private	Public

Purpose

This WS is designed to verify approval on entity, which aggregate other entities (episode_of_care, diagnostic_report, care_plan), OR forbidden group OR diagnoses group, OR on service_request including it’s permitted_resources OR on cancel for encounter and procedure OR patient.

Logic

If approval has resource != (care_plan & terms_of_service = ‘INPATIENT’ for care_plan&granted_to.employees.legal_entity_id = care_plans.managing_organization):
1. If authentication_method_current.type = OTP
  1. system checks verification code via otp_verification service PATCH /verifications/:phone_number/actions/complete
  2. if verification code matches - change is_verified to true
  3. If not - return error
  4. if resource from granted_to = employee AND access_level=read :
    1. Check if there are items Medical Events filtration by Forbidden groups#Medical-events-to-filter for entities from granted_resource and\or from reason included to the forbidden groups
      1. if there are active items from forbidden group
        create approval on each forbidden_group block whose elements appear entities from granted_resource and\or from reason
        set is_verified = true
        set reason = id of the approval which was verified
        set created_by - the same user as for approval, which is verified
        set granted_to - the same employee as for approval, which is verified
        set granted_by - the same patient as for approval, which is verified
If authentication_method_current.type = offline or null OR approval with resource = care_plan where terms_of_service = ‘INPATIENT’ for care_plan&granted_to.employees.legal_entity_id = care_plans.managing_organization::
1. change is_verified to true
Search if there exists active and not expired approvals with current patient_id, for the same granted_resources, granted_to and access_level as in request:
- If found - set for existing approvals:
  - updated_at = now()
  - updated_by = current user
  - expired_at = now()

Configuration parameters

N/A

Dictionaries

N/A

Input parameters

	Input parameter	Mandatory	Type	Description	Example

	Input parameter	Mandatory	Type	Description	Example
1	patiend_id		String	mpi_id. Required	aff00bf6-68bf-4b49-b66d-f031d48922b3
2	id		String	approval_id. Required	aff00bf6-68bf-4b49-b66d-f031d48922b3

Request structure

See on API-specification

{
  "code": 3782
}

Headers

Request data validation

Authorize

Verify the validity of access token
Check user scope approval:create in order to perform this action

Processing

N/A

Response structure examples