ЕСОЗ - публічна документація

[DRAFT] Refresh client secret [API-009-001-006-0340]

Owned by Serhii Boldin (SoE eHealth) (Unlicensed)
Last updated: Dec 18, 2024 by Anzhela Kovalenko (SoE eHealth)
2 min read

Сторінка знаходиться в процесі розробки. Інформація на ній може бути застарілою.

 

https://e-health-ua.atlassian.net/wiki/spaces/EN/pages/17591304241 (remove the link block before publishing the document)

Properties of a REST API method document

Document type

Метод REST API

Document title

[DRAFT] Refresh client secret [API-009-001-006-0340]

Guideline ID

GUI-0011

Author

@

Document version

1

Document status

DRAFT

Date of creation

ХХ.ХХ.ХХХХ (дата фінальної версії документа – RC або PROD)

Date of update

ХХ.ХХ.ХХХХ (дата зміни версії)

Method API ID

API-009-001-006-0340

Microservices (namespace)

Mithril

Component

Mithril

Component ID

COM-009-001

Link на API-специфікацію

https://ehealthmisapi1.docs.apiary.io/#reference/public.-medical-service-provider-integration-layer/manage-client-configuration/refresh-client-secret

Resource

{{host}}/api/clients/{{id}}/connections/{{connection_id}}/actions/refresh_secret

Scope

connection:refresh_secret

Protocol type

REST

Request type

PATCH

Sync/Async

Sync

Public/Private

Public

Purpose

This method is used to refresh client secret for specified client connection Only legal entity owner can request new client secret for his own legal entity

Logic

  1. This service manages connections restricted by Client ID and context

    1. Extract client_type from token

    2. Validate specified Client ID according to context:

      1. MSP, MIS, PHARMACY - receives only its own client

        1. in case of error generate 403 response ('forbidden')

  2. Generate new secret for specified Connection ID and update it in mithril.connections for specified Connection ID

Configuration parameters

N/A

Dictionaries

N/A

Input parameters

Input parameter

Mandatory

Type

Description

Example

Input parameter

Mandatory

Type

Description

Example

1

id

 

String

Required

1380df72-275a-11e7-93ae-92361f002671

2

connection_id

 

String

Required

e5372365-d47a-467f-81d0-f35117864352

Request structure

See on API-specification

Headers

Headers

Request data validation

Authorize

  1. erify the validity of access token

    1. in case of error return 401 ('Access denied')

  2. Check user scope connection:refresh_secret in order to perform this action

    1. in case of error generate 403 response ('Invalid scopes')

Processing

N/A

Response structure examples

See on API-specification

{ "meta": { "code": 200, "url": "https://example.com/resource", "type": "object", "request_id": "6617aeec-15e2-4d6f-b9bd-53559c358f97#17810" }, "data": { "id": "df9f70ee-4b12-4740-b0f5-bb5aea116863", "client_id": "c4a6d45f-2cf2-4e6d-909a-5962604ad63b", "consumer_id": "25c03af6-69bd-439e-b0dd-f1669b3dbbfd", "redirect_uri": "https://example2.com", "secret": "ZlFOaHBTR0d3Q0hQcDEraHVYdXBVZz09" } }

HTTP status codes

Response code

HTTP Status code

Message

Internal name

Description

Response code

HTTP Status code

Message

Internal name

Description

1

Базові

2

 

200

Response

 

 

3

 

401

Access denied

 

 

4

 

403

Invalid scopes

 

 

5

 

403

Forbidden

 

 

6

Специфічні

7

 

 

 

 

 

Post-processing processes

N/A

Technical modules where the method is used

 

ЕСОЗ - публічна документація