ЕСОЗ - публічна документація
Get Service Requests in episode context
- Olena Yermolenko
- Natalia Horodytska (SoE eHealth)
- Гліб Ущенко (Unlicensed)
Purpose
API paragraph not found
Specification
Link | Посилання на Apiary або Swagger | |
Resource | api/patients/{{patient_id}}/episodes/{{episode_id}}/service_requests/{{service_request_id}} | Посилання на ресурс, наприклад: /api/persons/create |
Scope |
| Scope для доступу |
Components |
| Зазначається перелік бізнес компонентів, які використовують цей метод, наприклад: ePrescription |
Microservices |
| Перелік мікросервісів, які використовує метод API, наприклад: Auth, ABAC |
Protocol type | REST | Тип протоколу, який використовується запитом, наприклад: SOAP | REST |
Request type | GET | Тип запиту API, наприклад: GET, POST, PATCH… |
Sync/Async |
| Метод є синхронним чи асинхронним? |
Public/Private/Internal |
| Потрібно зазначити тип методу за ступенем доступності |
Logic
Return all service requests related to specified episode of care
Find all encounters related to specified episode of care (Medical Events DB: $.encounters[*].episode.identifier.value == :episode_id)
Find all service requests related to received encounters (Medical Events DB: $.service_requests[*].context.identifier.value IN :encounters)
Input parameters
Input parameter | Values | Type | Description | Example |
|---|---|---|---|---|
patient_id |
| String | Unique patient identifier |
|
episode_id |
| String | Unique patient identifier |
|
service_request_id |
| String | Unique service request identifier |
|
Request structure
See on Apiary
Authorize
Verify the validity of access token
Return (401, 'unauthorized') in case of validation fails
Verify that token is not expired
in case of error - return (401, 'unauthorized')
Check user scopes in order to perform this action (scope = 'service_request:read')
Return (403, 'invalid scopes') in case of invalid scope(s)
Headers
Content-Type:application/json
Authorization:Bearer mF_9.B5f-4.1JqM
api-key:aFBLVTZ6Z2dON1V
X-Custom-PSK:a2aa05c76f3f2d91870f923a53cc8aa8f23bbc01a8238d1c2c26d4299715a7e4
Request data validation
Validate data consistency
Ensure that requested episode of care relates to requested patient
Return (404, 'not found') in case of error
Check user privileges
If ANY of this rules is met - user has privileges to access this data
Otherwise - access to this data is denied. Return (403, 'forbidden')
Rule 1: User who has active declaration with patient is "authorized" to manage all patient's data
If ANY employee related to this user in this legal entity has active declaration with this patient - it has the privileges to access this data
1. Get token metadata
Extract user_id, client_id, client_type
2. Determine the party_id associated with this user_id
SELECT pu.party_id
FROM party_users pu
WHERE pu.user_id = :user_id;3. Determine employees related to this party_id in current MSP
SELECT e.id
FROM employees e
WHERE e.party_id = :party_id
AND e.legal_entity_id = :client_id;4. Find patient declarations in this MSP
SELECT d.id
FROM declarations d
WHERE d.legal_entity_id = :client_id
AND d.employee_id IN (:employees)
AND d.status IN ('active', 'pending_verification')
AND d.person_id = :patient_id;Rule 2: User with active approval to this episode can view episode details and its child entities
TBD
Processing
API paragraph not found
Response structure
See on Apiary
Example:
Post-processing processes
API paragraph not found
HTTP status codes
HTTP status code | Message | What caused the error |
|---|---|---|
200 |
|
|
404 |
|
|
ЕСОЗ - публічна документація