/
[DRAFT] REST API Get approvals [API-001-001-001-0004]

ЕСОЗ - публічна документація

[DRAFT] REST API Get approvals [API-001-001-001-0004]

Owned by Kateryna Yakovleva
Last updated: Jan 03, 2025 by Anzhela Kovalenko (SoE eHealth)
3 min read

Сторінка знаходиться в процесі розробки. Інформація на ній може бути застарілою.

https://e-health-ua.atlassian.net/wiki/spaces/EN/pages/17591304241 (remove the link block before publishing the document)

Properties of a REST API method document

Document type

Метод REST API

Document title

[DRAFT] REST API Get approvals [API-001-001-001-0004]

Guideline ID

GUI-0011

Author

@

Document version

1

Document status

DRAFT

Date of creation

ХХ.ХХ.ХХХХ (дата фінальної версії документа – RC або PROD)

Date of update

ХХ.ХХ.ХХХХ (дата зміни версії)

Method API ID

API-001-001-001-0004

Microservices (namespace)

ABAC

Component

Approvals/ABAC

Component ID

COM-001-001

Link на API-специфікацію

https://medicaleventsmisapi.docs.apiary.io/#reference/approvals/get-approvals/get-approvals

Resource

{{host}}/api/patients/{{patient_id}}/approvals

Scope

approval:read

Protocol type

REST

Request type

GET

Sync/Async

Sync

Public/Private

Public

Purpose

This WS intended to get a list of patient approvals filtered by search params.

Logic

Method for receiving a list of patient approvals. It is allowed only for the doctor who has an active declaration with a patient from url (can get all approvals) or approval is granted to user (can get own approval).

Filters

Filter

Values

Type

Description

Example

Filter

Values

Type

Description

Example

patient_id

 

String

identifier of the patient

7c3da506-804d-4550-8993-bf17f9ee0402

granted_to

 

String

identifier of the employee or legal entity to whom access has been granted

7c3da506-804d-4550-8993-bf17f9ee0402

granted_resources

 

String

identifier of the entity for which the approval was created

7c3da506-804d-4550-8993-bf17f9ee0400

granted_resource_type

 

String

entity type for which the approval was created

diagnostic_report

status

 

String

status of approval

active

reason

 

String

type and identifier of entity based on which approval has been created

7c3da506-804d-4550-8993-bf17f9ee0401

access_level

 

String

access level to data

read

page

 

Number

Page number

2

page_size

 

Number

A limit on the number of objects to be returned, between 1 and 100. Default: 50

50

Service Logic

Service returns all approvals related to the patient filtered by submitted parameters:

  • Get all approvals by patient_id from approvals collection (MongoDB)

  • Filter list above by submitted search parameters

  • Render a response according to specification.

Configuration parameters

N/A

Dictionaries

N/A

Input parameters

Input parameter

Mandatory

Type

Description

Example

Input parameter

Mandatory

Type

Description

Example

1

 

 

 

 

 

2

 

 

 

 

 

Request structure

See on API-specification

Headers

Headers

Request data validation

Authorize

  • Verify the validity of access token

    • Return (401, 'Invalid access token') in case of validation fails

  • Verify that token is not expired

    • in case of error - return (401, 'Invalid access token')

  • Check user scopes in order to perform this action (scope = 'approval:read')

    • Return (403, 'Your scope does not allow to access this resource. Missing allowances: approval:read') in case of invalid scope(s)

Request to process the request using a token in the headers

Validate Patient

  • Get Patient identifier from the URL

  • Check it exists in DB

    • Return 404 ('Person is not found') in case of error

Validate Approval

  • Get Approval identifier from the URL

  • Check it exists in DB

    • Return 404 ('not found') in case of error

Validate User

  • Extract user_id from token.

  • Check user has an active declaration with a patient from URL (can get all approvals) or approval is granted to user (can get own approval: granted_to OR created_by):

    • Return 200 with empty array in case the employee doesn't have an active declaration with the patient or approval is granted to user

Processing

Response structure examples

See on API-specification

Example:

{ "meta": { "code": 200, "url": "http://example.com/resource", "type": "object", "request_id": "req-adasdoijasdojsda" }, "data": { "id": "d5a5d991-0bf7-476f-b3cf-bec73f044b2e", "granted_resources": [ { "identifier": { "type": { "coding": [ { "system": "eHealth/resources", "code": "episode_of_care" } ] }, "value": "d5a5d991-0bf7-476f-b3cf-bec73f044b2e" }, "display_value": "null" } ], "granted_to": { "identifier": { "type": { "coding": [ { "system": "eHealth/resources", "code": "employee" } ] }, "value": "9183a36b-4d45-4244-9339-63d81cd08d9c" }, "display_value": "null" }, "reason": { "identifier": { "type": { "coding": [ { "system": "eHealth/resources", "code": "service_request" } ] }, "value": "9183a36b-4d45-4244-9339-63d81cd08d9c" }, "display_value": "null" }, "status": "new", "access_level": "read" }, "paging": { "page": 2, "page_size": 50, "total_entries": 1000, "total_pages": 20 } }

HTTP status codes

Response code

HTTP Status code

Message

Internal name

Description

Response code

HTTP Status code

Message

Internal name

Description

1

Базові

2

 

200

 

 

 

3

 

401

Invalid access token

 

 

4

 

403

Your scope does not allow to access this resource. Missing allowances: approval:read

 

 

5

 

404

not found

 

 

6

 

404

Person is not found

 

 

7

Специфічні

8

 

 

 

 

 

Post-processing processes

N/A

Technical modules where the method is used

 

ЕСОЗ - публічна документація