e-referrals-service-api/specification/components/r4/schemas/endpoints/a040-retrieve-practitioner-info.yaml at ce9a9fdda867fc6d99034bbd35e1359925f9a977 · NHSDigital/e-referrals-service-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
      security:
        - bearerAuth: []

      description: |
        ## Overview

        Use this endpoint to determine which e-RS users a `SERVICE_PROVIDER_CLINICIAN_ADMIN` is allowed to work "on-behalf-of".

        Note: In e-RS, `SERVICE_PROVIDER_CLINICIAN_ADMIN` users always act "on-behalf-of" a `SERVICE_PROVIDER_CLINICIAN`. This endpoint specifically helps `SERVICE_PROVIDER_CLINICIAN_ADMIN` identify who they are allowed to log in as.

        ## Supported security patterns
        - Healthcare worker, user-restricted access

        ## Pre-requisites
        To use this endpoint, you must be an authenticated e-RS user and use one of the following e-RS roles depending on the query being invoked:

        | Query                                                                | e-RS Role(s)                      |
        | -------------------------------------------------------------------- | --------------------------------- |
        | onBehalfOf                                                           | `SERVICE_PROVIDER_CLINICIAN_ADMIN` |

        ## Use case

        As an authenticated user who has the `SERVICE_PROVIDER_CLINICIAN_ADMIN` role

        I need to know which provider clinical users I am allowed to work "on-behalf-of" at my provider organisation

        So I can log in as a `SERVICE_PROVIDER_CLINICIAN_ADMIN` user and complete tasks on behalf of a chosen `SERVICE_PROVIDER_CLINICIAN` user.

        ## Related endpoints

        To perform actions as a `SERVICE_PROVIDER_CLINICIAN_ADMIN` user, you must provide one of the returned Practitioner IDs, in the `NHSD-eRS-On-Behalf-Of-User-ID` header parameter, to indicate which `SERVICE_PROVIDER_CLINICIAN` the call is on-behalf-of.

      summary: Retrieve "on-behalf-of" practitioner user information (A040, FHIR R4)
      operationId: a040-retrieve-practitioner-info
      tags:
        - Retrieve user information
      parameters:
        - $ref: '../headers/request/BearerAuthorization.yaml'
        - $ref: '../headers/request/CorrelationID.yaml'
        - $ref: '../headers/request/OdsCode.yaml'
        - $ref: '../headers/request/BusinessFunctionOBO.yaml'
        - $ref: '../queryParameters/OboQuery.yaml'
      responses:
        '200':
          $ref: '../responses/retrieveOboPractitioners/200Response.yaml'
        '400':
          $ref: '../responses/retrieveOboPractitioners/400Response.yaml'
        '401':
          $ref: '../responses/Unauthorized.yaml'
        '403':
          $ref: '../responses/Forbidden.yaml'
        '406':
          $ref: '../responses/NotAcceptable.yaml'
        '429':
          $ref: '../responses/TooManyRequests.yaml'
        '500':
          $ref: '../responses/InternalServerError.yaml'
        '503':
          $ref: '../responses/ServiceUnavailable.yaml'