openapi: 3.1.0 info: title: Zorg op Orde API description: |- This documentation is also available in OpenAPI 3.1.0 yaml format. Copyright by Zorg op Orde, all rights reserved. contact: name: Zorg op Orde email: api@zorgoporde.nl version: v0.9 # In open source Redoc only for reference, only in the paid Redocly there are Try-it consoles. servers: - url: https://tools.zorgoporde.nl/api1 description: Production - url: https://acc.zorgoporde.nl/api1 description: Testing security: - BearerAuth: [] tags: - name: Patient description: |- API for retrieving medical dossier data and concerns based on looking up a specific patient. - name: Population statistics description: |- Statistics of a patient population. - name: Frequent users description: |- Gives insight and enumerates the patients who make most use of the practice. Use is defined as time needed from the doctor(s). Certain feat codes need more or less a constant time. These are used to get an approximation. - name: Quality of Care description: |- API related to Quality of Care (QoC) features A care program (dutch: _ketenzorg_ or _zorgprogramma_) describes a specific disease (such as Diabetes or Astma) or a more abstract concern such as elderly care or general concern about cardiovascular health. The same care program can show up multiple times, as there are different care programs and standards for the same disease or concern. For example, there could be the InEen report 'take' on how one should provide Diabetes care, and there could be some regional group's slightly different take on it; these would show up as different care programs. Any given customer has a 'fave' status for any given care program; some care programs are enabled by default and some are disabled by default. However, a customer can explicitly select a program they wouldn't ordinarily see ('favourite' it), or explicitly deselect a program they get by default ('unfavourite' it). Most care programs will be neither favourited nor unfavourited: They should be shown based on their `defaultShow` property. To allow favouriting/unfavouriting, the front end has 2 separate views for selecting care programs: The usual view, which shows _only_: - Care programs that customer has explicitly favourited. - Care programs that are shown by default to this customer which they did not explicitly unfavourite. As well as a 'config' view where they see _all_ care programs that could possibly be relevant for that customer, where the customer can preview the report (essentially, run the report as normal), favourite something they don't get by default, or unfavourite something they get by default. paths: /patient/dossier: $ref: 'paths/patient_dossier.yaml' /patient/base: $ref: 'paths/patient_base.yaml' /patient/fundusByGroup: $ref: 'paths/patient_fundusByGroup.yaml' /patient/fundusByPractice: $ref: 'paths/patient_fundusByPractice.yaml' /population/statistics: $ref: 'paths/population_statistics.yaml' /population/statistics/deprivedNeighborhood: $ref: 'paths/population_statistics_deprived.yaml' /population/statistics/employeeFeat: $ref: 'paths/population_statistics_employeeFeat.yaml' /population/frequentUser/count: $ref: 'paths/population_frequentUser_count.yaml' /population/frequentUser/patients: $ref: 'paths/population_frequentUser_patients.yaml' /population/frequentUser/patient: $ref: 'paths/population_frequentUser_patient.yaml' /qoc/careprogram: $ref: 'paths/qoc_careprogram.yaml' /qoc/indicatorset/{setKey}: $ref: 'paths/qoc_indicatorset_{setKey}.yaml' /qoc/checkupList/{setKey}: $ref: 'paths/qoc_checkupList_{setKey}.yaml' /qoc/checkupList/setStatus: $ref: 'paths/qoc_checkupList_set_status.yaml' /qoc/indicator/{setKey}/{indicatorKey}/patients: $ref: 'paths/qoc_indicator_{setKey}_{indicatorKey}_patients.yaml' /qoc/indicator/{setKey}/{indicatorKey}/participants: $ref: 'paths/qoc_indicator_{setKey}_{indicatorKey}_participants.yaml' /qoc/list-groups: $ref: 'paths/qoc_list-groups.yaml' /qoc/participating-practices: $ref: 'paths/qoc_participating-practices.yaml' components: parameters: Authorization: name: Authorization in: header description: |- The string `"Bearer "` followed by a single-use signed JWT token with the following mandatory claims: * `kid` – **key id**: A string identifying a trusted signer; agreed upon between user and Zorg op Orde beforehand. * `iat` – **Issued at**: Time when this JWT was created and signed. Must be no more than 1 hour ago. * `jti` – **JWT ID**: A unique string used to prevent replay: Any given ID can not be used more than once. * `agb` – **GP AGB**: AGB code (Medical entity identifier); the lookup will be done on the medical dossier data of this practice or entity. * `exp` – _OPTIONAL_ **Expires at**: If included, the request must not be received after this time. * `nbf` – _OPTIONAL_ **Not before**: If included, the request must not be received before this time. The JWT must be signed, preferably with `HS256`. required: true schema: type: string example: >- Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJraWQiOiJaT08tQVBJLVBLSS1JRCIsImFnYiI6IjAxMDEyMzQ1IiwiaWF0IjoxNTE2MjM5MDIyLCJqdGkiOiJ0MTIzNC01Njc4LUFCQ0QifQ.wTesCfFTq1Mz8z7hUWU6zzKSc3dopWnpeETR7eDzFtc AgbGP: name: agb in: query description: |- The AGB code (dutch: _Algemeen Gegevens Beheer_ - unique identifier for medical professionals and GP practices) of the GP practice. This value can be a claim in the JWT (preferred), or, if no `agb` claim exists in the authenticating JWT token, it must be a query parameter. The JWT token must be authorized for this entity. required: false schema: type: integer minimum: 1 maximum: 99999999 AgbCareGroup: name: agb in: query description: |- The AGB code (dutch: _Algemeen Gegevens Beheer_ - unique identifier for medical professionals and GP practices) of the entity that represents multiple GP practices. This value can be a claim in the JWT (preferred), or, if no `agb` claim exists in the authenticating JWT token, it must be a query parameter. The JWT token must be authorized for this entity. required: false schema: type: integer minimum: 1 maximum: 99999999 Pretty: name: pretty in: query description: If `true` the emitted JSON is pretty-printed. Use only for debugging purposes. schema: type: boolean default: false RefDateDefaultToday: name: refDate in: query description: |- If present, the date used as context (any measurements available done afterwards aren't taken into account, any expiry calculations use this date as reference, and so forth). Defaults to today. schema: $ref: schemas/date.yaml CareGroup: name: group in: query description: |- The 'key' for the care group you want to retrieve data for. Providing this parameter is pointless unless the AGB code supplied via the `agb` parameter is responsible for more than one care group which is rare. A list of valid groups can be obtained via the `list-groups` endpoint. required: false schema: type: string GpCodes: name: gpCodes in: query description: Code of the GP as known in the GPIS. example: AA,BZP,RZ,ECH schema: type: array items: $ref: schemas/med_dossier/Practitioner.yaml responses: ReqFailure: description: The request isn't valid; for example, it is missing a required parameter. content: application/json: schema: type: object properties: err: description: A plain text explanation of what's wrong with the request type: string example: Either x or y query parameter needs to be present and not blank. JwtFailure: description: |- The JWT token isn't valid or wasn't provided. content: application/json: schema: type: object properties: err: description: A plain text explanation of what's wrong with the JWT token. type: string enum: - no JWT included - Unknown signer - Request sent before nfb - Request sent after exp - JWT issued too long ago - Signature missing - Signature invalid - Required claim missing (agb) - Required claim missing (iat) - Required claim missing (kid) - Required claim missing (jti) - JWT already used NoAuth: description: User is not logged in / session expired. NoAccess: description: User is not allowed to access this API endpoint. PatNotFound: description: Provided filter does not match any patients or no medical dossiers are available for this practice. content: application/json: schema: type: object properties: kind: description: |- The 'level' of data that isn't available.
type: string example: practice enum: - practice - patient MandateMissing: description: Indicated practice is known but has not authorized ZOO to share this information with signer. securitySchemes: BearerAuth: in: header type: http scheme: bearer bearerFormat: JWT description: |- The string "Bearer " followed by a single-use signed JWT token with the mandatory claims as stated in the table below.. The JWT must be signed, preferably with `HS256`.
ClaimDescription
kidkey idA string identifying a trusted signer; agreed upon between user and Zorg op Orde beforehand.
iatIssued atTime when this JWT was created and signed. To make up for clock differences, up to five minutes in the future are allowed.
jtiIdentifierA unique string of 10 characters or longer, used to prevent replay. Any given identifier can not be used more than once. As a consequence a JWT can only used once.
agbAGB of the GPAGB code (Medical entity identifier), the lookup will be done on the medical dossier data of this practice or entity. The agb may be specified with or without prefix zeros.
expExpires atOPTIONAL If included, the request must not be received after this time. May be up to 10 minutes in the future. The difference between the exp claim and the iat must be 20 minutes or less and iat < exp.
nbfNot beforeOPTIONAL If included, the request must not be received before this time. Should not be set in the future.