openapi: 3.1.0
info:
title: Zorg op Orde API
description: |-
Copyright Zorg op Orde – All rights reserved.
contact:
name: Zorg op Orde
email: api@zorgoporde.nl
version: 0.1-DEV
#servers:
# - url: https://tools.zorgoporde.nl/api1
# description: Production
# - url: https://test.zorgoporde.nl/api1
# description: Testing
tags:
- name: core
description: |-
API for cross-cutting API concerns, such as authentication and the springboard.
- name: patient
description: |-
API for retrieving medical dossier data and concerns based on looking up a
specific patient.
- name: Quality of Care
description: |-
API related to Quality of Care (QoC) features
A care program (dutch: _ketenzorg_ or _zorgprogramma_) describes a specific disease (such as Diabetes or Astma) or a more abstract concern such as elderly care or general concern about cardiovascular health. The same care program can show up multiple times, as there are different care programs and standards for the same disease or concern. For example, there could be the InEen report 'take' on how one should provide Diabetes care, and there could be some regional group's slightly different take on it; these would show up as different care programs.
Any given customer has a 'fave' status for any given care program; some care programs are enabled by default and some are disabled by default. However, a customer can explicitly select a program they wouldn't ordinarily see ('favourite' it), or explicitly deselect a program they get by default ('unfavourite' it). Most care programs will be neither favourited nor unfavourited: They should be shown based on their `defaultShow` property.
To allow favouriting/unfavouriting, the front end has 2 separate views for selecting care programs: The usual view, which shows _only_:
- Care programs that customer has explicitly favourited.
- Care programs that are shown by default to this customer which they did not explicitly unfavourite.
As well as a 'config' view where they see _all_ care programs that could possibly be relevant for that customer, where the customer can preview the report (essentially, run the report as normal), favourite something they don't get by default, or unfavourite something they get by default.
paths:
/springboard/apps:
$ref: 'paths/springboard_apps.yaml'
/patient/dossier:
$ref: 'paths/patient_dossier.yaml'
/patient/base:
$ref: 'paths/patient_base.yaml'
/qoc/careprogram:
$ref: 'paths/qoc_careprogram.yaml'
/qoc/careprogram/{careprogramKey}/fave:
$ref: 'paths/qoc_careprogram_{careprogramKey}_fave.yaml'
/qoc/indicatorset/{setKey}:
$ref: 'paths/qoc_indicatorset_{setKey}.yaml'
components:
schemas:
IndicatorSet:
$ref: 'schemas/IndicatorSet.yaml'
Indicator:
$ref: 'schemas/Indicator.yaml'
CareProgram:
$ref: 'schemas/CareProgram.yaml'
CareProgramSet:
$ref: 'schemas/CareProgramSet.yaml'
parameters:
Authorization:
name: Authorization
in: header
description: |-
The string `"Bearer "` followed by a single-use signed JWT token with the following mandatory claims:
kid – key id: A string identifying a trusted signer; agreed upon between user and Zorg op Orde beforehand.iat – Issued at: Time when this JWT was created and signed. Must be no more than 1 hour ago.
jti – JWT ID: A unique string used to prevent replay: Any given ID can not be used more than once.
agb – GP AGB: AGB code (Medical entity identifier); the lookup will be done on the medical dossier data of this practice or entity.
exp – OPTIONAL Expires at: If included, the request must not be received after this time.
nbf – OPTIONAL Not before: If included, the request must not be received before this time.
The JWT must be signed, preferably with HS256.
required: true
schema:
type: string
example: >-
Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJraWQiOiJaT08tQVBJLVBLSS1JRCIsImFnYiI6IjAxMDEyMzQ1IiwiaWF0IjoxNTE2MjM5MDIyLCJqdGkiOiJ0MTIzNC01Njc4LUFCQ0QifQ.wTesCfFTq1Mz8z7hUWU6zzKSc3dopWnpeETR7eDzFtc
responses:
ReqFailure:
description: |-
The request isn't valid; for example, it is missing a required parameter.
content:
application/json:
type: object
properties:
err:
description: A plain text explanation of what's wrong with the request
type: string
example: Either pu or bsn query parameter needs to be present and not blank.
JwtFailure:
description: |-
The JWT token isn't valid or wasn't provided.
content:
application/json:
schema:
type: object
properties:
err:
description: A plain text explanation of what's wrong with the JWT token.
type: string
enum:
- no JWT included
- Unknown signer
- Request sent before nfb
- Request sent after exp
- JWT issued too long ago
- Signature missing
- Signature invalid
- Required claim missing (agb)
- Required claim missing (iat)
- Required claim missing (kid)
- Required claim missing (jti)
- JWT already used
NoAuth:
description: User is not logged in / session expired.
NoAccess:
description: User is not allowed to access this API endpoint.
PatNotFound:
description: Provided filter does not match any patients or no medical dossiers are available for this practice.
content:
application/json:
schema:
type: object
properties:
kind:
description: |-
The 'level' of data that isn't available.
- `patient` indicates that there is medical dossier data available for this GP but the patient that is requested cannot be found.
- `practice` No medical dossier data is available whatsoever for this practice; either that practice isn't registered or hasn't (yet) provided medical dossier data.
type: string
example: practice
enum:
- practice
- patient