integrations.sh
← all integrations

ndhm.gov.in – ndhm-gateway

OpenAPI apis-guru open_data

Gateway is the hub that routes/orchestrates the interaction between consent managers and API bridges. There are 5 categories of APIs; discovery, link, consent flow, data flow and monitoring. To reflect the consumers of APIs, the above apis are also categorized under cm facing, hiu facing and hip facing

Homepage
https://api.apis.guru/v2/specs/ndhm.gov.in:ndhm-gateway/0.5.json
Provider
ndhm.gov.in:ndhm-gateway / ndhm-gateway
OpenAPI version
3.0.0
Spec (JSON)
https://api.apis.guru/v2/specs/ndhm.gov.in/ndhm-gateway/0.5/openapi.json
Spec (YAML)
https://api.apis.guru/v2/specs/ndhm.gov.in/ndhm-gateway/0.5/openapi.yaml

Tools (50)

Extracted live via the executor SDK.

  • cmFacing.postV05PatientsSmsOnNotify

    If the SMS notification is successfully sent to patient then "status" will be "ACKNOWLEDGED" with no error. If the SMS notification is failed then "status" will be "ERRORED" with error.

  • consentFlow.postV05ConsentRequestsInit

    Creates a consent request to get data about a patient by HIU user.

  • consentFlow.postV05ConsentRequestsOnInit

    Result of consent request creation for a patient. consentRequest.id represents the consentrequest id created by CM. The result must contain either consentRequest or the error caused.
    Reasons for error may be

    • Invalid references (e.g patient id, hiu id), purpose, hiTypes, ranges, persmission
  • consentFlow.postV05ConsentRequestsOnStatus

    Result of consent request done previously. Status of request can be GRANTED, DENIED, EXPIRED. If the request was GRANTED, then

  • consentFlow.postV05ConsentRequestsStatus

    Get status of consent request done previously

  • consentFlow.postV05ConsentsFetch

    Get consent artefact

  • consentFlow.postV05ConsentsHipNotify

    Notification of consents to health information providers consent request granted, consent revoked, consent expired. Only the GRANTED, REVOKED and EXPIRED status notifications will be sent to HIP.

    1. If consent is granted, status=GRANTED, then consentDetail contains the consent artefact details and signature is available.
    2. If consent is revoked, then status=REVOKED, and consentId specifes which consent artefact is revoked.
    3. If the consent has expired, then status=EXPIRED, and consentId specifies which consent artefact has expired. Note, this is also responsibility of the HIP to keep track of consent expiry. Any data request on expired consent artefact must not be done.
  • consentFlow.postV05ConsentsHipOnNotify

    This API is called by HIP as acknowledgement to notification of consents, in cases of consent revocation and expiration.

  • consentFlow.postV05ConsentsHiuNotify

    Health information user will get notified about the consent request granted or denied, consent revoked, consent expired.

    1. For consent request grant, status=GRANTED, consentRequestId=, and consentArtefacts is an array of generated consent artefact Ids.
    2. For consent request expiry, status=EXPIRED, consentRequestId=
    3. For consent request denied, status=DENIED, consentRequestId=
    4. For consent revocation, status=REVOKED, consentArtefacts is an array of revoked consent artefact ids
  • consentFlow.postV05ConsentsHiuOnNotify

    This API is called by HIU as acknowledgement to consent notifications, specifically for cases when consent is REVOKED or EXPIRED.

  • consentFlow.postV05ConsentsOnFetch

    Must contain either consentDetail or error. Possible reason of errors are

    1. consentId passed through /fetch is invalid
  • dataFlow.postV05HealthInformationCmOnRequest

    Callback API for acknowledgement of Health information request of HIU. CM calls this API when it has validated the Health Information request given the consent id. Either the hiRequest or error would need to be specified. If the health info request was valid, then the hiRequest.transactionId specifies the transaction context against which HIP would send over the data. Possible cases of errors are

    1. Invalid consent artefact id
    2. Consent has expired
    3. Date ranges are invalid
  • dataFlow.postV05HealthInformationCmRequest

    Request for Health information against a consent id. CM would generate a transactionId against each consent and pass it as trnasaction context / correlation id to the HIP and also return the same to HIU via /on-request.

  • dataFlow.postV05HealthInformationHipOnRequest

    API called by HIP to acknowledge Health information request receipt. Either the hiRequest or error must be specified. hiRequest element returns the same transactionId as before with a status indicating that the request is acknowledged.

  • dataFlow.postV05HealthInformationHipRequest

    API called by CM to request Health information from HIP against a validated consent artefact. The transactionId is the correlation id that HIP should use use when pushing data to the dataPushUrl.

  • dataFlow.postV05HealthInformationNotify

    API called by HIU and HIP during data-transfer.

    1. HIP on transfer of data would send sessionStatus - one of [TRANSFERRED, FAILED]
    2. HIP would also send hiStatus for each careContextReference - on of [DELIVERED, ERRORED]
    3. HIU on receipt of data would send sessionStatus - one of [TRANSFERRED, FAILED]. For example, FAILED when if data was not sent or if invalid data was sent
    4. HIU would also send hiStatus for each careContextReference - one of [OK, ERRORED]
  • discovery.postV05CareContextsDiscover

    Request for patient care context discover, made by CM for a specific HIP. It is expected that HIP will subsequently return either zero or one patient record with (potentially masked) associated care contexts

    1. At least one of the verified identifier matches
    2. Name (fuzzy), gender matches
    3. If YoB was given, age band(+-2) matches
    4. If unverified identifiers were given, one of them matches
    5. If more than one patient records would be found after aforementioned steps, then patient who matches most verified and unverified identifiers would be returned.
    6. If there would be still more than one patients (after ranking) error would be returned
    7. Intended HIP should be able to resolve and identify results returned in the subsequent link confirmation request via the specified transactionId
    8. Intended HIP should store the discovery results with transactionId and care contexts discovered for subsequent link initiation
  • discovery.postV05CareContextsOnDiscover

    Result of patient care-context discovery request at HIP end. If a matching patient found with zero or more care contexts associated, it is specified as result attribute. If the prior discovery request, resulted in errors then it is specified in the error attribute. Reasons of errors can be

    1. more than one definitive match for the given request
    2. no verified identifer was specified
  • hipFacing.postV05PatientsSmsNotify

    API to send SMS notifications to patient with custom deeplink.

  • identification.postV05PatientsFind

    This API is meant for identify to patient given her consent-manager-user-id

  • identification.postV05PatientsOnFind

    If a patient is found then patient.name contains the patients name. Otherwise, patient is not provided, and possibly error is raised for invalid requests Note in addition to the "Authorization" header, one of the following headers must be specified

    1. specify X-HIU-ID if the requester is HIU (identified from /find requester.id)
    2. specify X-HIP-ID if the requester is HIP (identified from /find requester.id)
  • link.postV05LinksLinkAddContexts

    API to submit care-context to CM for HIP initiated linking. The API must accompany the "accessToken" fetched in the users/auth process.

    1. subsequent usage for accessToken may be invalid if it was meant for one-time usage or if it expired
  • link.postV05LinksLinkConfirm

    API to submit the token that was sent by HIP during the link request.

  • link.postV05LinksLinkInit

    Request from CM to links care contexts associated with only one patient

    1. Validate account reference number and care context reference number
    2. Validate transactionId in the request with discovery request entry to check whether there was a discovery and were these care contexts discovered or not for a given patient
    3. Before eventual link confirmation, HIP needs to authenticate the request with the patient(eg: OTP verification)
    4. HIP should communicate the mode of authentication of a successful request to Consent Manager
  • link.postV05LinksLinkOnAddContexts

    If the accessToken is valid for purpose of linking, and specified details provided, CM will send "acknoweldgement.status" as SUCCESS. If any error occcurred, for example invalid token, or other required patient or care-context information not provided, then "error" attribute conveys so.

    1. accessToken must be valid and must be for the purpose of linking
  • link.postV05LinksLinkOnConfirm

    Returns a list of linked care contexts with patient reference number.

    1. Validated and linked account reference number
    2. Validated that the token sent from Consent Manager is same as the one generated by HIP
    3. Verified that same Consent Manager which made the link request is sending the token
    4. Results of unmasked linked care contexts with patient reference number
  • link.postV05LinksLinkOnInit

    Result of patient care-context link request from HIP end. This happens in context of previous discovery of patient found at HIP end, therefore the link requests ought to be in reference to the patient reference and care-context references previously returned by the HIP. The correlation of discovery and link request is maintained through the transactionId. HIP should have

    1. Validated transactionId in the request to check whether there was a discovery done previously, and the link request corresponds to returned patient care care context references
    2. Before returning the response, HIP should have sent an authentication request to the patient(eg: OTP verification)
    3. HIP should communicate the mode of authentication of a successful request
    4. HIP subsequently should expect the token passed via /link/confirm against the link.referenceNumber passed in this call

    The error section in the body, represents the potential errors that may have occurred. Possible reasons:

    1. Patient reference number is invalid
    2. Care context reference numbers are invalid
  • monitoring.getV05Heartbeat

    Get consent request status

  • profile.postV05PatientsProfileOnShare

    Result of patient share profile request at HIP end.

  • profile.postV05PatientsProfileShare

    Request for sharing patient's profile details to HIP

  • services.getV05HiServicesServiceId

    This API is meant for displaying the bridge service details by the serviceId provided .

  • sessions.getV05Certs

    Get certs for JWT verification

  • sessions.getV05WellKnownOpenidConfiguration

    Get openid configuration

  • sessions.postV05Sessions

    Get access token

  • subscriptions.postV05SubscriptionRequestsCmInit

    creates a request for subscription. The subscription categories can be for care-contexts linkages or availability of data against existing care-contexts. Note that the requester must have HIU role

  • subscriptions.postV05SubscriptionRequestsCmOnInit

    This callback API acknowledges the request for subscription from a HIU, and sends back a "id" that will be used when the patient/user approves or denies the subscription.

  • subscriptions.postV05SubscriptionRequestsHiuNotify

    This API is used by CM to notify a HIU to grant or deny a request for subscription, and also to notify that in case an existing subscription is revoked or expired. For notifying that a particular subscription request was GRANTED or DENIED, the subscriptionRequestId is passed.

  • subscriptions.postV05SubscriptionRequestsHiuOnNotify

    This API is called by HIU as acknowledgement to subscription request relevant notifications.

  • subscriptions.postV05SubscriptionsHiuNotify

    This API is used by CM to notify a HIU for notification relevant to subscription. Notifications are sent to subscribed HIUs whenever a new care-context is linked or new data is available on an existing linked care-context.

    1. if event.category = LINK, then only care-contexts are passed when new care-contexts are linked for patient.
    2. If event.category = DATA, then hiTypes are passed. Care-context is passed only if the subscribed HIU has any valid consent for that care-context
  • subscriptions.postV05SubscriptionsHiuOnNotify

    This API is called by HIU as acknowledgement to consent notifications, specifically for cases when consent is REVOKED or EXPIRED.

  • userAuth.postV05UsersAuthConfirm

    This API is called by HIP/HIUs to confirm authentication of users. The transactionId returned by the previous callback API /users/auth/on-init must be sent. If Authentication is successful the callback API will send an "access token" for subsequent purpose specific API calls. Note only credential.authCode or credential.demographic should be sent

    1. demographic details are only required for demographic auth as of now.
    2. demographic details are required only in MEDIATED cases and if the auth.mode so demands. e.g. if auth.mode is DEMOGRAPHICS. Usually for demographic authentication, the name, gender and DOB must be exactly as specified in User Account.
    3. demographic.identifier is optional, however maybe required if authentication so mandates.
    4. credential.authCode is required for other MEDIATED authentication like MOBILE_OTP, AADHAAR_OTP.
  • userAuth.postV05UsersAuthFetchModes

    This API is meant for identify supported authentication modes for a patient given a specific purpose

  • userAuth.postV05UsersAuthInit

    This API is called by HIPs to initiate authentication of users. A transactionId is retuned by the corresponding callback API for confirmation of user auth.

  • userAuth.postV05UsersAuthNotify

    This API is called by CM to confirm authentication of users. The transactionId returned is same as that passed in /auth/on-init. The "auth.status" conveys whether the request was GRANTED or DENIED.

    1. auth.accessToken - is specific to the purpose mentioned in the /auth/init. This token needs to be used for initiating the intended action. For example for HIP initiated linking of care-contexts
    2. NOTE, only one of X-HIP-ID or X-HIU-ID will be sent as part of header, not both.
    3. The payload is conditional to the purpose of auth. If purpose specified in /auth/init is KYC or KYC_AND_LINK, then patient details are passed. auth.accessToken is passed only if the purpose is LINK or KYC_AND_LINK.
  • userAuth.postV05UsersAuthOnConfirm

    This API is called by CM to confirm authentication of users.

    1. auth.accessToken - is specific to the purpose mentioned in the /auth/init. This token needs to be used for initiating the intended action. For example for HIP initiated linking of care-contexts
    2. NOTE, only one of X-HIP-ID or X-HIU-ID will be sent as part of header, not both.
  • userAuth.postV05UsersAuthOnFetchModes

    If a patient is found then auth attribute contains the supported modes for the specified purpose. Otherwise, error is raised for invalid requests or for non-existent id. Note in addition to the "Authorization" header, one of the following headers must be specified

    1. X-HIU-ID if the requester is HIU (identified from /auth/fetch-modes requester.id)
    2. X-HIP-ID if the requester is HIP (identified from /auth/fetch-modes requester.id)
  • userAuth.postV05UsersAuthOnInit

    If the patient's id is valid, CM will return a transactionId as initialization of user auth. If the request is valid, then 'auth.mode' will convey how the authentication should be done. The authentication can be mediated or direct. For mediated authentication modes, HIP or HIU is epected to send over relevant code (OTP/token) or demographic info via subsequent API call to /auth/confirm. for direct authentication case, CM will notify requester through/users/auth/notify API.

    1. auth.mode conveys whats the mode of authentication is, and what is expected from HIP/HIU in the subsequent /auth/confirm API call. Possible values
      1. MOBILE_OTP - auth via OTP to registered mobile. Mediated.
      2. AADHAAR_OTP - auth initiated with Aadhaar with OTP. Mediated.
      3. DEMOGRAPHICS - auth initiated with demographic verification
      4. DIRECT - for authentication directly with the patient. e.g. Mobile App, SMS. In this case, the HIP/HIU is not expected to call subsequent /auth/confirm call. CM will do direct authentication with the User (e.g. Mobile App, SMS etc) and will notify requester
    2. meta.expiry conveys the expiry time of the token and the authentication session
    3. NOTE, only one of X-HIP-ID or X-HIU-ID will be sent as part of header, not both.

    The error section in the body, represents the potential errors that may have occurred. Possible reasons:

    1. Patient id is invalid
  • userAuth.postV05UsersAuthOnNotify

    This API is called by HIU/HIPs to confirm acknowledgement for receipt of auth notification is case of DIRECT authentication.

  • openapi.previewSpec

    Preview an OpenAPI document before adding it as a source

  • openapi.addSource

    Add an OpenAPI source and register its operations as tools