NZ Shared Digital Health Record API
0.3.0 - draft
NZ Shared Digital Health Record API
0.3.0 - draft
NZ Shared Digital Health Record API - Local Development build (v0.3.0) built by the FHIR (HL7® FHIR® Standard) Build Tools. See the Directory of published versions
| Draft as of 2024-04-15 |
{
"resourceType" : "CapabilityStatement",
"id" : "SDHRCapabliityStatement",
"meta" : {
"profile" : [
🔗 "https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/hnz-capability-statement"
]
},
"text" : {
"status" : "extensions",
"div" : "<div xmlns=\"http://www.w3.org/1999/xhtml\"><p class=\"res-header-id\"><b>Generated Narrative: CapabilityStatement SDHRCapabliityStatement</b></p><a name=\"SDHRCapabliityStatement\"> </a><a name=\"hcSDHRCapabliityStatement\"> </a><a name=\"SDHRCapabliityStatement-en-US\"> </a><div style=\"display: inline-block; background-color: #d9e0e7; padding: 6px; margin: 4px; border: 1px solid #8da1b4; border-radius: 5px; line-height: 60%\"><p style=\"margin-bottom: 0px\"/><p style=\"margin-bottom: 0px\">Profile: <a href=\"file:///home/runner/work/fhir-ig-builder/fhir-ig-builder/hnz-digital-tooling/output/StructureDefinition-hnz-capability-statement.html\">Capability Statement profile for use with the Health New Zealand Te Whatu Ora OpenAPI spec converter</a></p></div><h2 id=\"title\">NZ Shared Digital Health Record API</h2><ul><li>Implementation Guide Version: 0.3.0 </li><li>FHIR Version: 4.0.1 </li><li>Supported Formats: <code>application/fhir+json</code></li><li>Supported Patch Formats: </li><li>Published on: 2024-04-15 01:15:23+0000 </li><li>Published by: Health New Zealand </li></ul><blockquote class=\"impl-note\"><p><strong>Note to Implementers: FHIR Capabilities</strong></p><p>Any FHIR capability may be 'allowed' by the system unless explicitly marked as 'SHALL NOT'. A few items are marked as MAY in the Implementation Guide to highlight their potential relevance to the use case.</p></blockquote><h2 id=\"rest\">FHIR RESTful Capabilities</h2><div class=\"panel panel-default\"><div class=\"panel-heading\"><h3 id=\"mode1\" class=\"panel-title\">Mode: <code>server</code></h3></div><div class=\"panel-body\"><div class=\"lead\"><em>Security</em></div><div class=\"row\"><div class=\"col-lg-6\">Enable CORS: yes</div><div class=\"col-lg-6\">Security services supported: <code>SMART-on-FHIR</code></div></div><blockquote><div><p>OAuth 2.0 - Client Credential flow.)</p>\n</div></blockquote><div class=\"lead\"><em>Summary of System-wide Interactions</em></div><ul><li>Supports the <code>search-system</code>interaction described as follows:<div><h3>Request-Context custom header</h3>\n<p>All screening FHIR API requests must include the HNZ request context <em>custom header</em> supplying identifiers for the health user\nand organisation behind the API request.</p>\n<p>This context is supplied using the 'Request-Context' custom header in the form of a base64-encoded JSON object.</p>\n<table class=\"grid\">\n<thead>\n<tr>\n<th align=\"left\"><strong>Context property</strong></th>\n<th align=\"left\"><strong>Value</strong></th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td align=\"left\"><code>userIdentifier</code></td>\n<td align=\"left\">The userid of the user as authenticated by the PMS/health application (REQUIRED)</td>\n</tr>\n<tr>\n<td align=\"left\"><code>secondaryIdentifier</code></td>\n<td align=\"left\">The secondary identifier for the user - this <strong>MUST</strong> be the end users Common Person Number (aka HPI Practitioner identifier) of the practitioner using the application (REQUIRED)</td>\n</tr>\n<tr>\n<td align=\"left\"><code>purposeOfUse</code></td>\n<td align=\"left\">Set to <code>"NZSCREEN"</code> (REQUIRED)</td>\n</tr>\n<tr>\n<td align=\"left\"><code>userFullName</code></td>\n<td align=\"left\">Full name of the user of the PMS/health application.` (REQUIRED)</td>\n</tr>\n<tr>\n<td align=\"left\"><code>userRole</code></td>\n<td align=\"left\">Role of the user of the PMS/health application. Set to `"PROV" (REQUIRED)</td>\n</tr>\n<tr>\n<td align=\"left\"><code>orgIdentifier</code></td>\n<td align=\"left\">The HPI Organisation Number (aka HPI Organisation identifier) for the organisation in which the API consumer application is deployed (REQUIRED)</td>\n</tr>\n<tr>\n<td align=\"left\"><code>facilityIdentifier</code></td>\n<td align=\"left\">HPI identifier for the facility where the user is located (REQUIRED)</td>\n</tr>\n</tbody>\n</table>\n<p>A schema definition and examples for <code>Request-Context</code> can be <a href=\"https://github.com/tewhatuora/schemas/blob/main/json-schema/Request-Context.json\">found here</a></p>\n<h4>Example Request-Context Header Payload</h4>\n<p><strong>Base64 Encoded</strong></p>\n<pre><code>eyJ1c2VySWRlbnRpZmllciI6InBhdCIsInVzZXJSb2xlIjoiUFJPViIsInNlY29uZGFyeUlkZW50aWZpZXIiOnsidXNlIjoib2ZmaWNpYWwiLCJzeXN0ZW0iOiJodHRwczovL3N0YW5kYXJkcy5kaWdpdGFsLmhlYWx0aC5uei9ucy9ocGktcGVyc29uLWlkIiwidmFsdWUiOiI5OVpaWlMifSwicHVycG9zZU9mVXNlIjpbIlBST1YiXSwidXNlckZ1bGxOYW1lIjoiQmV2ZXJseSBDcnVzaGVyIiwib3JnSWRlbnRpZmllciI6IkcwMDAwMS1HIiwiZmFjaWxpdHlJZGVudGlmaWVyIjoiRlpaOTk5LUIifQ\n</code></pre>\n<p><strong>Decoded JSON</strong></p>\n<pre><code class=\"language-json\">{\n"userIdentifier": "pat",\n"userRole": "PROV",\n"secondaryIdentifier": {\n "use": "official",\n "system": "https://standards.digital.health.nz/ns/hpi-person-id",\n "value": "99ZZZS"\n},\n"purposeOfUse": [\n "NZSCREEN"\n],\n"userFullName": "Beverly Crusher",\n"orgIdentifier": "G00001-G",\n"facilityIdentifier": "FZZ999-B"\n}\n</code></pre>\n<h3>Error status codes</h3>\n<h4>Read (GET) Operation Statuses</h4>\n<table class=\"grid\">\n<thead>\n<tr>\n<th align=\"center\"><strong>Code</strong></th>\n<th align=\"left\"><strong>Meaning</strong></th>\n<th align=\"left\"><strong>Description</strong></th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td align=\"center\">200</td>\n<td align=\"left\">OK</td>\n<td align=\"left\">The request was successful, and the response body contains the representation requested</td>\n</tr>\n<tr>\n<td align=\"center\">302</td>\n<td align=\"left\">FOUND</td>\n<td align=\"left\">A common redirect response; you can GET the representation at the URI in the Location response header</td>\n</tr>\n<tr>\n<td align=\"center\">304</td>\n<td align=\"left\">NOT MODIFIED</td>\n<td align=\"left\">Your client's cached version of the representation is still up to date</td>\n</tr>\n<tr>\n<td align=\"center\">400</td>\n<td align=\"left\">BAD REQUEST</td>\n<td align=\"left\">Missing or bad <code>Recurity-Context</code> custom header; FHIR request payload does not validate against Implementation Guide</td>\n</tr>\n<tr>\n<td align=\"center\">401</td>\n<td align=\"left\">UNAUTHORIZED</td>\n<td align=\"left\">The supplied credentials, if any, are not sufficient to access the resource</td>\n</tr>\n<tr>\n<td align=\"center\">403</td>\n<td align=\"left\">FORBIDDEN</td>\n<td align=\"left\">Insufficient privilege to access the requested FHIR resource/operation</td>\n</tr>\n<tr>\n<td align=\"center\">404</td>\n<td align=\"left\">NOT FOUND</td>\n<td align=\"left\">The requested representation was not found. Retrying this request is unlikely to be successful</td>\n</tr>\n<tr>\n<td align=\"center\">429</td>\n<td align=\"left\">TOO MANY REQUESTS</td>\n<td align=\"left\">Your application is sending too many simultaneous requests</td>\n</tr>\n<tr>\n<td align=\"center\">500</td>\n<td align=\"left\">SERVER ERROR</td>\n<td align=\"left\">An internal server error prevented return of the representation response</td>\n</tr>\n<tr>\n<td align=\"center\">503</td>\n<td align=\"left\">SERVICE UNAVAILABLE</td>\n<td align=\"left\">We are temporarily unable to return the representation. Please wait and try again later</td>\n</tr>\n</tbody>\n</table>\n<h4>Search (GET) Operation Statuses</h4>\n<table class=\"grid\">\n<thead>\n<tr>\n<th align=\"center\"><strong>Code</strong></th>\n<th align=\"left\"><strong>Meaning</strong></th>\n<th align=\"left\"><strong>OperationOutcome</strong> in response?</th>\n<th align=\"left\"><strong>Description</strong></th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td align=\"center\">200</td>\n<td align=\"left\">OK</td>\n<td align=\"left\">Yes, When there are additional messages about a match result</td>\n<td align=\"left\">The request was successful, and the response body contains the representation requested</td>\n</tr>\n<tr>\n<td align=\"center\">302</td>\n<td align=\"left\">FOUND</td>\n<td align=\"left\">No</td>\n<td align=\"left\">A common redirect response; you can GET the representation at the URI in the Location response header</td>\n</tr>\n<tr>\n<td align=\"center\">400</td>\n<td align=\"left\">BAD REQUEST</td>\n<td align=\"left\">Yes</td>\n<td align=\"left\">Missing or bad <code>Recurity-Context</code> custom header;<br>FHIR request payload does not validate against Implementation Guide</td>\n</tr>\n<tr>\n<td align=\"center\">401</td>\n<td align=\"left\">UNAUTHORIZED</td>\n<td align=\"left\">Yes</td>\n<td align=\"left\">The supplied credentials, if any, are not sufficient to access the resource</td>\n</tr>\n<tr>\n<td align=\"center\">403</td>\n<td align=\"left\">FORBIDDEN</td>\n<td align=\"left\">Yes</td>\n<td align=\"left\">Insufficient privilege to access the requested FHIR resource/operation. See <a href=\"./OperationOutcome-APIError-Unauthorised.html\">OperationOutcome-APIError-Unauthorised</a></td>\n</tr>\n<tr>\n<td align=\"center\">429</td>\n<td align=\"left\">TOO MANY REQUESTS</td>\n<td align=\"left\">No</td>\n<td align=\"left\">Your application is sending too many simultaneous requests</td>\n</tr>\n<tr>\n<td align=\"center\">500</td>\n<td align=\"left\">SERVER ERROR</td>\n<td align=\"left\">No</td>\n<td align=\"left\">An internal server error prevented return of the representation response</td>\n</tr>\n<tr>\n<td align=\"center\">503</td>\n<td align=\"left\">SERVICE UNAVAILABLE</td>\n<td align=\"left\">No</td>\n<td align=\"left\">The server is temporarily unable to return the representation. Please wait and try again later</td>\n</tr>\n</tbody>\n</table>\n<h3>Non existent API endpoints</h3>\n<p>When a consumer attempts to call a non-existent API end point, respond\nwith a <strong>501 Not Implemented</strong> status code.</p>\n</div></li></ul></div></div><h3 id=\"resourcesCap1\">Capabilities by Resource/Profile</h3><h4 id=\"resourcesSummary1\">Summary</h4><p>The summary table lists the resources that are part of this configuration, and for each resource it lists:</p><ul><li>The relevant profiles (if any)</li><li>The interactions supported by each resource (<b><span class=\"bg-info\">R</span></b>ead, <b><span class=\"bg-info\">S</span></b>earch, <b><span class=\"bg-info\">U</span></b>pdate, and <b><span class=\"bg-info\">C</span></b>reate, are always shown, while <b><span class=\"bg-info\">VR</span></b>ead, <b><span class=\"bg-info\">P</span></b>atch, <b><span class=\"bg-info\">D</span></b>elete, <b><span class=\"bg-info\">H</span></b>istory on <b><span class=\"bg-info\">I</span></b>nstance, or <b><span class=\"bg-info\">H</span></b>istory on <b><span class=\"bg-info\">T</span></b>ype are only present if at least one of the resources has support for them.</li><li><span>The required, recommended, and some optional search parameters (if any). </span></li><li>The linked resources enabled for <code>_include</code></li><li>The other resources enabled for <code>_revinclude</code></li><li>The operations on the resource (if any)</li></ul><div class=\"table-responsive\"><table class=\"table table-condensed table-hover\"><thead><tr><th><b>Resource Type</b></th><th><b>Profile</b></th><th class=\"text-center\"><b title=\"GET a resource (read interaction)\">R</b></th><th class=\"text-center\"><b title=\"GET all set of resources of the type (search interaction)\">S</b></th><th class=\"text-center\"><b title=\"PUT a new resource version (update interaction)\">U</b></th><th class=\"text-center\"><b title=\"POST a new resource (create interaction)\">C</b></th><th><b title=\"Required and recommended search parameters\">Searches</b></th><th><code><b>_include</b></code></th><th><code><b>_revinclude</b></code></th><th><b>Operations</b></th></tr></thead><tbody><tr><td><a href=\"#AllergyIntolerance1-1\">AllergyIntolerance</a></td><td><a href=\"StructureDefinition-SDHRAllergyIntolerance.html\">https://fhir-ig.digital.health.nz/sdhr/StructureDefinition/SDHRAllergyIntolerance</a></td><td class=\"text-center\">y</td><td class=\"text-center\">y</td><td class=\"text-center\">y</td><td class=\"text-center\">y</td><td></td><td/><td/><td/></tr><tr><td><a href=\"#Condition1-2\">Condition</a></td><td><a href=\"StructureDefinition-SDHRCondition.html\">https://fhir-ig.digital.health.nz/sdhr/StructureDefinition/SDHRCondition</a></td><td class=\"text-center\">y</td><td class=\"text-center\">y</td><td class=\"text-center\">y</td><td class=\"text-center\">y</td><td></td><td/><td/><td/></tr><tr><td><a href=\"#Encounter1-3\">Encounter</a></td><td><a href=\"StructureDefinition-SDHREncounter.html\">https://fhir-ig.digital.health.nz/sdhr/StructureDefinition/SDHREncounter</a></td><td class=\"text-center\">y</td><td class=\"text-center\">y</td><td class=\"text-center\">y</td><td class=\"text-center\">y</td><td></td><td/><td/><td/></tr><tr><td><a href=\"#Observation1-4\">Observation</a></td><td><a href=\"StructureDefinition-SDHRObservation.html\">https://fhir-ig.digital.health.nz/sdhr/StructureDefinition/SDHRObservation</a></td><td class=\"text-center\">y</td><td class=\"text-center\">y</td><td class=\"text-center\">y</td><td class=\"text-center\">y</td><td></td><td/><td/><td/></tr></tbody></table></div><hr/><div class=\"panel panel-default\"><div class=\"panel-heading\"><h4 id=\"AllergyIntolerance1-1\" class=\"panel-title\"><span style=\"float: right;\">Resource Conformance: supported </span>AllergyIntolerance</h4></div><div class=\"panel-body\"><div class=\"container\"><div class=\"row\"><div class=\"col-lg-6\"><span class=\"lead\">Base System Profile</span><br/><a href=\"StructureDefinition-SDHRAllergyIntolerance.html\">SDHRAllergyIntolerance</a></div><div class=\"col-lg-3\"><span class=\"lead\">Profile Conformance</span><br/><b>SHALL</b></div><div class=\"col-lg-3\"><span class=\"lead\">Reference Policy</span><br/></div></div><p/><div class=\"row\"><div class=\"col-lg-6\"><span class=\"lead\">Interaction summary</span><br/><ul><li>Supports <code>read</code>, <code>create</code>, <code>update</code>, <code>search-type</code>.</li></ul></div></div><p/></div></div></div><div class=\"panel panel-default\"><div class=\"panel-heading\"><h4 id=\"Condition1-2\" class=\"panel-title\"><span style=\"float: right;\">Resource Conformance: supported </span>Condition</h4></div><div class=\"panel-body\"><div class=\"container\"><div class=\"row\"><div class=\"col-lg-6\"><span class=\"lead\">Base System Profile</span><br/><a href=\"StructureDefinition-SDHRCondition.html\">SDHRCondition</a></div><div class=\"col-lg-3\"><span class=\"lead\">Profile Conformance</span><br/><b>SHALL</b></div><div class=\"col-lg-3\"><span class=\"lead\">Reference Policy</span><br/></div></div><p/><div class=\"row\"><div class=\"col-lg-6\"><span class=\"lead\">Interaction summary</span><br/><ul><li>Supports <code>read</code>, <code>create</code>, <code>update</code>, <code>search-type</code>.</li></ul></div></div><p/></div></div></div><div class=\"panel panel-default\"><div class=\"panel-heading\"><h4 id=\"Encounter1-3\" class=\"panel-title\"><span style=\"float: right;\">Resource Conformance: supported </span>Encounter</h4></div><div class=\"panel-body\"><div class=\"container\"><div class=\"row\"><div class=\"col-lg-6\"><span class=\"lead\">Base System Profile</span><br/><a href=\"StructureDefinition-SDHREncounter.html\">SDHREncounter</a></div><div class=\"col-lg-3\"><span class=\"lead\">Profile Conformance</span><br/><b>SHALL</b></div><div class=\"col-lg-3\"><span class=\"lead\">Reference Policy</span><br/></div></div><p/><div class=\"row\"><div class=\"col-lg-6\"><span class=\"lead\">Interaction summary</span><br/><ul><li>Supports <code>read</code>, <code>create</code>, <code>update</code>, <code>search-type</code>.</li></ul></div></div><p/></div></div></div><div class=\"panel panel-default\"><div class=\"panel-heading\"><h4 id=\"Observation1-4\" class=\"panel-title\"><span style=\"float: right;\">Resource Conformance: supported </span>Observation</h4></div><div class=\"panel-body\"><div class=\"container\"><div class=\"row\"><div class=\"col-lg-6\"><span class=\"lead\">Base System Profile</span><br/><a href=\"StructureDefinition-SDHRObservation.html\">SDHRObservation</a></div><div class=\"col-lg-3\"><span class=\"lead\">Profile Conformance</span><br/><b>SHALL</b></div><div class=\"col-lg-3\"><span class=\"lead\">Reference Policy</span><br/></div></div><p/><div class=\"row\"><div class=\"col-lg-6\"><span class=\"lead\">Interaction summary</span><br/><ul><li>Supports <code>read</code>, <code>create</code>, <code>update</code>, <code>search-type</code>.</li></ul></div></div><p/></div></div></div></div>"
},
"extension" : [
{
"extension" : [
{
"url" : "licenseURL",
"valueUri" : "https://www.tewhatuora.govt.nz/assets/Our-health-system/Digital-health/Digital-Service-Hub/API-Access-and-Use-Agreement.docx"
},
{
"url" : "externalDocs",
"valueUri" : "https://fhir-ig.digital.health.nz/shared-care"
},
{
"url" : "licenseName",
"valueString" : "Health New Zealand Digital Services Hub API Access and Use Agreement"
},
{
"extension" : [
{
"extension" : [
{
"url" : "key",
"valueString" : "X-Correlation-Id"
},
{
"url" : "value",
"valueUri" : "https://raw.githubusercontent.com/tewhatuora/schemas/main/shared-care/Api-Key.json"
},
{
"url" : "required",
"valueBoolean" : true
}
],
"url" : "https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/custom-headers-extension"
},
{
"extension" : [
{
"url" : "key",
"valueString" : "Request-Context"
},
{
"url" : "value",
"valueUri" : "https://raw.githubusercontent.com/tewhatuora/schemas/main/shared-care/Request-Context.json"
},
{
"url" : "required",
"valueBoolean" : true
}
],
"url" : "https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/custom-headers-extension"
}
],
"url" : "globalHeaders"
}
],
"url" : "https://fhir-ig.digital.health.nz/hnz-digital-tooling/StructureDefinition/resource-metadata-extension"
}
],
"url" : "https://fhir-ig.digital.health.nz/sdhr/CapabilityStatement/SDHRCapabliityStatement",
"version" : "0.3.0",
"name" : "SDHRCapabliityStatement",
"title" : "NZ Shared Digital Health Record API",
"status" : "draft",
"experimental" : true,
"date" : "2024-04-15T01:15:23.3688326Z",
"publisher" : "Health New Zealand",
"contact" : [
{
"name" : "Health New Zealand",
"telecom" : [
{
"system" : "url",
"value" : "https://github.com/tewhatuora"
}
]
},
{
"name" : "HNZ Integration Team",
"telecom" : [
{
"system" : "email",
"value" : "integration@tewhatuora.govt.nz",
"use" : "work"
}
]
}
],
"description" : "NZ Shared Digital Health Record API",
"kind" : "capability",
"software" : {
"name" : "NZ Shared Digital Health Record API",
"version" : "1.0.0.0"
},
"implementation" : {
"description" : "Health NZ | Te Whatu Ora NZ Shared Digital Health Record API",
"url" : "https://fhir.api.digital.health.nz/R4"
},
"fhirVersion" : "4.0.1",
"format" : [
"application/fhir+json"
],
"rest" : [
{
"mode" : "server",
"security" : {
"extension" : [
{
"extension" : [
{
"url" : "token",
"valueUri" : "https://ppd.auth.services.health.nz/realms/hnz-integration/protocol/openid-connect/token"
},
{
"url" : "authorize",
"valueUri" : "https://ppd.auth.services.health.nz/realms/hnz-integration/protocol/openid-connect/authorize"
}
],
"url" : "http://fhir-registry.smarthealthit.org/StructureDefinition/oauth-uris"
},
{
"url" : "http://fhir-registry.smarthealthit.org/StructureDefinition/capabilities",
"valueCode" : "client-confidential-symmetric"
}
],
"cors" : true,
"service" : [
{
"coding" : [
{
"code" : "SMART-on-FHIR"
}
]
}
],
"description" : "OAuth 2.0 - Client Credential flow.)"
},
"resource" : [
{
"type" : "AllergyIntolerance",
"profile" : "https://fhir-ig.digital.health.nz/sdhr/StructureDefinition/SDHRAllergyIntolerance",
"interaction" : [
{
"code" : "read"
},
{
"code" : "create"
},
{
"code" : "update"
},
{
"code" : "search-type"
}
]
},
{
"type" : "Condition",
"profile" : "https://fhir-ig.digital.health.nz/sdhr/StructureDefinition/SDHRCondition",
"interaction" : [
{
"code" : "read"
},
{
"code" : "create"
},
{
"code" : "update"
},
{
"code" : "search-type"
}
]
},
{
"type" : "Encounter",
"profile" : "https://fhir-ig.digital.health.nz/sdhr/StructureDefinition/SDHREncounter",
"interaction" : [
{
"code" : "read"
},
{
"code" : "create"
},
{
"code" : "update"
},
{
"code" : "search-type"
}
]
},
{
"type" : "Observation",
"profile" : "https://fhir-ig.digital.health.nz/sdhr/StructureDefinition/SDHRObservation",
"interaction" : [
{
"code" : "read"
},
{
"code" : "create"
},
{
"code" : "update"
},
{
"code" : "search-type"
}
]
}
],
"interaction" : [
{
"code" : "search-system",
"documentation" : " ### Request-Context custom header\n\n All screening FHIR API requests must include the HNZ request context *custom header* supplying identifiers for the health user \n and organisation behind the API request.\n\n This context is supplied using the 'Request-Context' custom header in the form of a base64-encoded JSON object.\n\n |**Context property**|**Value**|\n |:------------------|:---------|\n | `userIdentifier` | The userid of the user as authenticated by the PMS/health application (REQUIRED) |\n | `secondaryIdentifier` | The secondary identifier for the user - this **MUST** be the end users Common Person Number (aka HPI Practitioner identifier) of the practitioner using the application (REQUIRED) |\n | `purposeOfUse` | Set to `\"NZSCREEN\"` (REQUIRED) |\n | `userFullName` | Full name of the user of the PMS/health application.` (REQUIRED) |\n | `userRole` | Role of the user of the PMS/health application. Set to `\"PROV\" (REQUIRED) |\n | `orgIdentifier` | The HPI Organisation Number (aka HPI Organisation identifier) for the organisation in which the API consumer application is deployed (REQUIRED) |\n | `facilityIdentifier` | HPI identifier for the facility where the user is located (REQUIRED) |\n\n A schema definition and examples for `Request-Context` can be [found here](https://github.com/tewhatuora/schemas/blob/main/json-schema/Request-Context.json)\n\n #### Example Request-Context Header Payload\n **Base64 Encoded**\n ```\n eyJ1c2VySWRlbnRpZmllciI6InBhdCIsInVzZXJSb2xlIjoiUFJPViIsInNlY29uZGFyeUlkZW50aWZpZXIiOnsidXNlIjoib2ZmaWNpYWwiLCJzeXN0ZW0iOiJodHRwczovL3N0YW5kYXJkcy5kaWdpdGFsLmhlYWx0aC5uei9ucy9ocGktcGVyc29uLWlkIiwidmFsdWUiOiI5OVpaWlMifSwicHVycG9zZU9mVXNlIjpbIlBST1YiXSwidXNlckZ1bGxOYW1lIjoiQmV2ZXJseSBDcnVzaGVyIiwib3JnSWRlbnRpZmllciI6IkcwMDAwMS1HIiwiZmFjaWxpdHlJZGVudGlmaWVyIjoiRlpaOTk5LUIifQ\n ```\n **Decoded JSON**\n ```json\n {\n \"userIdentifier\": \"pat\",\n \"userRole\": \"PROV\",\n \"secondaryIdentifier\": {\n \"use\": \"official\",\n \"system\": \"https://standards.digital.health.nz/ns/hpi-person-id\",\n \"value\": \"99ZZZS\"\n },\n \"purposeOfUse\": [\n \"NZSCREEN\"\n ],\n \"userFullName\": \"Beverly Crusher\",\n \"orgIdentifier\": \"G00001-G\",\n \"facilityIdentifier\": \"FZZ999-B\"\n}\n```\n\n ### Error status codes\n\n #### Read (GET) Operation Statuses\n\n |**Code**|**Meaning**|**Description**|\n |:--:|:-----------------|:--|\n |200|OK |The request was successful, and the response body contains the representation requested|\n |302|FOUND |A common redirect response; you can GET the representation at the URI in the Location response header|\n |304|NOT MODIFIED |Your client's cached version of the representation is still up to date|\n |400|BAD REQUEST |Missing or bad `Recurity-Context` custom header; FHIR request payload does not validate against Implementation Guide|\n |401|UNAUTHORIZED |The supplied credentials, if any, are not sufficient to access the resource|\n |403|FORBIDDEN |Insufficient privilege to access the requested FHIR resource/operation|\n |404|NOT FOUND |The requested representation was not found. Retrying this request is unlikely to be successful|\n |429|TOO MANY REQUESTS |Your application is sending too many simultaneous requests|\n |500|SERVER ERROR |An internal server error prevented return of the representation response|\n |503|SERVICE UNAVAILABLE|We are temporarily unable to return the representation. Please wait and try again later|\n\n #### Search (GET) Operation Statuses\n\n |**Code**|**Meaning** |**OperationOutcome** in response?|**Description**|\n |:--:|:-----------------|:----------------------------------|:----------------------------------|\n |200|OK |Yes, When there are additional messages about a match result|The request was successful, and the response body contains the representation requested|\n |302|FOUND |No |A common redirect response; you can GET the representation at the URI in the Location response header|\n |400|BAD REQUEST |Yes|Missing or bad `Recurity-Context` custom header;<br>FHIR request payload does not validate against Implementation Guide|\n |401|UNAUTHORIZED |Yes|The supplied credentials, if any, are not sufficient to access the resource|\n |403|FORBIDDEN |Yes|Insufficient privilege to access the requested FHIR resource/operation. See [OperationOutcome-APIError-Unauthorised](./OperationOutcome-APIError-Unauthorised.html)|\n |429|TOO MANY REQUESTS |No |Your application is sending too many simultaneous requests|\n |500|SERVER ERROR |No |An internal server error prevented return of the representation response|\n |503|SERVICE UNAVAILABLE|No |The server is temporarily unable to return the representation. Please wait and try again later|\n\n ### Non existent API endpoints\n\n When a consumer attempts to call a non-existent API end point, respond\n with a **501 Not Implemented** status code."
}
]
}
]
}