Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Overview

The goal of this document is to give an overview of API interactions that occur when a SafePaths mobile user uploads their data to the SafePlaces API within the context of a contact tracing interview.

Flow Overview

Access Code Creation

Contact tracer creates a new case within the SafePaths web UI. After successful creation of a case the web UI makes another call to create an access code that will be displayed to the contact tracer and verbally communicated via phone to the interviewee. See this document (https://pathcheck.atlassian.net/wiki/spaces/SA/pages/81134291/SPL+Token+Exchange#Access-Code-Exchange ) for information on creating access tokens.

Access Code Validation

The user will input the accessCode into the SafePaths app. An API request will be made to this endpoint. The endpoint returns a boolean indicating whether or not the accessCode exists and is valid.

User Consent

The user consents to the HA’s terms of service after the access code is confirmed to be valid. We record the user’s consent on the case record associated with the accessCode and invalidate the accessCode record (set invalidatedAt timestamp) if the user did not consent to the terms of service.

Data Upload

User data (points of concern) are posted to the endpoint along with the accessCode. Validation on the accessCode occurs once more and then we persist the provided user data.

Post Data Upload

The SafePlaces frontend application will be polling the GET /case/{caseId}/points (https://pathcheck.atlassian.net/wiki/spaces/SA/pages/73924822/SPL+API+Specification+v1+For+MVP1#GET-%2Fcase%2F%7BcaseId%7D%2Fpoints ). Once the upload process has concluded the endpoint will return the points of concern that were uploaded from the SafePaths app. The endpoint should check for the presence of an access code record associated with the case and take the following actions:

  • Return an appropriate error message to the client if the accessCode record is no longer valid (invalidatedAt timestamp is nil ) for any reason

  • Return an appropriate error message to the client if the user has not consented to the HA’s terms of service

  • Return an appropriate status code if there is a valid access code associated with the case and but no points of concern associated with the case (user has not uploaded data yet)

  • Return all points of concern associated with the case if there are any

Open Questions

  1. The SafePaths mobile app needs to know what HA’s are using SafePlaces. How are we serving up information about what HA’s are on using SafePlaces? What information do we expose about the HA’s and their organizations?

  • No labels