WORK IN PROGRESS
Overview
The goal of this document is to give an overview of API interactions that occur when a SafePaths mobile user uploads their data to the SafePlaces API within the context of a contact tracing interview.
Flow Overview
Case Creation
Contact tracer creates a new case within the SafePaths web UI. At this time the case is assigned a unique caseId
, which is returned to the web UI in the response.
Private WebUI Service
Endpoint:
POST /organization/case
(https://pathcheck.atlassian.net/wiki/spaces/SA/pages/73924822/SPL+API+Specification+v1+For+MVP1#confirmed%3A--POST-%2Forganization%2Fcase )Write to Private DB
Access Code Creation
Contact tracer creates an access code which can be used by the SafePlaces mobile app to upload points of concern. At the time of writing there is no UI design for initiating access code creation manually, so for now the web UI will create and display an access code automatically after creating the case. The token is generated according to SPL Token Exchange, and only exists for 1 hour. The contact tracer communicates this code to the user verbally over the phone.
Private WebUI Service
Endpoint:
POST /access-code
(NEEDS SPEC)Write to Ingest/Upload DB
Access Code Validation
The user will input the accessCode
into the SafePaths app. An API request will be made to this endpoint. The endpoint returns a boolean indicating whether or not the accessCode
exists and is valid.
Ingest/Upload Service
Endpoint:
GET /access-code/valid
(https://pathcheck.atlassian.net/wiki/spaces/SA/pages/73924822/SPL+API+Specification+v1+For+MVP1#GET-%2Faccess-code%2Fvalid%2F%7BaccessCode%7D )Read from Ingest/Upload DB
User Consent
The user consents to the HA’s terms of service after the access code is confirmed to be valid. We record the user’s consent and invalidate the accessCode
record (set invalidatedAt
timestamp) if the user did not consent to the terms of service.
Ingest/Upload Service
Endpoint:
POST /consent
(https://pathcheck.atlassian.net/wiki/spaces/SA/pages/73924822/SPL+API+Specification+v1+For+MVP1#POST-%2Fconsent )Write to Ingest/Upload DB
Data Upload
User data (points of concern) are posted to the endpoint along with the accessCode
. Validation on the accessCode
occurs once more and then we persist the provided data, as well as persisting the access code used for upload. The access code is invalidated upon success.
Ingest/Upload Service
Endpoint:
POST /upload
(https://pathcheck.atlassian.net/wiki/spaces/SA/pages/73924822/SPL+API+Specification+v1+For+MVP1#POST-%2Fupload )Write to Ingest/Upload DB
Case ↔︎ Data Association
The SafePlaces frontend application will be polling GET /points
(NEEDS SPEC), which should return the list of uploaded points for the given access token. If the user declined the ToS, an appropriate error status code is returned. Once the upload process has concluded the endpoint will return the points of concern that were uploaded from the SafePaths app. Once points are returned, the upload is assumed to be completed.
Private WebUI Service
Read from Ingest/Upload DB
The frontend application then makes a call to POST /cases/points
(NEEDS SPEC), providing both the uploaded points returned from the poll above and the caseId
.
Private WebUI Service
Write to Private DB
Displaying Points for the Case
The SafePlaces frontend application can now retrieve the list of points for the case from GET /case/points
(https://pathcheck.atlassian.net/wiki/spaces/SA/pages/73924822/SPL+API+Specification+v1+For+MVP1#GET-%2Fcase%2F%7BcaseId%7D%2Fpoints ), for display in the UI.
Private WebUI Service
Read from Private DB
0 Comments