Accounts

Learn how to create accounts, verify and update your personal details

As soon as you create an account, it can be used to login in their Accounts page and (in case of developers) their Developer console. It can also be used to login to the CMS App after it has been verified

Adding email into account waitlist

In invite-only signup mode, an account can only be created by adding an invitation code in the creation payload. Aside from the application admins sending invite codes to select users, a user can request to be added to a waitlist to be approved by application admins (sending them the codes) An email can be added to the waitlist using the account-waitlist API's create method.

Example

## Add an email to the waitlist
curl <base-uri>/account-waitlist \
-X POST \
-H "Content-Type: application/json" \
-d "{
  "email": "email@domain.com",
  "mobileNo": "09171234567",
  "personalDetails": {
    "name": {
      "firstName": "First",
      "lastName": "Last"
    },
    "doc_PRCLicenseNo": 123456
  }
}"

## Application Admins will then send the users an email
## that will include their invitation code w/c will be used
## on signup
curl <base-uri>/accounts \
-X POST \
-H "Content-Type: application/json" \
-d "{
  "email": "email@domain.com",
  "password": "supersecretpass",
  "invitation": "<invite-code>"
}"

Additional details provided when adding user in the waitlist can be fetched (using the invite code as id) to prefill the signup page/payload for the user (if mobileNo, name, etc...) using the account-waitlist API's get method.

Example

curl <base-uri>/account-waitlist/<invite-code> 

{
  "email": "email@domain.com",
  "mobileNo": "09171234567",
  "personalDetails": {
    "name": {
      "firstName": "First",
      "lastName": "Last"
    },
    "doc_PRCLicenseNo": 123456
  }
}

Creating an account

An account can be created using the accounts API's create method.

Example

curl <base-uri>/accounts \
-X POST \
-H "Content-Type: application/json" \
-d "{
  "email": "email@domain.com",
  "password": "supersecretpass",
}"

Verifying an account's login credentials

As soon as the account is created, a verification email (if created with an email) and/or sms (if created with mobileNo that is a Philippine mobile number) will be sent. The email (or sms message) will contain a verification code that can be used to verify the account's login credential(s) (email and/or mobileNo) using the authentication API's create method (applyActionCode action)

Onboarding

New accounts (signed up with email) can expect to receive the following emails:

  • Welcome Email upon account creation
  • Human Verification Email upon account creation for a doctor (PersonalDetails#doc_PRCLicense is provided)
  • Email Verification upon creation of non-doctors using an email identity

Other emails that can be recieved

  • Identity validation receipt when identity images (PersonalDetails#identityImages) are provided
  • Facility Membership Invitation when invited by an existing facility
  • Patient Account Connection when invited by permitted account to associate an existing patient to its owner's account

Login/Authenticated Requests

Most resources/APIs require authorization before the requests can be resolved. This authorization can be achieved by requesting an access_token (logging in) using the authentication API and sending that access_token for every request made

Example

# Login
curl <base-uri>/authentication \
-X POST \
-H "Content-Type: application/json" \
-d "{
  "email": "email@domain.com",
  "password": "supersecretpass",
}"

# Response
{
  "uid": "some-uid",
  // save this access token
  "accessToken": "ejsdasd.long-token-string.here",
}

# For every authentication-required requests,
# attach the access token
curl <base-uri>/personal-details/some-uid \
-X PATCH \
-H "Content-Type: application/json" \
-H "Authorization: Bearer <captured-accessToken-here>" \
-d "{
  "maritalStatus": "single",
}"

2FA Login

An account can be more secure by setting if 2FA authentication. 2FA can be enabled using the authentication API's create method (setupMFA action)

Change login identity (email | mobileNo)

An account's login identity (email and/or mobileNo) can only be changed using the authentication API's create method (changeIdentity action). It will then send a Confirm Change Identity email that will contain a code that should be applied using the (authentication API)[https://developers.example.com/docs/api#authentication]'s create method (applyActionCode action)

Change password

An account's password can only be changed using the authentication API's create method (changePassword action). It will then send a Confirm Password Change email that will contain a code that should be applied using the authentication API's create method (applyActionCode action)

Update personal details

Login credential(s) verified account can change their personal details using the personal-details API;

Caveats

  • accounts cannot be created on on-premise servers

Doctor Accounts

Each Account has a corresponding PersonalDetails (Account.uid will match PersonalDetails.id). If the PersonalDetails.doc_PRCLicenseNo is truthy (exists, value is not null or 0), Account.isDoctor will be true. When creating an Account, a personalDetails field can be provided to populate the PersonalDetails. Take the following minimal example payload for /accounts:

curl <base-uri>/accounts \
-X POST \
-H 'Content-Type: application/json' \
-d '{
    "email": "test@mail.com",
    "password": "password",
    "personalDetails": {
        "doc_PRCLicenseNo": 1234,
    }
}'

Here, the Account will be created, as well as the PersonalDetails with the correct doc_PRCLicenseNo.

results matching ""

    No results matching ""