| Produto: | TOTVS Saúde Planos |
|---|---|
| Linha de Produto: | Linha Protheus |
| Segmento: | Saúde |
| Módulo: | PORTAIS |
| Função: | CONTROLE DE ACESSO - API |
| País: | Brasil |
| Ticket: | |
| Issue: | DSAUBE-28752 |
Necessidade de implementação de uma camada de segurança nas requisições de dados das APIs do Portal do Beneficiário para garantir que o usuário só acesse informações estritamente permitidas a ele, impedindo o acesso a dados de outros usuários ou famílias.
Implementada a camada de segurança nas APIs do Portal do Beneficiário
APIs com camada de segurança já implementada:
o POST- /totvsHealthPlans/portal/v1/cards
· Beneficiary
o GET - /totvsHealthPlans/portal/v1/beneficiaries
o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId/supplementaryHealth
o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId/elegibility
o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId
o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId/financeStatement/base64
o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId/incomeTax/base64
o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId/rescissionFine
o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId/utilizationStatement/base64
o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId/annualStatementDebts/base64
o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId/card
· Family
o GET - /totvsHealthPlans/portal/v1/families/:subscriberId
· Health Products Beneficiary
o GET - /totvsHealthPlans/portal/v1/healthProductsBeneficiary/:subcriberId
Authorization
o POST - /totvsHealthPlans/portal/v1/authorizations/protocols
o GET - /totvsHealthPlans/portal/v1/authorizations/:subscriberId/protocols
o GET - /totvsHealthPlans/portal/v1/authorizations/protocols/:protocolId /interactions
o POST - /totvsHealthPlans/portal/v1/authorizations/protocols/attachments
·
· Title
o GET - /totvsHealthPlans/portal/v1/titles
o
· Form Struct
o GET - /totvsHealthPlans/portal/v1/formStruct/beneficiaries
·
· Continued Medication
o POST - /totvsHealthPlans/portal/v1/continuousMedications
o GET - /totvsHealthPlans/portal/v1/continuousMedications
Cenário: Problema 1: Erro no Inicializador Padrão
Necessidade de implementação de uma camada de segurança nas requisições de dados das APIs do Portal do Beneficiário para garantir que o usuário só acesse informações estritamente permitidas a ele, impedindo o acesso a dados de outros usuários ou famílias. Solução:
APIs com camada de segurança já implementada: · Cards o POST- /totvsHealthPlans/portal/v1/cards · Beneficiary o GET - /totvsHealthPlans/portal/v1/beneficiaries o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId/supplementaryHealth o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId/elegibility o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId/financeStatement/base64 o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId/incomeTax/base64 o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId/rescissionFine o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId/utilizationStatement/base64 o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId/annualStatementDebts/base64 o GET - /totvsHealthPlans/portal/v1/beneficiaries/:subscriberId/card · Family o GET - /totvsHealthPlans/portal/v1/families/:subscriberId · Health Products Beneficiary o GET - /totvsHealthPlans/portal/v1/healthProductsBeneficiary/:subcriberId |
· · · Authorization o POST - /totvsHealthPlans/portal/v1/authorizations/protocols o GET - /totvsHealthPlans/portal/v1/authorizations/:subscriberId/protocols o GET - /totvsHealthPlans/portal/v1/authorizations/protocols/:protocolId /interactions o POST - /totvsHealthPlans/portal/v1/authorizations/protocols/attachments · · Title o GET - /totvsHealthPlans/portal/v1/titles o · Form Struct o GET - /totvsHealthPlans/portal/v1/formStruct/beneficiaries · · Continued Medication o POST - /totvsHealthPlans/portal/v1/continuousMedications o GET - /totvsHealthPlans/portal/v1/continuousMedications |
Outras ações/ações relacionadas