apiary.apib

FORMAT: 1A
HOST: http://www.openehr.org/api



# OpenEHR REST API

The openEHR REST API enables interaction with an openEHR service in a RESTful manner.

In many places parameter `version_time` is used. It is used to select a specific version
of a VERSIONED_OBJECT and can have the following values:
- `LATEST_TRUNK_VERSION`
- a specific timestamp in the ISO8601 format (e.g. 2015-01-20T19:30:22.765+01:00)
- version uid

When the `version_time` parameter is not provided, the lastest trunk version is returned, 
which is the same as specifing `version_time=LATEST_TRUNK_VERSION`.


# Group EHR

## EHR [/ehr]

Management of EHR resources.

### Create a new EHR (with auto-generated ehr_id) [POST]

Request body may contain `ehr_status` and `ehr_access` attributes. When provided these
resources will also be created as part of the `create EHR` action, 
otherwise default resources will be created automatical by the service.

+ Request

    + Headers

            Prefer: return={representation|minimal}

    + Body

            {
                "commit_audit": {
                    "description": "Commit audit description",
                    "committer": {"@class": "PARTY_IDENTIFIED", ... }
                },
                "ehr_status": { ... },
                "ehr_access": { ... }
            }

+ Response 201 (application/json)

    `201 Created` is returned when a new EHR has been succesfully created. 
    The EHR resource is returned in the body when the `Prefer` header has the value of `return=representation`.

    + Headers

            Location: /ehr/{ehrId}

    + Body

            {
                "system_id": {...},
                "ehr_id": {...},
                "ehr_status": "versioned ehr status uid",
                "ehr_acess": "versioned ehr access uid",
                "directory": {},
                "time_created", "..."
            }

+ Response 400

    '400 Bad Request' is returned when unable to create a new EHR due to bad client Request, e.g. malformed syntax.

    + Body

+ Response 401

    `401 Unauthorized` is returned when request is not authorised to be performed.

    + Body


### Create EHR with ehr_id [PUT /ehr/{ehr_id}]

Create new `EHR` with the specified EHR identifer. 
The request body may contain `ehr_status` and `ehr_access` attributes, 
which will be used to create these initial resources associated with the new EHR.
When the `ehr_status` or `ehr_access` attributes are not provided, defaults resources 
will be created by the service.

+ Parameters
    + ehr_id (string) - EHR identifier

+ Request

    + Headers

            Prefer: return={representation|minimal}

    + Body

            {
                "commit_audit": {
                    "description": "Commit audit description",
                    "committer": {"@class": "PARTY_IDENTIFIED", ... }
                },
                "ehr_status": {...},
                "ehr_access": {...}
            }

+ Response 201 (application/json)

    `201 Created` is returned when a new EHR has been succesfully created. 
    The new EHR resource is returned in the body when the request's `Prefer` header value is `return=representation`.

    + Headers

            Location: /ehr/{ehrId}

    + Body

            {
                "system_id": {},
                "ehr_id": {},
                "ehr_status": "versioned ehr status uid",
                "ehr_acess": "versioned ehr access uid",
                "directory": {},
                "time_created", "..."
            }

+ Response 400

    '400 Bad Request' is returned whenunable to create a new EHR due to bad client Request, e.g. malformed syntax such as the 'ehr_id' not a valid HIER_OBJECT_ID value.

    + Body

+ Response 409

    Unable to create a new EHR due to a conflict with the current state of the resource. Can happen when the supplied ehrId already exists.

    + Body

+ Response 401

    `401 Unauthorized` is returned when request is not authorised to be performed.

    + Body

+ Response 405

    `405 Method Not Allowed` is returned when an `EHR` with specified `ehr_id` already exists.

    + Body

### Get EHR [GET /ehr/{ehr_id}]
Retreive the EHR with the specified `ehr_id`.

+ Parameters
    + ehr_id (string) - EHR identifier

+ Response 200 (application/json)
    `200 OK` is returned the EHR resource is successfully retreived. 
    
    + Body

            {
                "system_id": {},
                "ehr_id": {},
                "ehr_status": "versioned ehr status uid",
                "ehr_acess": "versioned ehr access uid",
                "directory": {},
                "time_created", "...",
                ... // to be defined, possibly counts of compositions, contributions, etc.
            }

+ Response 400
    `400 Bad Request` is returned when the request has invalid content such as an invalid `ehr_id` value.

    + Body
    
+ Response 401
    `401 Unauthorized` is returned when request is not authorised.

    + Body

+ Response 404

    `404 Not Found` is returned when an `EHR` with `ehr_id` does not exist.

    + Body


### Delete EHR [DELETE /ehr/{ehr_id}]

_This call is under discussion._

Mark the `EHR` as deleted by updating the associated `EHR_STATUS` and `EHR_ACCESS` as deleted. 
The request body contains commit_audit attribute to be used as the commit audit details 
for the deleted `EHR_STATUS` and `EHR_ACCESS` resources. Where an implementation requires 
additional attestation to authorise the deletion, this can be provided in the attestations 
attribute in the request.

Note: Some jursidictions may require the service to physically delete the `EHR` and all its content.
This operation may be used to implement this capability but the commit_audit and attesations must be 
retained using an alterate audit trail than the usual contribution aufit details.

+ Parameters
    + ehr_id (string) - EHR identifier

+ Request

        {
            "commit_audit": {
                "description": "Commit audit description",
                "committer": { "@class": "PARTY_IDENTIFIED", 
                    ... }
            },
            "attestations": { ... }
        }
    
+ Response 204

    `204 No Content` is return when `EHR` is successfully deleted.

    + Body

+ Response 400

    `400 Bad Request` is returned when the request has invalid content such as an invalid `ehr_id` value.
    
    + Body
    
+ Response 401

    `401 Unauthorized` is returned when request is not authorised.

    + Body

+ Response 404

    `404 Not Found` is returned when an `EHR` with `ehr_id` does not exist.

    + Body

# Group EHR_STATUS

## EHR_STATUS [/ehr/{ehrId}/ehr_status]
Management of EHR_STATUS resources.

### Get EHR_STATUS [GET /ehr/{ehr_id}/ehr_status?version_time]

Retreive the `EHR_STATUS` associated with the specified `ehr_id`. 
When the `version_time` parameter is provided, the `EHR_STATUS` version that existed at the specified version time is returned, 
otherwise the latest trunk version is returned.
The `version_time` parameter may be an ISO8601 datetime string or symbolic value such as `LATEST_TRUNK_VERSION`. 

+ Parameters
    + ehr_id (string) - EHR identifier
    + version_time (string, optional) - version time specifier

+ Response 200 (application/json)
    `200 OK` is return with the EHR_STATUS resource in the body when it is successfully retreived. 

    + Headers

            Content-Location: /ehr/{ehr_id}/ehr_status/{version_uid}
            ETag: {version_uid}

    + Body

            {
                "uid": "..",
                "subject": {},
                "is_queryable": true,
                "is_modifiable": true,
                "other_details": {}
            }


+ Response 400

    `400 Bad Request` is returned when the request has invalid content such as an invalid `ehr_id` or `version_uid` format.
    
    + Body
    
+ Response 401

    `401 Unauthorized` is returned when request is not authorised.

    + Body

+ Response 404

    `404 Not Found` returned when `EHR` with `ehr_id` does not exist or has been deleted or 
    a version of an `EHR_STATUS` resource does not exist at the specified `version_time`.  

    + Body

### Get EHR_STATUS by version_uid [GET /ehr/{ehr_id}/ehr_status/{version_uid}]

Retrieve the version of the `EHR_STATUS` associated with the specified `ehr_id` and `version_uid`.

+ Parameters
    + ehr_id (string) - EHR identifier
    + version_uid (string) - version UID

+ Response 200 (application/json)
    `200 OK` is return when the `EHR_STATUS` is successfully retreived. 

    + Body

            {
                "uid": "..",
                "subject": {},
                "is_queryable": true,
                "is_modifiable": true,
                "other_details": {}
            }


+ Response 400

    `400 Bad Request` is returned when the request has invalid parameters such as an invalid ehr_id value.
    
    + Body
    
+ Response 401

    `401 Unauthorized` is returned when request is not authorised.

    + Body

+ Response 404

    `404 Not Found` is returned when an `EHR` with `ehr_id` does not exist or 
    an `EHR_STATUS` with `version_uid` does not exist.

    + Body

### Update EHR_STATUS [PUT /ehr/{ehr_id}/ehr_status]

Update `EHR_STATUS` associated with the specified `ehr_id`. 
The existing `version_uid` of `EHR_STATUS` resource must be specified in the `Match-If` header.
The response will contain the updated `EHR_STATUS` resource when the `Prefer` header has a value of `return=representation`

+ Parameters
    + ehr_id (string) - EHR identifier

+ Request (application/json)

    + Header

            Match-If: {preceding_version_uid}
            Prefer: return={representation|minimal}

    + Body

            {
                "subject": {},
                "is_queryable": true,
                "is_modifiable": true,
                "other_details": {}
            }

+ Response 200

    `200 OK` return when `EHR_STATUS` resource is successfully updated. 
    The updated `EHR_STATUS` resource is returned in the body when `prefer` header value is `return=representation`.

    + Headers

            Content-Location: /ehr/{ehr_id}/ehr_status/{version_uid}
            ETag: {version_uid}

    + Body

            {
                "uid": "...",
                "subject": {},
                "is_queryable": true,
                "is_modifiable": true,
                "other_details": {}
            }

+ Response 204

    `204 No Content` is returned when `Prefer` header is NOT set to `return=representation`.

    + Headers

            Content-Location: /ehr/{ehrId}/ehr_status/{version_uid}
            ETag: {version_uid}

+ Response 400
    `400 Bad Request` is returned when the request has invalid content such as an invalid `ehr_id` format.
    
    + Body
    
+ Response 401

    `401 Unauthorized` is returned when request is not authorised.

    + Body

+ Response 404

    `404 Not Found` is returned when EHR with ehr_id does not exist or has been deleted or 
    a version of an `EHR_STATUS` resource does not exist at the specified `version_time`.

    + Body

+ Response 412

    `412 Conflict` is return when `Match-If` header doesn't match the lastest trunk version. 
    Returns lastest trunk version in the `Content-Location` and `ETag` headers.

    + Headers

            Content-Location: /ehr/{ehrId}/ehr_status/{version_uid}
            ETag: {version_uid}

    + Body


## VERSIONED_EHR_STATUS [/ehr/{ehr_id}/versioned_ehr_status]
Management of `VERSIONED_EHR_STATUS` resources.

### Get VERSIONED_EHR_STATUS [GET /ehr/{ehr_id}/versioned_ehr_status]
Retreive `VERSIONED_EHR_STATUS` associated with specified `ehr_id` including its `revision_history`.

+ Parameters

    + ehr_id (string) - EHR identifier

+ Response 200 (application/json)
    `200 OK` is return when the requested EHR's `VERSIONED_EHR_STATUS` is succesfully retrieved, which is provided in the body.

    + Body

            {
                "uid": "xxx",
                "owner_id": "ehr_id",
                "time_created": "ISO8601 timestamp",
                "revision_history": 
                    { "items": [
                        { "version_id": "",
                            "audits" : [ {...} ]
                        }]
            }
            }

+ Response 400
    `400 Bad Request` is returned when the request is invalid such as an invalid `ehr_id` value.
    
    + Body
    
+ Response 401

    `401 Unauthorized` is returned when request is not authorised.

    + Body

+ Response 404

    `404 Not Found` is returned when an `EHR` with `ehr_id` does not exist.

    + Body


### Get EHR_STATUS version [GET /ehr/{ehr_id}/versioned_ehr_status/version?{version_time}]

Retreive the `VERSION` of an `EHR_STATUS` associated with the specified `ehr_id`. 
When the `version_time` parameter is provided, the `VERSION` that existed at the specified version time is returned, 
otherwise the latest trunk version is returned. 
The `version_time` parameter may be an ISO8601 datetime string or symbolic value such as `LATEST_TRUNK_VERSION`.

+ Parameters

    + ehr_id (string) - EHR identifier
    + version_time (string, optional) - version time specifier

+ Response 200 (application/json)
    `200 OK` is return when the requested `VERSION` is successfully retrieved, which is provided in the body.

    + Headers

            Content-Location: /ehr/{ehr_id}/versioned_ehr_status/version/{version_uid}

    + Body

            {
                "contribution": {...},
                "signature": "...",
                "commit_audit": {...},
                "uid": "...",
                "data": {
                    "subject": {...},
                    "is_modifiable": "...",
                    "is_queryable": "...",
                    "other_details": {...}
                }
            }

+ Response 400

    `400 Bad Request` is returned when the request is invalid such as an invalid `ehr_id` or `version_time` value.

    + Body

+ Response 401

    `401 Unauthorized` is returned when request is not authorised.

    + Body

+ Response 404

    `404 Not Found` is returned when `EHR` with `ehr_id` does not exist, deleted 
    or when `EHR_STATUS` does not exist at the specified `version_time`.

    + Body


### Get EHR_STATUS version by uid [GET /ehr/{ehr_id}/versioned_ehr_status/version/{version_uid}]
Retreive `VERSION` of an `EHR_STATUS` associated with the specified `ehr_id` and `version_uid`.  

+ Parameters

    + ehr_id (string) - EHR identifier
    + version_uid (string) - version uid

+ Response 200 (application/json)
    `200 OK` is return when the requested `VERSION` is successfully retrieved.
    
    + Body

            {
                "contribution": {...},
                "signature": "...",
                "commit_audit": {...},
                "uid": "...",
                "data": {
                    "subject": {...},
                    "is_modifiable": "...",
                    "is_queryable": "...",
                    "other_details": {...}
                }
            }

+ Response 400
    `400 Bad Request` is returned when the request is invalid such as an invalid `ehr_id` or `version_uid` format.
    
    + Body
    
+ Response 401

    `401 Unauthorized` is returned when request is not authorised.

    + Body

+ Response 404

    `404 Not Found` is returned when an `EHR` with `ehr_id` does not exist or `EHR_STATUS` with `version_uid` does not exist.

    + Body

# Group EHR_ACCESS

## EHR_ACCESS [/ehr/{ehrId}/ehr_access]

### Get EHR_ACCESS by version_uid [GET /ehr/{ehr_id}/ehr_access/{version_uid}]

+ Parameters
    + ehr_id (string) - EHR identifier
    + version_uid (string) - version unique identifier

+ Response 200 (application/json)
    `200 OK` is returned when the EHR_ACCESS is successfully retrieved.

    + Body

            {
                "uid": "...",
                "settings": {}
            }

+ Response 401
    `401 Unauthorized` is returned when request is not authorised.

    + Body
    
+ Response 404
    `404 Not Found` is returned when an `EHR` with `ehr_id` does not exist 
    or an `EHR_STATUS` with `version_uid` does not exist.
    
    + Body

### Get EHR_ACCESS [GET /ehr/{ehrId}/ehr_access{?versionTime}]

+ Parameters
    + ehrId (string) - EHR id
    + versionTime (string, optional) - version time specifier

+ Response 200 (application/json)

    + Headers

            Content-Location: /ehr/{ehrId}/ehr_access/{versionUid}
            ETag: {versionUid}

    + Body

            {
                "uid": "...",
                "settings": {}
            }


+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id.

    + Body

### Update an EHR_ACCESS [PUT /ehr/{ehrId}/ehr_access]

+ Parameters
    + ehrId (string) - EHR id

+ Request (application/json)

    + Header

            Match-If: {precedingVersionUid}
            Prefer: return={representation/minimal}

    + Body

            {
                "settings": {}
            }

+ Response 200

    Returned when `Prefer` header is set to `return=representation`.

    + Headers

            Content-Location: /ehr/{ehrId}/ehr_status/{versionUid}
            ETag: {versionUid}

    + Body

            {
                "uid": "...",
                "settings": {}
            }

+ Response 204

    Returned when `Prefer` header is NOT set to `return=representation`.

    + Headers

            Content-Location: /ehr/{ehrId}/ehr_access/{versionUid}
            ETag: {versionUid}

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id.

    + Body

+ Response 412

    `Match-If` header doesn't match the last version. Returns
    last version in the `Content-Location` and `ETag` headers.

    + Headers

            Content-Location: /ehr/{ehrId}/ehr_access/{versionUid}
            ETag: {versionUid}

    + Body



## VERSIONED_EHR_ACCESS [/ehr/{ehrId}/versioned_ehr_access]

### Get a VERSIONED_EHR_ACCESS [GET /ehr/{ehrId}/versioned_ehr_access]

+ Parameters

    + ehrId (string) - EHR id

+ Response 200 (application/json)

    + Body

            {
                "uid": "xxx",
                "owner_id": "ehrId",
                "time_created": "ISO8601 timestamp",
                "version_count: 12,
                "all_version_ids": [
                    "versionedUid1",
                    "versionedUid2",
                    ...
                ]
            }

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id.

    + Body


### Get an EHR_ACCESS version by versionUid [GET /ehr/{ehrId}/versioned_ehr_access/versions/{versionUid}]

+ Parameters

    + ehrId (string) - EHR id
    + versionUid (string) - versionUid

+ Response 200 (application/json)

    + Body

            {
                "contribution": {},
                "signature": "...",
                "commit_audit": {},
                "uid": "...",
                "data": {
                    "settings": {},
                }
            }

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id.

    + Body


### Get an EHR_ACCESS version [GET /ehr/{ehrId}/versioned_ehr_access/version{?versionTime}]

+ Parameters

    + ehrId (string) - EHR id
    + versionTime (string, optional) - version time specifier

+ Response 200 (application/json)

    + Body

            {
                "contribution": {},
                "signature": "...",
                "commit_audit": {},
                "uid": "...",
                "data": {
                    "settings": {},
                }
            }

+ Response 204

    No VERSION at versionTime.

    + Body

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id.

    + Body


### Create a new EHR_ACCESS version [POST /ehr/{ehrId}/versioned_ehr_access/version]

+ Parameters

    + ehrId (string) - EHR id

+ Request

    + Body (application/json)

            {
                "commit_audit": {},
                "data": {
                    "settings": {},
                }
            }

    + Headers

            Match-If: {precedingVersionUid}
            Prefer: return={representation/minimal}

+ Response 201 (application/json)

    New EHR_ACCESS version was created. Content body is only returned when
    `Prefer` header was set to `return=representation` otherwise only headers are
    returned.

    + Headers

            Location: /ehr/{ehrId}/versioned_ehr_access/versions/{versionUid}
            ETag: {versionUid}

    + Body

            {
                "uid": "...",
                "contribution": {},
                "signature": "...",
                "commit_audit": {},
                "data": {
                    "subject": {},
                    "is_modifiable": "...",
                    "is_queryable": "...",
                    "other_details": {}
                }
            }

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with given id.

    + Body

+ Response 412

    `Match-If` header doesn't match the last version. Returns
    last version in the `Content-Location` and `ETag` headers.

    + Headers

            Content-Location: /ehr/{ehrId}/versioned_ehr_access/versions/{versionUid}
            ETag: {versionUid}

    + Body



# Group DIRECTORY

## Directory [/ehr/{ehrId}/directory]

### Create a directory [POST /ehr/{ehrId}/directory]

+ Parameters

    + ehrId (string) - EHR id

+ Request

    + Body (application/json)

            {
                "items": [...],
                "folders": [{}]
            }

    + Headers

            Prefer: return={representation/minimal}

+ Response 201 (application/json)

    New directory was created. Content body is only returned when
    `Prefer` header has `return=representation` otherwise only headers are
    returned.

    + Headers

            Location: /ehr/{ehrId}/directory/{versionUid}
            ETag: {versionUid}

    + Body

            {
                "uid": "...",
                "items": [...],
                "folders": [{}]
            }

+ Response 400

    Bad request - error creating a directory.

    + Body

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id.

    + Body


### Update a directory [PUT /ehr/{ehrId}/directory]

+ Parameters

    + ehrId (string) - EHR id

+ Request

    + Body (application/json)

            {
                "items": [...],
                "folders": [{}]
            }

    + Headers

            Match-If: {precedingVersionUid}
            Prefer: return={representation/minimal}

+ Response 200 (application/json)

    Directory was updated.
    Returned when `Prefer` header is set to `return=representation`.

    + Headers

            Location: /ehr/{ehrId}/directory/{versionUid}
            ETag: {versionUid}

    + Body

            {
                "uid": "...",
                "items": [...],
                "folders": [{}]
            }

+ Response 204

    Directory was updated.
    Returned when `Prefer` header is NOT set to `return=representation`.

    + Headers

            Location: /ehr/{ehrId}/directory/{versionUid}
            ETag: {versionUid}

+ Response 400

    Bad request - error when updating a directory.

    + Body

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id.

    + Body

+ Response 412

    `Match-If` header doesn't match the last version. Returns
    last version in the `Content-Location` and `ETag` headers.

    + Headers

            Content-Location: /ehr/{ehrId}/directory/{versionUid}
            ETag: {versionUid}

    + Body


### Delete a directory [DELETE /ehr/{ehrId}/directory]

+ Parameters

    + ehrId (string) - EHR id

+ Request

    + Headers

            Match-If: {precedingVersionUid}

+ Response 204

    Directory was deleted.

    + Body

+ Response 400

    Bad request - error deleting directory.

    + Body

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id.

    + Body

+ Response 412

    `Match-If` header doesn't match the last version. Returns
    last version in the `Content-Location` and `ETag` headers.

    + Headers

            Content-Location: /ehr/{ehrId}/directory/{versionUid}
            ETag: {versionUid}

    + Body

### Get a directory or its sub-folder by versionUid [GET /ehr/{ehrId}/directory/{versionUid}{?path}]

+ Parameters

    + ehrId (string) - EHR id
    + versionUid (string) - versionUid
    + path (string, optional) - path to a sub-folder

+ Response 200 (application/json)

    + Body

            {
                "uid": "...",
                "items": [...],
                "folders": [{}]
            }

+ Response 204

    No sub-folder at provided path.

    + Body

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id or no directory with specified versionUid.

    + Body


### Get a directory or its sub-folder [GET /ehr/{ehrId}/directory{?versionTime,path}]

+ Parameters

    + ehrId (string) - EHR id
    + versionTime (string, optional) - version time specifier
    + path (string, optional) - path to a sub-folder

+ Response 200 (application/json)

    + Headers

            Location: /ehr/{ehrId}/directory/{versionUid}
            ETag: {versionUid}

    + Body

            {
                "uid": "...",
                "items": [...],
                "folders": [{}]
            }

+ Response 204

    EHR has no directory at versionTime or no sub-folder at provided path.

    + Body

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id.

    + Body


# Group COMPOSITION

## Composition [/ehr/{ehrId}/compositions]

### Get a composition by version uid [GET /ehr/{ehrId}/compositions/{versionUid}{?format}]

+ Parameters

    + ehrId (string) - EHR id.
    + versionUid (string) - version uid
    + format (string, optional)...format of the composition (when ommitted canonical openEHR is assumed)

+ Response 200 (application/json)

    + Body

            {
                "@class": "COMPOSITION",
                "name": {
                    "@class": "DV_TEXT",
                    "value": "Vital Signs"
                },
                ...
            }

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR or no composition with the version uid.

    + Body

### Get a composition [GET /ehr/{ehrId}/compositions/{objectId}{?versionTime,format}]

+ Parameters

    + ehrId (string) - EHR id.
    + objectId (string) - VERSIONED_COMPOSITION's uid
    + versionTime (string, optional) - version time specifier
    + format (string, optional)...format of the composition (when ommitted canonical openEHR is assumed)

+ Response 200 (application/json)

    + Headers

            Content-Location: /ehr/{ehrId}/compositions/{versionUid}
            ETag: {versionUid}

    + Body

            {
                "@class": "COMPOSITION",
                "name": {
                    "@class": "DV_TEXT",
                    "value": "Vital Signs"
                },
                ...
            }

+ Response 204 (application/json)

    No composition at specified versionTime.

    + Body

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR or no composition with the given object id.

    + Body


### Create a new composition [POST /ehr/{ehrId}/compositions{?format}]

+ Parameters

    + ehrId (string) - EHR id
    + format (string, optional)...format of the composition (when ommitted canonical openEHR is assumed)

+ Request

    + Body (application/json)

            {
                "@class": "COMPOSITION",
                "name": {
                    "@class": "DV_TEXT",
                    "value": "Vital Signs"
                },
                ...
            }

    + Headers

            Prefer: return={representation/minimal}

+ Response 201

    New composition was created. Content body is only returned when
    `Prefer` header has `return=representation` otherwise only headers are
    returned.

    + Headers

            Location: /ehr/{ehrId}/compositions/{versionUid}
            ETag: {versionUid}

    + Body

            {
                "@class": "COMPOSITION",
                "name": {
                    "@class": "DV_TEXT",
                    "value": "Vital Signs"
                },
                ...
            }

+ Response 400

    Bad request: composition validation errors.

    + Body

            {
                "message": "Error message",
                "validationErrors": [
                    "error1", "error2"
                ]
            }

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id.

    + Body

### Update or create a composition [PUT /ehr/{ehrId}/compositions/{objectId}{?format}]

This call can be used to update an existing composition (identified by {objectId}) or
to create a new one with the supplied {objectId} instead of a server assigned one.
In case of an update `Match-If` header _might_ be required.

+ Parameters

    + ehrId (string) - EHR id
    + objectId (string) - object id of the composition to update or create with this id
    + format (string, optional) - optional format of the composition (when ommitted canonical openEHR is assumed)

+ Request

    + Body (application/json)

            {
                "@class": "COMPOSITION",
                "name": {
                    "@class": "DV_TEXT",
                    "value": "Vital Signs"
                },
                ...
            }

    + Headers

            Match-If: {precedingVersionUid}
            Prefer: return={representation/minimal}

+ Response 200 (application/json)

    Returned when `Prefer` header is set to `return=representation`.

    + Headers

            Content-Location: /ehr/{ehrId}/compositions/{versionUid}
            ETag: {versionUid}

    + Body

            {
                "@class": "COMPOSITION",
                "name": {
                    "@class": "DV_TEXT",
                    "value": "Vital Signs"
                },
                ...
            }

+ Response 204

    Returned when `Prefer` header is NOT set to `return=representation`.

    + Headers

            Content-Location: /ehr/{ehrId}/compositions/{versionUid}
            ETag: {versionUid}

+ Response 400

    Bad request: composition validation errors.

    + Body

            {
                "message": "Error message",
                "validationErrors": [
                    "error1", "error2"
                ]
            }

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id or no composition with the given object id.

    + Body

+ Response 412

    `Match-If` header doesn't match the last version. Returns
    last version in the `Content-Location` and `ETag` headers.

    + Headers

            Content-Location: /ehr/{ehrId}/ehr_status/{versionUid}
            ETag: {versionUid}

    + Body

### Delete a composition [DELETE /ehr/{ehrId}/compositions/{objectId}]

+ Parameters

    + ehrId (string) - EHR id
    + objectId (string) - object id of the composition to delete

+ Request

    + Headers

            Match-If: {precedingVersionUid}

+ Response 204

    Composition was deleted.

    + Headers

            Content-Location: /ehr/{ehrId}/compositions/{versionUid}
            ETag: {versionUid}

    + Body

+ Response 400

    Bad request.

    + Body

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id or no composition with the given object id.

    + Body

+ Response 412

    `Match-If` header doesn't match the last version. Returns
    last version in the `Content-Location` and `ETag` headers.

    + Headers

            Content-Location: /ehr/{ehrId}/compositions/{versionUid}
            ETag: {versionUid}

    + Body

### Update a composition directly [PUT /compositions/{objectId}{?format}]

+ Parameters

    + objectId (string) - object id of the composition to update
    + format (string, optional) - optional format of the composition (when ommitted canonical openEHR is assumed)

+ Request

    + Body (application/json)

            {
                "@class": "COMPOSITION",
                "name": {
                    "@class": "DV_TEXT",
                    "value": "Vital Signs"
                },
                ...
            }

    + Headers

            Match-If: {precedingVersionUid}
            Prefer: return={representation/minimal}

+ Response 200 (application/json)

    Returned when `Prefer` header is set to `return=representation`.

    + Headers

            Content-Location: /ehr/{ehrId}/compositions/{versionUid}
            ETag: {versionUid}

    + Body

            {
                "@class": "COMPOSITION",
                "name": {
                    "@class": "DV_TEXT",
                    "value": "Vital Signs"
                },
                ...
            }

+ Response 204

    Returned when `Prefer` header is NOT set to `return=representation`.

    + Headers

            Content-Location: /ehr/{ehrId}/compositions/{versionUid}
            ETag: {versionUid}

+ Response 400 (application/json)

    Bad request: composition validation errors.

    + Body

            {
                "message": "Error message",
                "validationErrors": [
                    "error1", "error2"
                ]
            }

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id or no composition with the given object id.

    + Body

+ Response 412

    `Match-If` header doesn't match the last version. Returns
    last version in the `Content-Location` and `ETag` headers.

    + Headers

            Content-Location: /ehr/{ehrId}/ehr_status/{versionUid}
            ETag: {versionUid}

    + Body


### Delete a composition directly [DELETE /compositions/{objectId}]

+ Parameters

    + objectId (string) - object id of the composition to delete

+ Request

    + Headers

            Match-If: {precedingVersionUid}

+ Response 204

    Composition was deleted.

    + Headers

            Content-Location: /compositions/{versionUid}
            ETag: {versionUid}

    + Body

+ Response 400

    Bad request.

    + Body

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id or no composition with the given object id.

    + Body

+ Response 412

    `Match-If` header doesn't match the last version. Returns
    last version in the `Content-Location` and `ETag` headers.

    + Headers

            Content-Location: /compositions/{versionUid}
            ETag: {versionUid}

    + Body


### Get a composition by version uid directly [GET /compositions/{versionUid}{?format}]

+ Parameters

    + versionUid (string) - version uid
    + format (string, optional)...format of the composition (when ommitted canonical openEHR is assumed)

+ Response 200 (application/json)

    + Body

            {
                "@class": "COMPOSITION",
                "name": {
                    "@class": "DV_TEXT",
                    "value": "Vital Signs"
                },
                ...
            }

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No composition with the version uid.

    + Body

### Get a composition directly [GET /compositions/{objectId}{?versionTime,format}]

+ Parameters

    + objectId (string) - VERSIONED_COMPOSITION's uid
    + versionTime (string, optional) - version time specifier
    + format (string, optional)...format of the composition (when ommitted canonical openEHR is assumed)

+ Response 200 (application/json)

    + Headers

            Content-Location: /compositions/{versionUid}
            ETag: {versionUid}

    + Body

            {
                "@class": "COMPOSITION",
                "name": {
                    "@class": "DV_TEXT",
                    "value": "Vital Signs"
                },
                ...
            }

+ Response 204 (application/json)

    No composition at specified versionTime.

    + Body

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No composition with the given object id.

    + Body


## Versioned Composition [/ehr/{ehrId}/versioned_compositions]

### Create a new versioned composition [POST /ehr/{ehrId}/versioned_compositions]

+ Parameters

    + ehrId (string) - EHR id

+ Request

    + Headers

            Prefer: return={representation/minimal}

+ Response 201 (application/json)

    New versioned composition was created. Content body is only returned when
    `Prefer` header has `return=representation` otherwise only headers are
    returned.

    + Headers

            Location: /ehr/{ehrId}/versioned_compositions/{uid}

    + Body

            {
                "uid": "xxx",
                "owner_id": "ehrId",
                "time_created": "ISO8601 timestamp"
            }

+ Response 400

    Bad request - when VERSIONED_COMPOSITION with the given uid already exists.

    + Body

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id.

    + Body


### Create a new versioned composition with supplied uid [PUT /ehr/{ehrId}/versioned_compositions/{uid}]

+ Parameters

    + ehrId (string) - EHR id
    + uid (string) - VERSIONED_COMPOSITION uid

+ Request

    + Headers

            Prefer: return={representation/minimal}

+ Response 201 (application/json)

    New versioned composition was created. Content body is only returned when
    `Prefer` header has `return=representation` otherwise only headers are
    returned.

    + Headers

            Location: /ehr/{ehrId}/versioned_compositions/{uid}

    + Body

            {
                "uid": "xxx",
                "owner_id": "ehrId",
                "time_created": "ISO8601 timestamp"
            }

+ Response 400

    Bad request - when VERSIONED_COMPOSITION with the given uid already exists.

    + Body

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id.

    + Body


### Get a versioned composition [GET /ehr/{ehrId}/versioned_compositions/{uid}]

Gets a complete VERSIONED_COMPOSITION.

+ Parameters

    + ehrId (string) - EHR id
    + uid (string) - VERSIONED_COMPOSITION's uid

+ Response 200 (application/json)

    + Headers

            Location: /ehr/{ehrId}/versioned_compositions/{uid}

    + Body

            {
                "uid": "xxx",
                "owner_id": "ehrId",
                "time_created": "ISO8601 timestamp",
                "version_count: 12,
                "all_version_ids": [
                    "versionedUid1",
                    "versionedUid2",
                    ...
                ]
            }

+ Response 400

    Bad request - when VERSIONED_COMPOSITION with the given uid already exists.

    + Body

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id.

    + Body


### Create a new composition version [POST /ehr/{ehrId}/versioned_compositions/{uid}/version{?format}]

+ Parameters

    + ehrId (string) - EHR id
    + uid (string) - VERSIONED_COMPOSITION's uid
    + format (string, optional) - optional format of the composition (when ommitted canonical openEHR
    is assumed)

+ Request

    + Body (application/json)

            {
                "commit_audit": {},
                "data": {
                    "@class": "COMPOSITION",
                    "name": {
                        "@class": "DV_TEXT",
                        "value": "Vital Signs"
                    }
                    ...
                }
            }

    + Headers

            Match-If: {precedingVersionUid}
            Prefer: return={representation/minimal}

+ Response 201 (application/json)

    New composition version was created. Content body is only returned when
    `Prefer` header was set to `return=representation` otherwise only headers are
    returned.

    + Headers

            Location: /ehr/{ehrId}/versioned_compositions/{uid}/versions/{versionUid}
            ETag: {versionUid}

    + Body

            {
                "contribution": {},
                "signature": "...",
                "commit_audit": {},
                "uid": "...",
                "data": {
                    "@class": "COMPOSITION",
                    "name": {
                        "@class": "DV_TEXT",
                        "value": "Vital Signs"
                    }
                    ...
                }
            }

+ Response 400

    Bad request: composition validation errors.

    + Body

            {
                "message": "Error message",
                "validationErrors": [
                    "error1", "error2"
                ]
            }

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id or no VERSIONED_COMPOSITION with uid.

    + Body

+ Response 412

    `Match-If` header doesn't match the last version. Returns
    last version in the `Content-Location` and `ETag` headers.

    + Headers

            Content-Location: /ehr/{ehrId}/versioned_compositions/{uid}/versions/{versionUid}
            ETag: {versionUid}

    + Body

### Get a composition version by versionUid [GET /ehr/{ehrId}/versioned_compositions/{uid}/version/{versionUid}{?format}]

+ Parameters

    + ehrId (string) - EHR id
    + uid (string) - VERSIONED_COMPOSITION's uid
    + versionUid (string) - version uid
    + format (string, optional) - optional format of the composition (when ommitted canonical openEHR
    is assumed)

+ Response 200 (application/json)

    + Body

            {
                "contribution": {},
                "signature": "...",
                "commit_audit": {},
                "uid": "...",
                "data": {
                    "@class": "COMPOSITION",
                    "name": {
                        "@class": "DV_TEXT",
                        "value": "Vital Signs"
                    }
                    ...
                }
            }

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id, no VERSIONED_COMPOSITION with uid or no version with versionUid.

    + Body

### Get a composition version [GET /ehr/{ehrId}/versioned_compositions/{uid}/version{?versionTime,format}]

+ Parameters

    + ehrId (string) - EHR id
    + uid (string) - VERSIONED_COMPOSITION's uid
    + versionTime (string, optional) - version time specifier
    + format (string, optional) - optional format of the composition (when ommitted canonical openEHR is assumed)

+ Response 200 (application/json)

    + Headers

            Location: /ehr/{ehrId}/versioned_compositions/{uid}/versions/{versionUid}
            ETag: {versionUid}

    + Body

            {
                "contribution": {},
                "signature": "...",
                "commit_audit": {},
                "uid": "...",
                "data": {
                    "@class": "COMPOSITION",
                    "name": {
                        "@class": "DV_TEXT",
                        "value": "Vital Signs"
                    }
                    ...
                }
            }

+ Response 401

    Unauthorized.

    + Body

+ Response 404

    No EHR with the given id, no VERSIONED_COMPOSITION with uid or no version with versionUid.

    + Body

# Group QUERY

## Querying [/query]

### Get query results [POST /query/aql]

Execute an AQL query.

NOTE: we might add a header to indicate which EHR to execute against to
allow systems that need to route based of EHR id to do so without having
to analyze the request body.

+ Request (application/json)

    + Body

            {
                "aql": "SELECT ....",
                "aqlParameters": {
                    "parameter-name": "parameter-value",...
                },
                "offset": 999,
                "fetch": 888,
                // possibly more, TBD
            }

+ Response 200

        {
            "metaData": {
                "hits": 199,
                ...
            },
            "resultSet": [
                {
                    "unit": "°C",
                    "temperature": 38.8
                },
                {
                    "unit": "°C",
                    "temperature": 38.8
                },
                {
                    "unit": "°C",
                    "temperature": 38.8
                }
            ],
            "executedAql": "aql with replaced parameters",
        }