Merge pull request #1 from HealthengineAU/INIT-1542

INIT-1542 Update practice consent authentication method process to mention practice-key header

docs/quick-start-guide.md

@@ -35,19 +35,20 @@ All interactions using the API key are conducted over HTTPS for security.
 To gain access to a practice's Healthengine profile and data, the practice administrator must grant consent.
 
 This can be accomplished by the practice administrator following these steps:
-1. Contacting the Healthengine support team via phone at 1300 377 639 or email at [email protected] to enable access to the PMS API
-2. Visiting the Healthengine API Consumer Consent page within the [Healthengine Practice Admin](https://healthengine.com.au/appointment/admin) portal
-3. Clicking the 'Grant new consent' button and selecting your API consumer as the integration vendor
+1. Contacting the Healthengine support team via phone at 1300 377 639 or email at [email protected] to enable access to the PMS API  
+2. Visiting the Healthengine API Consumer Consent page within the [Healthengine Practice Admin](https://healthengine.com.au/appointment/admin) portal  
+3. Clicking the 'Grant new consent' button and selecting your API consumer as the integration vendor  
+4. Retrieving the supplied practice ID and practice key on consent grant success  
 
 ![Granting consent via the practice admin integration consent page](../assets/quick-start-guide/grant-consent.png)
 
-Once consent is granted, you will need to provide a way for the practice to provide you with their Healthengine practice ID, which you can use to link it to a PMS account or location.
+Once consent is granted, you will need to provide a way for the practice to provide you with their Healthengine practice ID and practice key, which you can use to link the practice to a PMS account or location.
 
 ---
 
 ## Syncing practice configuration
 
-Once a practice has granted your consent and has provided their practice ID, some initial configuration must be supplied before attempting to sync available appointments and bookings.
+Once a practice has granted you consent and has provided you their practice ID and practice key, some initial configuration must be supplied before attempting to sync available appointments and bookings.
 
 This configuration data should be transmitted both when a new Healthengine practice ID is associated with a PMS account or location and whenever there are updates to the corresponding data within the PMS.
 

docs/suggested-testing.md

@@ -10,27 +10,27 @@ To ensure the seamless functioning of this integration, we strongly advise condu
 
 ## Linking a PMS account to one or more Healthengine practices
 
-Once a practice using Healthengine has granted consent for you to access their data via the Healthengine Practice Admin portal or by contacting Healthengine support, you should establish a method for the practice to share their Healthengine practice ID with you. This ID is essential for initiating the data synchronisation process with Healthengine.
+Once a practice using Healthengine has granted consent for you to access their data via the Healthengine Practice Admin portal or by contacting Healthengine support, you should establish a method for the practice to share their Healthengine practice ID and practice key with you. These credentials are essential for initiating the data synchronisation process with Healthengine.
 
 **Scenario: Linking the PMS account with a Healthengine practice**  
 **Given** the presence of a PMS account  
-**When** a Healthengine practice ID is supplied  
+**When** a Healthengine practice ID and practice key are supplied  
 **Then** an effort to transmit practice configuration to Healthengine must be initiated
 
-**Scenario: Practice provides Healthengine practice ID without prior consent**  
-**Given**  a PMS account in which a Healthengine practice ID has been provided  
+**Scenario: Practice provides Healthengine practice ID and practice key without consent or for a revoked consent**  
+**Given**  a PMS account in which a practice ID and practice key have been provided which do not belong to a non-revoked consent for your consumer
 **When** a 403 Unauthorized response is received upon attempting to transmit practice configuration  
 **Then** the PMS user must be informed and guided to establish consent within Healthengine
 
 **Scenario: Integration of PMS Account with multi-location support**  
-**Given** a PMS account capable of accommodating multiple locations  
+**Given** a PMS account capable of accommodating multiple PMS locations  
 **When** these locations are represented as distinct Healthengine practices  
-**Then**  it should be feasible to input multiple Healthengine practice IDs and associate an ID with one or more locations
+**Then**  it should be feasible to input multiple Healthengine practice ID and practice key combinations and associate each one with one or more PMS locations
 
 **Scenario: Updating a Healthengine practice ID for a PMS account or location**  
-**Given** a PMS account or location with a previously assigned Healthengine practice ID for integration purposes  
-**When** the Healthengine practice ID is updated  
-**Then** practice configuration must be established for the new Healthengine practice ID, and data transmission should cease for the previous Healthengine practice ID
+**Given** a PMS account or location with a previously assigned Healthengine practice ID and practice key for integration purposes  
+**When** the Healthengine practice ID and practice key are updated  
+**Then** practice configuration must be established for the new Healthengine practice, and data transmission should cease for the previous Healthengine practice
 
 ---
 
@@ -46,7 +46,7 @@ It is important to note that for snapshot endpoints, the absence of an item in t
 
 **Scenario: Initial configuration synchronisation**  
 **Given** the presence of a PMS account or location  
-**When** a new Healthengine practice ID is supplied  
+**When** a new Healthengine practice ID and practice key are supplied  
 **Then** the following components must be provided: a liveness contract, a resource snapshot, and an appointment type snapshot
 
 **Scenario: Updating liveness contract times in the PMS**  

openapi.yaml

@@ -6,7 +6,7 @@ info:
     in order to allow booking of appointments.
   contact:
     email: [email protected]
-  version: 1.6.0
+  version: 1.7.0
 
 servers:
 - url: https://healthengine.com.au/pms-api/v1
@@ -685,7 +685,7 @@ paths:
     post:
       tags:
       - configuration
-      summary: Upload PMS appointment types snapshot 
+      summary: Upload PMS appointment types snapshot
       description: Upload a snapshot of supported PMS appointment types
       operationId: uploadPmsAppointmentTypes
       requestBody:
@@ -1924,7 +1924,7 @@ components:
           description: in seconds
         reason:
           type: string
-          description: Reason entered by patient if requested in the booking form. It may contain multiple lines, each with additional data separated by newline characters. Usually add these in booking notes in the PMS. 
+          description: Reason entered by patient if requested in the booking form. It may contain multiple lines, each with additional data separated by newline characters. Usually add these in booking notes in the PMS.
         comments:
           type: string
           description: Currently hold the Healthengine appointment type
@@ -2568,18 +2568,24 @@ components:
 
 # 1) Define the security scheme type (HTTP bearer)
   securitySchemes:
-    ApiKeyAuth:
+    ApiKey:
       type: apiKey
       in: header
       name: api-key
-      description: api-key header containing API key
+      description: Consumer level API key
     PracticeId:
       type: apiKey
       in: header
       name: practice-id
-      description: practice-id header containing Practice ID
+      description: Practice id of consenting practice
+    PracticeKey:
+      type: apiKey
+      in: header
+      name: practice-key
+      description: Practice key of consenting practice
 
 # 2) Apply the security globally to all operations
 security:
-  - ApiKeyAuth: []
+  - ApiKey: []
     PracticeId: []
+    PracticeKey: []