e.g. no storage of Aadhaar number in system, only to initiate verification. That it is not legally allowed barring few exceptions applicable primarily for gov
Steps
“To enable beneficiary registration using Aadhaar, an integrator needs to generate an OTP and send the same on the linked mobile number.”
Does the integrator send the OTP, or the ABHA Service?
“For the OTP verification process there is a primary mobile number which user wants to link with ABHA number.”
this is not done at this step. First the Aadhaar KYC is done .. then
“Once the OTP is verified, system should returns the complete profile data along with 14 digit ABHA Number to the user.”
typo: system should return or system would return”
The API sequence diagram improvement
Show Patient/Subject as a different actor. Right now the API seq dia shows OTP going back to HIP/HIU/PHR - have a different actor as user in the diagram and depict user sharing OTP
Why is HIU mentioned here? HIU does not create a ABHA address/number
The API sequences are numbered 1, 2 … have them correlate with the sequence diagram (using steps number that can be mentioned in the diagram .. like 1.1 - enroll/request/iotp and 1.2 - as response from ABHA .. etc
Describe encrypted payload - how do I create? With what key etc
Others
would it be better to describe for new patients, returning patients
or patients wanting to link with existing ABHA etc
API
———————————————————————————————
Seems unclear what is called at what point of time in relation to the sequence diagram above
“Any public health program specific ID (eg: PMJAY id, CoWin id, RCH Id) can be shared as part of the benefit id in the API”
typo beneficiary - not benefit (I know the stupid API calls it as “benefitId” )
“The client id used to call this API must have the integrated_program roll configured in production.”
highlight the role.
typo - role, not roll
explain how this role allocated and to whom
how can an integrator know that API has failed because of missing role?
sequence diagram says ‘returns ABHA address” - should be ABHA details as it sends both abha number (and if already assigned abha address)
API response fields - please explain that the API returns (unlike the OTP) - healthIdNumber (ABHA) and healthId (Address)
Actually its confusing in the API - as there is also a field “phrAddress” - an array - assuming sending all ABHA addresses
The idents / bullet styles are different - keep same across pages
The actor is called “Client” .. keep consistent with other sequence diagrams
API example in this section still gives details of “Aadhaar” instead should be document
Please explain why OTP is required that too against Aadhaar when registering by DL? Who’s Aadhaar is this ? The enroller Aadhaar?
(2.1.6) - default ABHA address.
How can someone create address of her liking?
(2.1.7) - Profile Update
Is it better to document that Sandbox id and credentials are for testing purpose only and not to be used (or expected to be used) in production?
As this section gives indication that there are 2 places, one can edit profile
any particular reason why Facility QR scan, HIP Scanning QR etc are under “verify abha address” - this are common, and beyond just verification of ABHA address. For example, it will work with ABHA number as well.
alternate - “Linking ABHA with HIP record”
mentions that ABHA address is used to signup on ABHA application. Not just that it also can be used to link and exchange health information
Steps to create a QR code for your Health Facility - should this be moved first. This is step 1
2.2.1 API Sequence Diagram
Depicts user/phr app hitting gateway. PHR apps talks directly to the HIE-CM, not gateway. The outgoing calls to HIPs from HIE-CM happen via the gateway.
2.2.2 by demographics
“The link token will be used for linking multiple number of care contexts, and concurrent linkages”
is this the case? I thought there was a definite number of times such linkages against a HIP token is allowed post approval by user.
the documentation covers other scenarios like OTP based auth and linking, not just demographic
Explain ABHA number and ABHA address?
Section 2
2.1.1 > https://kiranma72.github.io/abdm-docs/2-milestone1/abha-number/aadhar-otp/index.html AADHAAR OTP
Steps
The API sequence diagram improvement
API ——————————————————————————————— Seems unclear what is called at what point of time in relation to the sequence diagram above
Also seems different than what’s described In old doc - https://sandbox.abdm.gov.in/docs/abha_registration_via_aadhar Mentioned as - /api/v3/abha/request/mobileOrEmailOTP
However in the API section its https://abhasbx.abdm.gov.in/abha/api
Session token should it be “dev.abdm.gov.in/gateway”?
Aadhaar Biometric - https://kiranma72.github.io/abdm-docs/2-milestone1/abha-number/aadhar-biometric/index.html Is this complete? If it is, it surely needs some example, even if dummy data
“Any public health program specific ID (eg: PMJAY id, CoWin id, RCH Id) can be shared as part of the benefit id in the API”
“The client id used to call this API must have the integrated_program roll configured in production.”
(2.1.4) ABHA number creation using DL - https://kiranma72.github.io/abdm-docs/2-milestone1/abha-number/driving-license/index.html
The idents / bullet styles are different - keep same across pages
The actor is called “Client” .. keep consistent with other sequence diagrams
API example in this section still gives details of “Aadhaar” instead should be document
Please explain why OTP is required that too against Aadhaar when registering by DL? Who’s Aadhaar is this ? The enroller Aadhaar?
(2.1.6) - default ABHA address.
(2.1.7) - Profile Update
any particular reason why Facility QR scan, HIP Scanning QR etc are under “verify abha address” - this are common, and beyond just verification of ABHA address. For example, it will work with ABHA number as well.
alternate - “Linking ABHA with HIP record”
mentions that ABHA address is used to signup on ABHA application. Not just that it also can be used to link and exchange health information
Steps to create a QR code for your Health Facility - should this be moved first. This is step 1
2.2.1 API Sequence Diagram
2.2.2 by demographics “The link token will be used for linking multiple number of care contexts, and concurrent linkages”
is this the case? I thought there was a definite number of times such linkages against a HIP token is allowed post approval by user.
the documentation covers other scenarios like OTP based auth and linking, not just demographic
“Information Request Response for V3 API” https://kiranma72.github.io/abdm-docs/2-milestone1/verify-abha-address/health-facility-qr-scan/index.html#information-request-response-for-v3-api
The APIs are https://dev.abdm.gov.in/hiecm/api
Are these HIE-CM apis directly exposed to HIP, or through the gateway? If these APIs are called only by the PHR app - then we should document so.