Is CIS2 required for user initiated A006/A042/A007 (e-RS Attachments) messages e.g. user clicking on the referral to review it, we get attachments from e-RS API to make sure they are up to date? As far as I can tell it’s suggested to use CIS2 for anything user initiated, then we’d use JWTs for anything without a user e.g. night time background jobs to get all attachments on un-actioned referrals (not accepted or rejected yet) to make sure the referral is up to date.
I just wanted to double check on the recommended way of doing this for these two situations.
HI @sgroom - All our endpoints can be initiated via the user-restricted access mode but only a subset are application-restricted. It depends what user process and workflow you are designing for, but we don’t mandate user-restricted where application-restricted is available (except perhaps in write use cases).
Your workflow sounds sensible though, doing a last minute check where the user is present and prior to taking a clinical (review) action, for example. Ensuring the information you hold hasn’t gone stale since you last fetched it.
Ah okay awesome, so just to double check:
The user is reviewing a referral that’s come from e-RS, when they click on the referral it kicks off A005,A042,A007 to get attachments and clinical summaries linked to the referral; in this workflow we’re okay using JWTs instead of making the user authenticate with CIS2 and using the API Access Token supplied by that?
Would you recommend CIS2 over JWTs for these endpoints or does it not matter? What are the benefits/negatives of the two?
We are only required to do CIS2 if the user is writing e.g. e-RS Accept/Reject?
Hi @sgroom - Probably worth a quick chat, I’ve sent an invite for later.