Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
  • Legit.Health Plus Version 1.1.0.0
    • Index of Technical Documentation or Product File
    • Summary of Technical Documentation (STED)
    • Description and specifications
    • R-TF-001-007 Declaration of conformity
    • GSPR
    • Clinical
    • Design and development
    • Design History File
      • Requirements
        • PRS
        • Deprecated Software Requirement Specification (SRS)
        • Software Requirement Specification (SRS)
          • SRS-001: Generate Automatic PASI (APASI) severity analysis report for single zone
          • SRS-002: Generate Automatic SCORAD (ASCORAD) severity analysis report for single zone
          • SRS-003: Generate Automatic Urticaria Activity Score (AUAS) report for single zone
          • SRS-004: Generate Automatic GPPGA (AGPPGA) report for single zone
          • SRS-005: Generate Automatic IHS4 (AIHS4) report for single zone
          • SRS-006: Generate ALADIN Score report for single zone
          • SRS-007: Generate Automatic VASI (AVASI) report for single zone
          • SRS-008: Generate Automatic AWOSI report for single zone
          • SRS-009: Generate Automatic NSIL report for single zone
          • SRS-010: Generate Automatic SALT (ASALT) report for single zone
          • SRS-011: Generate Automatic EASI (AEASI) report for single zone
          • SRS-012: Orchestrate severity analysis workflow
          • SRS-013 Generate an aggregated ICD probability distribution from image set
          • SRS-014 Generate per-image ICD analysis with explainability heat map
          • SRS-015 Generate an unified report of ICD class distributions
          • SRS-016: Include model sensitivity in report
          • SRS-017: Include model specificity in report
          • SRS-018: Include entropy score in report
          • SRS-019: Include the indicator of having a condition in the report
          • SRS-020: Include the indicator of the image presenting a pigmented lesion in the report
          • SRS-021: Include the indicator of malignancy in the report
          • SRS-022: Include the indicator of needing an urgent referral in the report
          • SRS-023: Include the indicator of needing a high priority referral in the report
          • SRS-024 The product validates the image with the AI LABS's Dermatological Image Quality Assessment (DIQA) algorithm
          • SRS-025 The product validates the image's clinical domain
          • SRS-026 The product classifies the image's modality
          • SRS-027 The product provides a final image validity summary
          • SRS-028: Orchestrate diagnosis support workflow
          • SRS-029: Compute 7-Point Checklist (7PC) Score
          • SRS-030: Compute Dermatology Life Quality Index (DLQI) Score
          • SRS-031: Compute PURE-4 Score
          • SRS-032: Compute Urticaria Control Test (UCT) Score
          • SRS-033: Calculate Global Acne Grading System (GAGS) Score
          • SRS-034: Calculate RESVECH Score
          • SRS-035: Calculate SCOVID Score
          • SRS-036: Calculate Physician's Global Assessment (PGA) Score
          • SRS-037: Generate Global Automatic VASI (AVASI) Score for Full Body
          • SRS-038: Secure Communication Protocol Enforcement
          • SRS-039: Network Service Exposure
          • SRS-040: URL-Based API Versioning
          • SRS-041: Concurrent API Version Support
          • SRS-042: JSON Data Interchange Format
          • SRS-043: Endpoint Implementation
          • SRS-044: Deterministic Response Schemas
          • SRS-045: Performance and Latency
          • SRS-046: Standard HTTP Status Code Usage
          • SRS-047: Endpoint Access Control
          • SRS-048: API Documentation Endpoint
          • SRS-049: High Availability and Load Balancing Support
          • SRS-050: Provision of Client SDKs for Integration
          • SRS-051: API Rate Limiting
          • SRS-052: Request Body Size Limitation
          • SRS-053: Provision of Clinical Parameter Endpoints
          • SRS-054: API Health Check Endpoint
        • missing-documents
      • Test plans
      • Test runs
      • Review meetings
      • 🥣 SOUPs
      • REL-001 Version 1.1.0.0
    • IFU and label
    • Post-Market Surveillance
    • Quality control
    • Risk Management
    • Usability and Human Factors Engineering
  • Legit.Health Plus Version 1.1.0.1
  • Licenses and accreditations
  • External documentation
  • Public tenders
  • Legit.Health Plus Version 1.1.0.0
  • Design History File
  • Requirements
  • Software Requirement Specification (SRS)
  • SRS-047: Endpoint Access Control

SRS-047: Endpoint Access Control

Identifier​

SRS-047

Software System​

  • API Gateway
  • Orchestrator

Category​

  • Security

Description​

The software shall protect all API endpoints by requiring a valid, unexpired OAuth 2.0 Bearer token in the Authorization header of the request. The only exceptions to this rule shall be the public endpoints explicitly designed for authentication (/login) and basic system discovery (/). The system shall reject any request to a protected endpoint that lacks a valid token with a 401 Unauthorized status code.

Derived from PRS​

  • PRS-005: Expose the device’s functionality through a versioned, network-accessible API
Previous
SRS-046: Standard HTTP Status Code Usage
Next
SRS-048: API Documentation Endpoint
  • Identifier
  • Software System
  • Category
  • Description
  • Derived from PRS
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)