PLAN_009 Validation of request and response data against FHIR schemas
Description
This test verifies that all JSON requests and responses for the clinical API endpoints adhere to the FHIR resource definitions and are properly validated.
System requirements
No special hardware or software is required to run this test.
Preconditions
- The entire system (including the reverse proxy, REST API, and all upstream services) is deployed, operational, and accessible online.
Input data
Before working with the JSON documents for your requests, download this image, convert it to Base64, and save it in an easily accessible text file. This setup step is crucial because the test needs body requests that include a Base64 encoded image.
To run the tests, you need these two JSON documents:
- Valid JSON request payload based on FHIR
CommunicationRequest
resource.
{
"subject": {
"reference": "fake-patient-id"
},
"media": [
{
"contentType": "image/jpeg",
"data": <Paste-here-the-encoded-image>,
}
]
}
- Invalid JSON request payload with deviations from FHIR
CommunicationRequest
resource.
{
"user": {
"reference": ["fake-patient-id"]
},
"images": [
{
"contentType": "image/jpeg",
"data": <Paste-here-the-encoded-image>,
}
]
}
Steps
- Send a POST request to the clinical API endpoint
/diagnosis-support
using the valid JSON payload provided in the test data. - Send a POST request to the same endpoint, this time using the invalid JSON payload from the test data.
Expected outcome
- The request with the well-formed payload is accepted, and the response is validated against the FHIR schema without errors. The response aims to closely follow the structure of the FHIR
DiagnosticReport
resource. While we adapt this resource to fit our specific use case, we ensure that the mandatory and most common keys are implemented. - The API rejects the invalid JSON payload and responds with a
422 Unprocessable Content
status code. The error message informs you that the request body is incorrectly formatted, and no report is returned.
Verifies software requirements
- REQ-006
Risk control for
-
- The endpoints of the device are not compatible with the user's software
-
- Data input failure
-
- System incompatibility
-
- Integration failure or errors
Signature meaning
The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix
of the GP-001
, are:
- Tester: JD-017, JD-009, JD-004
- Approver: JD-005