Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
  • Records
  • TF_Legit.Health_Plus
    • Legit.Health Plus TF index
    • Legit.Health Plus STED
    • Legit.Health Plus description and specifications
    • R-TF-001-007 Declaration of conformity
    • GSPR
    • Clinical
    • Design and development
    • Design History File (DHF)
      • Version 1.1.0.0
        • Requirements
        • Test plans
          • PLAN-001 Users submit their credentials to receive an access token
          • PLAN_002 Token expiration in user authentication process
          • PLAN_003 Account lockout for user authentication
          • PLAN_004 Enforcing HTTPS protocol for API communications
          • PLAN_005 Valid SSL/TLS certificates
          • PLAN_006 Rate limiting for anonymous users
          • PLAN_007 Rate limiting for authenticated users
          • PLAN_008 Logging and monitoring of rate limit violations
          • PLAN_009 Validation of request and response data against FHIR schemas
          • PLAN_010 Base64 encoded images are accepted
          • PLAN_011 Non-Base64 encoded images are rejected
          • PLAN_012 Diagnosis support endpoint accepts multiple images
          • PLAN_013 Improved accuracy with multiple images
          • PLAN_014: Password hashing during user registration
          • PLAN_015: Password hash comparison during login
          • PLAN_016: Registration of a new user by authorized individuals
          • PLAN_017 Specification of body zone for scoring systems requiring zone factor
          • PLAN_018 The device's API maintains an uptime of at least 99% over a one-month period
          • PLAN_019 API penetration testing with Intruder.io
        • Test runs
        • Review meetings
        • 🥣 SOUPs
    • IFU and label
    • Post-Market Surveillance
    • Quality control
    • Risk Management
  • Licenses and accreditations
  • External documentation
  • TF_Legit.Health_Plus
  • Design History File (DHF)
  • Version 1.1.0.0
  • Test plans
  • PLAN_009 Validation of request and response data against FHIR schemas

PLAN_009 Validation of request and response data against FHIR schemas

Description​

This test verifies that all JSON requests and responses for the clinical API endpoints adhere to the FHIR resource definitions and are properly validated.

System requirements​

No special hardware or software is required to run this test.

Preconditions​

  • The entire system (including the reverse proxy, REST API, and all upstream services) is deployed, operational, and accessible online.

Input data​

Before working with the JSON documents for your requests, download this image, convert it to Base64, and save it in an easily accessible text file. This setup step is crucial because the test needs body requests that include a Base64 encoded image.

To run the tests, you need these two JSON documents:

  1. Valid JSON request payload based on FHIR CommunicationRequest resource.
{
    "subject": {
        "reference": "fake-patient-id"
    },
    "media": [
        {
            "contentType": "image/jpeg",
            "data": <Paste-here-the-encoded-image>,
        }
    ]
}
  1. Invalid JSON request payload with deviations from FHIR CommunicationRequest resource.
{
    "user": {
        "reference": ["fake-patient-id"]
    },
    "images": [
        {
            "contentType": "image/jpeg",
            "data": <Paste-here-the-encoded-image>,
        }
    ]
}

Steps​

  1. Send a POST request to the clinical API endpoint /diagnosis-support using the valid JSON payload provided in the test data.
  2. Send a POST request to the same endpoint, this time using the invalid JSON payload from the test data.

Expected outcome​

  • The request with the well-formed payload is accepted, and the response is validated against the FHIR schema without errors. The response aims to closely follow the structure of the FHIR DiagnosticReport resource. While we adapt this resource to fit our specific use case, we ensure that the mandatory and most common keys are implemented.
  • The API rejects the invalid JSON payload and responds with a 422 Unprocessable Content status code. The error message informs you that the request body is incorrectly formatted, and no report is returned.

Verifies software requirements​

  • REQ-006

Risk control for​

    1. The endpoints of the device are not compatible with the user's software
    1. Data input failure
    1. System incompatibility
    1. Integration failure or errors

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Tester: JD-017, JD-009, JD-004
  • Approver: JD-005
Previous
PLAN_008 Logging and monitoring of rate limit violations
Next
PLAN_010 Base64 encoded images are accepted
  • Description
  • System requirements
  • Preconditions
  • Input data
  • Steps
  • Expected outcome
  • Verifies software requirements
  • Risk control for
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)