Auth guard: admin JWT bearer (
Authorization: Bearer <admin-jwt>) required for all endpoints. No user JWT or partner key access.Overview
A benefit provider is a company or entity (e.g. a diagnostic chain, insurer, or telemedicine platform) that offers one or more benefits to Aarokya users. Providers are the top-level catalogue entry — everyBenefit row has a provider_id FK referencing a provider.
- Name uniqueness is global. No two providers may share the same name.
- Delete is guarded. A provider with associated benefits cannot be deleted — remove benefits first.
Data Flow
Auth Guards by Endpoint
| Endpoint | Admin key | Notes |
|---|---|---|
POST /benefit_providers | ✓ | Name must be unique |
GET /benefit_providers | ✓ | Filter by status |
GET /benefit_providers/{id} | ✓ | |
PATCH /benefit_providers/{id} | ✓ | Only name is updatable |
DELETE /benefit_providers/{id} | ✓ | Blocked if benefits exist |
Endpoints
POST /benefit_providers
Create a new benefit provider. Name must be unique.
GET /benefit_providers
Paginated list. Filter by
status.GET /benefit_providers/{id}
Fetch a single provider by UUID.
PATCH /benefit_providers/{id}
Rename a provider. New name must not conflict.
DELETE /benefit_providers/{id}
Soft-delete (
status → inactive). Fails if provider has benefits.Request / Response Examples
Error Codes
| Code | HTTP | Description |
|---|---|---|
BPE-400 | 500 | Internal server error |
BPE-401 | 404 | Provider not found |
BPE-402 | 409 | Name already exists |
BPE-403 | 409 | Provider has associated benefits — delete benefits first |
BPE-404 | 400 | Validation error (e.g. empty name) |