Auth guards vary by endpoint — Create and List accept JWT users and partner keys. Delete is admin-only. The JWT ownership check happens in core, not at the route level.

Overview

An MRN (Medical Record Number) links a dependant to a benefit provider with an external string identifier. Each MRN is uniquely scoped to one (dependant_id, benefit_provider_id) pair — only one active MRN per dependant per provider is allowed. Routes are flat at /mrns (no user nesting). The primary_user_id is derived server-side from the dependant row — callers never supply it.

Create Flow

Auth Guards by Endpoint

EndpointJWT userPartner keyAdmin keyNotes
POST /mrnsJWT: dependant must belong to token user
GET /mrnsAll filters optional
GET /mrns/{id}Returns 404 if inactive
DELETE /mrns/{id}Sets status → inactive

Endpoints

POST /mrns

Create an MRN linking a dependant to a benefit provider.

GET /mrns

List MRNs. Filter by dependant_id, benefit_provider_id, primary_user_id, or mrn string.

GET /mrns/{id}

Fetch a single active MRN by its internal UUID.

DELETE /mrns/{id}

Soft-delete (status → inactive). Admin key required.

Request / Response Examples

curl -X POST http://localhost:8080/mrns \
  -H 'Authorization: Bearer eyJhbGci...' \
  -H 'Content-Type: application/json' \
  -d '{
    "dependant_id": "01926b3a-7c2e-7d4f-a1b2-c3d4e5f60001",
    "benefit_provider_id": "018f4c2a-1b3e-7d8f-9a0b-2c3d4e5f6a7b",
    "mrn": "MRN-12345"
  }'

Error Codes

CodeHTTPDescription
MR-900500Internal server error
MR-901404MRN not found or inactive
MR-902403JWT user accessing MRN belonging to another user’s dependant
MR-903409MRN already exists for this dependant + provider combination
MR-904404Dependant not found or inactive
MR-905404Benefit provider not found or inactive
MR-906400Invalid UUID in filter or request body