Phase 6 provider workspace API¶
All routes require a bearer session and server-resolved permissions. Provider workspace routes use the authenticated actor's active provider assignment and do not accept a provider ID.
Workspace summary¶
GET /api/v1/provider-workspace/me¶
Returns:
- provider profile and representative role;
- selected service versions;
- safe location configuration flags;
- minimal availability;
- readiness counts and priority tasks;
- read-only later-phase boundaries.
The response excludes coordinates, private evidence, object keys and reviewer data.
Profile and services¶
| Method | Route | Permission | Effect |
|---|---|---|---|
PATCH |
/provider-workspace/me/profile |
provider.profile.manage |
Updates the actor-resolved provider profile |
PUT |
/provider-workspace/me/services/{categoryKey} |
provider.profile.manage |
Selects the active immutable requirement version |
DELETE |
/provider-workspace/me/services/{categoryKey} |
provider.profile.manage |
Marks the service removed without deleting history |
These actions cannot create claims or publication records.
Location and availability¶
| Method | Route | Permission | Effect |
|---|---|---|---|
PUT |
/provider-workspace/me/location |
provider.profile.manage |
Stores private base, consented public premises and service area separately |
PUT |
/provider-workspace/me/availability/{categoryKey} |
provider.availability.manage |
Updates availability for a selected service |
Location write rules:
- latitude and longitude must be supplied as pairs;
- public premises coordinates require explicit consent;
- service area must be a WGS84 polygon;
- coordinates and polygon WKT are not echoed by the workspace response;
- audit metadata records configuration booleans, not coordinates.
Limited availability requires a future nextAvailableAt. Other availability states reject that field.
Recoverable uploads¶
| Method | Route | Effect |
|---|---|---|
POST |
/provider-workspace/me/upload-intents |
Creates or idempotently returns a logical upload intent |
GET |
/provider-workspace/me/upload-intents |
Lists the representative's safe upload-intent state |
GET |
/provider-workspace/me/upload-intents/{id} |
Reads one safe intent |
PUT |
/provider-workspace/me/upload-intents/{id}/interrupted |
Cancels the current session and marks the intent retryable |
POST |
/provider-workspace/me/upload-intents/{id}/retry |
Creates a fresh private upload session |
POST |
/provider-workspace/me/upload-intents/{id}/confirm |
Confirms one immutable evidence version against the server-owned case |
DELETE |
/provider-workspace/me/upload-intents/{id} |
Cancels a non-submitted intent |
All routes require provider.evidence.manage.
Idempotency¶
clientIntentKey is unique for provider, representative and logical intent. Repeating an identical create request returns the existing intent. Reusing the key with a different case or document contract returns a conflict.
Retry preserves the logical intent ID and increments the attempt count. It creates a fresh upload-session ID. A completed evidence version remains unique to one upload session.
Confirmation linkage¶
Confirmation is accepted only when:
- the session belongs to the actor-resolved provider;
- the actor created the session;
- the intent, session, case and requirement agree;
- the case is awaiting evidence or correction;
- the selected service version remains current;
- the upload session is requested, unexpired and within its size limit.
A failure rolls back the transaction and leaves the session and evidence tables unchanged.
Verification timeline¶
GET /api/v1/provider-workspace/me/verification-timeline¶
Returns safe events for:
- case creation;
- evidence submission or safe status changes;
- immutable decisions;
- scoped claim status.
The endpoint excludes reviewer identities, private rationale, storage data, hashes and internal risk information.
Deferred surfaces¶
| Method | Route | Owner |
|---|---|---|
GET |
/provider-workspace/me/enquiries |
Phase 8 |
GET |
/provider-workspace/me/review-responses |
Phase 8 |
GET |
/provider-workspace/me/subscription-status |
Phase 9 |
These endpoints are read-only. No matching POST, PUT, PATCH or DELETE route exists in Phase 6.
Operations projection¶
GET /api/v1/operations/provider-workspaces¶
Requires operations.providers.read.
Returns aggregate readiness, location flags, verification counts and upload-state counts. It does not return provider coordinates, case/evidence/upload identifiers, hashes, object keys, document content or reviewer data.
Error model¶
The API uses the repository-wide problem-details contract.
Common outcomes:
400: invalid location pair, invalid lifecycle transition or confirmation scope violation;401: missing or invalid session;403: no matching server-resolved permission;404: no active workspace, selected service, case or actor-owned intent;409: ambiguous provider assignment, conflicting idempotency contract or invalid upload state.