{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"82adbf2a-ed59-4128-aeaa-25ef0d4d863c","name":"Vigilance Hub API Documentation","description":"**Vigilance Hub encompasses two services; Client and API. This documentation is designed to help third parties use the APIs within their own application. There is some setup required in the Client before you can use the APIs (see [prerequisite](#prerequisite). This will be configured to suit your requirements if they are not part of the APIs within this document.**\n\nFrom now on API and Client refer to Vigilance Hub API and Vigilance Hub Client respectively.\n\n---\n\n# Prerequisite\nBefore using the API and using authenticated endpoints it is *required* to have an account setup within an existing platform.\n\nWhen you are provided your account details you will need to know the following to authenticate with the API:\n\n* Email address\n* Password\n* Platform Client URL\n\n> These details will be supplied by your contact who provided you this documentation. They also allow you access to the Client\n\n---\n\n# Getting Started\nThe easiest way to start using the Vigilance Hub API is by clicking the Run in Postman button above. [Postman](https://www.postman.com/) is a free tool which helps developers run and debug API requests and is the source of truth for this documentation. Every endpoint you see documented here is readily available by running our Postman collection.\n\n> The Run in Postman button is in the top right corner of the screen\n\n![Run in postman](https://s3-eu-west-1.amazonaws.com/adr-mhra-docs-assets.redant.cloud/run-in-postman-button.png)\n\n---\n\n# Environment\nThis collection includes a pre-configured environment setting. You will need to set up the below variables in order to run each request:\n\n| Variable \t| Description \t|\n|---|---|\n| EMAIL \t| Email used with authenticate requests |\n| PASSWORD \t| Password used with authentication requests |\n| PLATFORM_ID \t| See [How to use platforms](#1-how-to-use-platforms) to get your `platformId` |\n\nYou can view and edit the environment variables from within Postman using the 'View' button.\n\n![Editing environment variables](https://s3-eu-west-1.amazonaws.com/adr-mhra-docs-assets.redant.cloud/postman-env-vars.png)*How to edit environment variables*\n\n---\n\n# Guides\nThese guides are designed to help you understand the concepts behind the main features of Vigilance Hub Client and API. For technical information about the API requests these are documented under [API Endpoints](#api-endpoints).\n\n* [1. How to use platforms](#1-how-to-use-platforms)\n* [2. How to use themes](#2-how-to-use-themes)\n* [3. How to authenticate](#3-how-to-authenticate)\n* [4. How to use news](#4-how-to-use-news)\n* [5. How to submit reports](#5-how-to-submit-reports)\n* [6. Submitting a R2 report](#6-submitting-a-r2-report)\n* [7. Submitting a R3 report](#7-submitting-a-r3-report)\n\n> Following the guides is easier using Postman as much of the configuration is setup for you. See [Getting started](#getting-started) for details.\n\n---\n\n# 1. How to use Platforms\nA platform is a collection of organisations. Typically, a platform is a website/app that share similar configurations and features. For example, a platform can control if organisations are allowed to submit reports. Most of the configuration of a platform is used by the API/Client and therefore not essential for third party integrators.\n\n> A platform is associated to a single domain\n\nA domain is the address/URL used to access a Vigilance Hub Client and is unique per platform. Whereas the Vigilance Hub API will use the same address across all requests. As mentioned in the [prerequisite](#prerequisite) section the domain/URL should be provided before continuing with this guide.\n\nOnce the domain of the client is known you will be able to fetch details about the platform. For example fetching the platform will facilitate authenticating with the API as `platformId` is required to use the `/login` endpoint. A successful platform response will include the associated organisations which could be used to display an organisation selector screen before the user is asked to login.\n\nThis approach is used by the Med Safety application to show organisations (known as _regions_) before they can continue within the app. This allows the subsequent screens to be branded with selected organisation's branding or theme. \n\n![Region select in Med Safety](https://s3-eu-west-1.amazonaws.com/adr-mhra-docs-assets.redant.cloud/region-select.png)*Region select in Med Safety*\n\nThe `platformId` is required to login authorise with the API. The easiest way to find out about your platform is to fetch it by domain. The domain is the URL used to access the Client and would have been provided previously.\n\nThe response will look like this:\n\n```json\n{\n    \"id\": \"502f0973-ff7b-49a4-b71f-840a496a8e56\",\n    \"name\": \"Example Platform\",\n    \"domain\": \"webradr-example-uat.redant.cloud\",\n    \"appId\": \"webradr-example-uat.redant.cloud\",\n    \"details\": {...},\n    \"permissions\": {\n        \"reports\": true,\n        \"watchList\": true,\n        \"guestUsers\": true,\n        \"companyAccountRequest\": false,\n        \"publicUserRegistration\": true\n    },\n    \"themeId\": \"3a7sdasa-b1c5-447d-bcf5-8593e37ab4cd\",\n    \"theme\": {...},\n    \"organisations\": [\n        {\n            \"id\": \"39b1513a-bb2b-4d6a-a216-3bf8f38b9420\",\n            \"name\": \"Example\",\n            \"country\": \"United Kingdom\",\n            \"details\": {...}\n        }\n    ]\n}\n\n```\n\nThe organisations belong to the platform and the organisation ID should be used when submitting reports, fetching news and more.\n\n> *A platform ID will remain static so you can make the request once and use it within your application*\n\nNow you've fetched your platform and know an organisation's id, let's move onto the next section and fetch its theme!\n\n---\n\n# 2. How to use themes\nA theme is styling used by the Client to style various aspects of the user interface from the logo within the header to the primary color used by the buttons. The theme is exposed via the API so you can match the colour palette and logos as closely as you want.\n\nA theme can belong to a `Platform` and/or an `Organisation`. A Platform will have a theme and all the organisations can use this if they do not have a theme setup.\n\nBy making using the `organisationId` a request to [Get Organisations By ID](#e03b0516-3ff1-4c5b-8c0c-4ecf50be19ce) will return the theme for both the organisation and platform.\n\n```json\n{\n    \"id\": \"d4254578-6480-45b1-9d90-b686884ef2df\",\n    \"name\": \"Example Theme\",\n    \"details\": {\n      \"favicon\": \"URL\",\n      \"footerLogo\": \"URL\",\n      \"headerLogo\": \"URL,\n      \"headerTitle\": \"Example Organisation\",\n      \"primaryColor\": \"#ff0000\",\n      \"footerLogoAlt\": \"Example Organisation\",\n      \"headerLogoAlt\": \"Example Organisation\",\n      \"footerLogoLink\": \"https://www.google.com\",\n      \"headerLogoLink\": \"https://www.google.com\",\n      \"footerMobileLogo\": \"URL\",\n      \"headerBackgroundColor\": \"#000000\"\n    }\n  }\n```\n\n| Property \t| Description \t|\n|---\t|---\t|\n| favicon \t| Image URL to be used as the browser’s favicon \t|\n| footerLogo \t| Image URL that can be used in the site’s footer \t|\n| headerLogo \t| Image URL that can be used within the main header. This should be the primary logo. \t|\n| headerTitle \t| Primary name used within the header. \t|\n| primaryColor \t| The primary color i.e. for buttons - Hex value \t|\n| footerLogoAlt \t| Image alt attribute text for the footer image \t|\n| headerLogoAlt \t| Image alt attribute text for the header image \t|\n| footerLogoLink \t| A URL the footer image can link to \t|\n| headerLogoLink \t| A URL the header image can link to \t|\n| footerMobileLogo \t| Image URL that can be used in the site’s footer on smaller screen sizes \t|\n| headerBackgroundColor \t| Header background color - Hex value \t|\n\nYou are able to use the values within your application as you wish. The names are descriptive to match how they are used within the Vigilance Hub Client. The most important values will be `headerLogo` and `primaryColor`.\n\nUsing the theme is not a requirement and you can style your application independently if preferred.\n\n---\n\n# 3. How to authenticate\n\n## Do I need to authenticate?\nIf the purpose of your integration is to send anonymous reports (i.e. reports in the Vigilance Hub without an associated user) then you *could* skip the authenication guide. For more information the `How to submit reports` guide has a section on [Guest reports](#guest-reports). This feature could allow your system to use its own user accounts and reports and store a reference to our `reportId` after a successful report submission.\n\n## Authentication prerequisite\n> Before attempting the following please make sure you have read the [prerequisite](#prerequisite) section. To authenticate you need to know: `email address`, `password` and `platform client URL`.\n\nPart of the login request body is a `platformId`. The `platformId` is used by the API to check the user is allowed access to the platform. If you do not know your `platformId` please refer to [How to use platforms](#1-how-to-use-platforms) guide.\n\n## Tokens\n\nVigilance Hub uses JSON Web Tokens (JWT) to allow for secure communication between the client and API. The JWT contains information about the authenticated user and their permissions. The API will reject requests that contain an expired/malformed token, or a user without sufficient permissions.\n\n> [JSON Web Token](https://jwt.io/introduction/) (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.\n\n## Getting tokens\n\nTo generate a JWT (or token) you will need to make a [Login](#71e2b1f4-ea1d-4ef3-b891-19f4d553d014) request. The body of the request will contain your `email`, `password` and `platformId`.\n\n```json\n{\n  \"email\": \"example-api@redant.com\",\n  \"password\": \"AnExamplePassword\",\n  \"platformId\": \"3e1efac9-3ed8-4268-9ed6-d81d295d26c9\"\n}\n```\n\nIf the `email` and `password` are correct and the user belongs to the provided `platform` the API will return `200` with the following payload.\n\n\n```json\n{\n  \"id\": \"8d1cf5f5-d693-452f-bcbe-e9f543b81bb8\",\n  \"username\": null,\n  \"email\": \"fitz-test@redant.com\",\n  \"firstName\": \"Fitz\",\n  \"lastName\": \"Test\",\n  \"gender\": null,\n  \"dob\": null,\n  \"telephone\": null,\n  \"address\": null,\n  \"city\": null,\n  \"postalCode\": null,\n  \"role\": {\n      \"id\": \"963a8561-6492-4988-8a0c-36f3f4e54690\",\n      \"name\": \"Public\",\n      \"value\": 6,\n      \"isAdmin\": false,\n      \"multipleOrganisations\": false,\n      \"permissions\": {\n          \"viewOwnReports\": true\n      }\n  },\n  \"organisations\": [...],\n  \"token\": \"...\",\n  \"refreshToken\": \"3e1efac9-3ed8-4268-9ed6-d81d295d26c8\",\n  \"platformId\": \"3e1efac9-3ed8-4268-9ed6-d81d295d26c9\",\n  \"professions\": [\n      {\n          \"id\": \"3e1efac9-3ed8-4268-9ed6-d81d295d26c9\",\n          \"name\": \"Consumer or other non-health professional\",\n          \"type\": \"Public\",\n          \"professionXML\": 5,\n          \"translationKey\": \"Profession - Consumer or other non-health professional\",\n          \"position\": 0,\n          \"organisationId\": \"5e1efac9-3ed8-4268-9ed6-d81d295d26c5\"\n      }\n  ]\n}\n```\n\nNot all the information returned will be required for you to integrate with the API. The following sections will describe the key properties.\n\n## Authentication tokens\n> `token` and `refreshToken` are essential for authenticated requests\n\nA `token` has a short expiry time and requires renewing periodically. The purpose of the `refreshToken` is to enable you to generate a new `token` once this has expired. This is a security measure to prevent a `token` from being compromised and performing unwanted requests to the API.\n\nWhen a `token` expires you will get the following error:\n\n\n```json\n{\n    \"statusCode\": 403,\n    \"code\": \"RA-01-01\",\n    \"message\": \"You are not logged in.\"\n}\n```\n\nTo create a new `token` you will need to make a request to [Request a token](#f82bcecf-73e1-4e53-a608-eecb073d80d9) with the following JSON body:\n\n\n```json\n{\n  \"userId\": \"3e1efac9-3ed8-4268-9ed6-d81d295d26c7\",\n  \"refreshToken\": \"3e1efac9-3ed8-4268-9ed6-d81d295d26c8\",\n  \"platformId\": \"3e1efac9-3ed8-4268-9ed6-d81d295d26c9\"\n}\n```\n\nThe response is the same payload as from the login endpoint, as shown above in the [How to authenticate](#how-to-authenticate). The new `token` will be returned if the `refreshToken` is correct. The `refreshToken` will remain the same for all subsequent token refresh requests.\n\nPlease note the `token` and `refreshToken` are replaced when a new login request is made. The implication of this is a user can only be logged into one system at any given time. For example, if a user is logged into a website and then logs into an app the website would become unauthenticated once the `token` has expired.\n\nTo remove the complexity of refreshing tokens we would recommend this flow:\n* Wrapping functions, you use to create API requests to catch `403` status codes\n* Make a request to refresh your token\n* Re-try the request with the updated token\n\n## Making authorised requests\nThe `token` must be used within the `headers` when making requests that require authorisation, the header should look like this:\n\n```\nAuthorization: Bearer YOUR_TOKEN_HERE\n```\n\n## User organisations\nAs a platform is a collection of organisations the user may belong one or many. It is up to you to decide which organisation you want to use in your requests. It is common for a platform to contain a single organisation. If this is the case, you can simply use the only organisation returned.\n\n> A platform has higher level permissions that all organisations would use. Whereas an organisation has their own configuration that affects the Vigilance Hub.\n\n## Authentication in Postman\nWithin Postman we have setup the API requests to update the environment variables automatically.\n\nFor example, on a successful login we set the `TOKEN` and `REFRESH_TOKEN` in the environment. This means if a `News` requests fails with a `403` you can send the `Login` request and retry `News`.\n\n> The `TOKEN` environment variable is shared across all the requests and are all updated\n\nThat's it for authentication, you can start exploring further!\n\n---\n\n# 4. How to get news articles\nNews can be created within Vigilance Hub or [imported from an RSS feed](#rss-feed). The configuration for both is within Vigilance Hub Client. The news API allows the news to be consumed and displayed in the format of your choice.\n\nDepending on how the news is created the UX within your application may be affected. All news articles will have a `url` and if this was created by the client then it will be hosted via the Client. If the article was imported by an RSS feed the `url` would link to the link provided by the RSS feed.\n\n## Use case 1 - News directory\nThe easiest way of using news within your application is to only use the [Fetch news articles](#e10f3639-3a46-464d-a346-4b7f7316e132) and show the articles as a listing. Then when a user selects an article this will open a new browser tab or open within a webview on a native app. This approach is how the Med Safety application consume news.\n\n```json\n{\n    \"total\": 320,\n    \"results\": [\n        {\n            \"id\": \"bbb32ea5-18bc-4313-9843-bb78439c53d7\",\n            \"title\": \"Article title\",\n            \"description\": \"\",\n            \"url\": \"https://www.google.com\",\n            \"publishedDate\": \"2020-03-18T14:59:57.000Z\",\n            \"createdAt\": \"2020-03-19T00:01:16.157Z\",\n            \"updatedAt\": \"2020-03-19T00:01:16.157Z\",\n            \"newsFeed\": {\n                \"id\": \"551eb2b9-2eb7-4da4-87e8-db0e4c11f897\",\n                \"languageId\": \"34403116-1937-494c-830b-a1e1bb0fc004\",\n                \"isInternalFeed\": false,\n                \"source\": \"Google RSS feed\"\n            }\n        },\n        ...\n\t]\n}\n```\n\nNews has a `total` which can be used for pagination or infinite scrolling if required within your application. `results` will always be returned even if there are `0` articles; in this case it would be an empty array.\n\nEach article has a `newsFeed` property which is the source of the article. For example, if news was imported via an external RSS feed `isInternalFeed` would be `false`. Internal articles are associated to an internal news feed which is created by API when an organisation is created; these would have `isInternalFeed` set as `true`.\n\n> An article won't be returned till after it's `publishedDate`\n\n## Use case 2 - Embed articles\nArticles that are created via the Client use a [WYSIWYG editor](https://en.wikipedia.org/wiki/WYSIWYG) which allows rich formatted content. These articles are marked as `internal` to differentiate them from articles that are imported via an RSS.\n\nThis screenshot shows the interface that is used to create news within the Client.\n\n![Create article screen](https://s3-eu-west-1.amazonaws.com/adr-mhra-docs-assets.redant.cloud/create-article.png)\n\nTo get more information about a news article you can fetch this by using the articles `id`. \n[fetch by ID](#214ffd08-82ed-4e63-b1ea-81ca1394e58e) endpoint.\n\nThis is an example of an article payload:\n\n```json\n{\n    \"id\": \"f23ada2f-2fb5-4e03-8840-2a3e1b3b4171\",\n    \"title\": \"WEB-RADR enhances News Feed capability\",\n    \"description\": \"New functionality has been added to the WEB-RADR platform to enable organisations to add their own news content\",\n    \"content\": {...},\n    \"url\": \"https://webradr-example-uat.redant.cloud/news/c8fada2f-2fb5-4e03-8840-2a3e1b3b4171\",\n    \"publishedDate\": \"2020-03-17T23:03:00.000Z\",\n    \"documents\": [\n\t\t{\n\t\t\t\"id\" : \"6145f0cd-e303-4539-9a62-0f88096bb11d\",\n\t\t\t\"url\" : \"URL\",\n\t\t\t\"title\" : \"Document title\"\n\t\t}\n\t],\n    \"associatedDrugs\": [],\n    \"createdAt\": \"2020-03-17T23:04:02.233Z\",\n    \"updatedAt\": \"2020-03-17T23:04:39.039Z\",\n    \"newsFeedId\": \"6337ae2e-4ed4-47f3-a7a2-b9fa79e8fb17\",\n    \"createdByUserId\": \"ec2d351c-590d-4ae9-968b-8c39bdc3246c\"\n}\n```\n\nThe `content` created via the WYSIWYG editor is in a format called [DraftJS](https://draftjs.org/). There are various libraries that can help turn this format into HTML or Markdown if required:\n\n* [draftjs-to-html](https://www.npmjs.com/package/draftjs-to-html)\n* [draft-js-utils](https://github.com/sstur/draft-js-utils)\n\nYou are free to parse the `content` how you want and ignore any style attributes to fit your application.\n\nContent creators can attach one or many `documents` to an article i.e. a press release. These are uploaded and stored to S3 when the article is published.\n\n---\n\n# 5. How to submit reports\nVigilance Hub can support various types of reports and the aim of the `/report` API is to make this consistent regardless of the type of report. The main focus of this guide is to help submit both the R2 and R3 forms. \n\n> If you want to jump ahead there are examples which show an [Example R2](#03e9ef63-bd9f-4d51-b2ca-c031cd9cca2d) and an [Example R3](#02b5a787-b36a-46b1-8277-ba089686c943) within the `Reports` requests.\n\n## Guest reports\nA common use case for submitting reports is to allow them to be sent anonymously. By default, this is disabled and can be configured via the Client based on your requirements. An organisation will have a flag `isGuestSubmissionAllowed` within its `details` to denote if guest submissions are allowed. Your application does not need to check this as the API will reject unauthorised requests if this is switched off. Once the configuration is setup it will not change - unless it’s intentionally changed.\n\n> Check out [How to use Platforms](#how-to-use-platforms) to get your `organisationId`. This will allow you to [Get Organisation By Id](#e03b0516-3ff1-4c5b-8c0c-4ecf50be19ce) and see the `isGuestSubmissionAllowed` permission.\n\n## Report Body\n\nThe minimum structure of a `/report` payload body will look like the following: \n\n```json\n{\n    \"report\": {},\n    \"organisationId\": \"\"\n}\n\n```\n\nIf guest access if not allowed OR you want to associate a report to a user, you will need to add the `Authorization` header and the body will change like:\n\n```json\n{\t\n\t\"userId\": \"\",\n    \"report\": {},\n    \"organisationId\": \"\"\n}\n\n```\n\nAll your form field data should go within `report`. The API will transform the `report JSON` into the XML before submitting it to the receiver. An organisation is preconfigured in the client for the forms and the receivers you are able to use. \n\n> A receiver is how the XML is distributed after the report is submitted i.e. via an API or an SFTP. Additional receivers will require custom development work.\n\nA receiver is not required to submit a form and if a receiver is not configured the reports are saved within Vigilance Hub database.\n\nThe report data is JSON and is kept as flat as possible with each key referencing the final attribute within the final XML. Have a look at the [Example R2](#03e9ef63-bd9f-4d51-b2ca-c031cd9cca2d) request and compare the JSON keys and XML attributes to see how similar they are. Some sections can contain more than one values i.e. Drugs; we refer to them as 'Repeatable' fields. By keeping the JSON as flat as possible it makes it easier to create the `report JSON` and transform into more complex XML.\n\nAll successful reports are recorded in Vigilance Hub's database. After a successful submission you will be able to download the final XML from 'Report Management' in the client. These screenshots show 'Report Management' and where the 'Download XML' button is. This is great for validating the XML generated against a third party or your own validator.\n\n![Download XML in Report Management](https://s3-eu-west-1.amazonaws.com/adr-mhra-docs-assets.redant.cloud/report-management.gif)\n\n## Supporting multiple forms\n\n![Organisation management](https://s3-eu-west-1.amazonaws.com/adr-mhra-docs-assets.redant.cloud/organisation-tile.png)\n\nOrganisation management has a concept of 'Receiver Configurations', that allows different types of forms to be associated to a receiver. When an organisation has this association then the `/report` endpoint will know how to format your report payload and where to distribute it.\n\nIf your organisation supports more than one form schema i.e. both R2 and R3 an additional property is required when submitting a report - `formSchemaId`. \n\nThe payload would look like the following:\n\n```json\n{\n    \"report\": {},\n    \"organisationId\": \"\",\n    \"formSchemaId\": \"\"\n}\n\n```\n\nIf your organisation does not have a form schema setup _OR_ supports multiple you will get the following response if making a `POST` to `/reports`.\n\n```json\n{\n    \"statusCode\": 400,\n    \"code\": \"RA-MHR-154-05\",\n    \"message\": \"Please configure at least one formschema/receiver combination for your organisation\"\n}\n```\n\nYou are able to use the following `formSchemaId` for either R2 or R3 depending on what has been configured. Sending the `formSchemaId` is _only_ required if you are supporting multiple forms. These are the ids you are able to use for R2 and R3:\n\n* Standard E2B ICH R2 medicines form - **e50172e1-daee-4ee7-8ec7-40b4cdbef9aa**\n* Standard E2B ICH R3 medicines form - **5bc03e63-0e1e-44f0-a83d-3a27944d1468**\n\n![Receiver configuration](https://s3-eu-west-1.amazonaws.com/adr-mhra-docs-assets.redant.cloud/receiver-configuration.png)\n\n---\n\n# 6. Submitting a R2 report\n* Specification- [Electronic Transmission of Individual Case Safety\nReports Message Specification](https://admin.ich.org/sites/default/files/inline-files/ICH_ICSR_Specification_V2-3.pdf)\n* Mapping Document - [Red Ant Mapping Document](https://www.dropbox.com/s/sd9eb7f3pig18qg/RedAnt-R3-mapping%20with%20yellowcard.xlsx?dl=0)\n* Example request - [R2 form](#03e9ef63-bd9f-4d51-b2ca-c031cd9cca2d)\n\nAs mentioned previously the `report JSON` keys are named the same as the XML attributes. By using the mapping document, example R2 request and specification you should see the structure of the `report JSON` and the validation. In the mapping document the column `E2B ID` is the key used in the `report JSON`. If this is in a 'Repeatable' then it's an object within an array - check out `drug` in the example R2 report.\n\n> Please note R2 is not validated on the API, however this is likely to change in a future phase. Attached is the [R2 XML Document type definition](https://s3-eu-west-1.amazonaws.com/adr-mhra-docs-assets.redant.cloud/R2.dtd) which can be used to validate the R2 XML. [Node-LibXML](https://www.npmjs.com/package/node-libxml) is one such library.\n\n## Report JSON that can be ignored\nThere are parts of the report JSON shown in the examples that are used by the Client for UI and other business logic. These can be omitted when making requests:\n* `language`\n* `susarEditable`\n* `causalityAssessmentRequired`\n* `spontaneousEditable`\n* `canSaveDraft`\n*  `id` fields within 'Repeatable' fields\n\n---\n\n# 7. Submitting a R3 report\n* Specification- [ICH guideline E2B (R3) on electronic transmission of individual case safety reports (ICSRs) - data elements and message specification - implementation guide](https://www.ema.europa.eu/en/documents/scientific-guideline/international-conference-harmonisation-technical-requirements-registration-pharmaceuticals-human-use_en-4.pdf)\n* Mapping Document - [Red Ant Mapping Document](https://www.dropbox.com/s/sd9eb7f3pig18qg/RedAnt-R3-mapping%20with%20yellowcard.xlsx?dl=0)\n* Example request - [R3 form](#02b5a787-b36a-46b1-8277-ba089686c943)\n\nThe mapping document was created for R2 and adapted to find the differences between the parts of the specification that we currently support. In the mapping document the column `E2B ID` is the key used in the `report JSON`. If this is in a 'Repeatable' then it's an object within an array - check out `drug` in the example R3 report.\n\n\nThe XML for an R3 form is very complex compared to R2, however the `report JSON` is very similar to R2. The API will transform the report JSON to R3 XML with very few changes from R2.\n\n> Please note R3 is validated on the API but the validation errors are not returned by the `/report` API at this time. This will be improved in the future. In the meantime, on request we can provide the JavaScript validation library to aid with your development.\n\n## Report JSON that can be ignored\nThere are parts of the report JSON shown in the examples that are used by the Client for UI and other business logic. These can be omitted when making requests:\n* `language`\n* `susarEditable`\n* `causalityAssessmentRequired`\n* `spontaneousEditable`\n* `canSaveDraft`\n* `id` fields within 'Repeatable' fields\n\n---\n\n# Frequently asked questions\n\n**I keep getting `403` status code when making requests**\n\nThe most common cause is an expired `jwt`. You can read more about this in the [how to authenticate](#3-how-to-authenticate) guide.\n\n**Do you have Typescript definitions?**\n\nWe do not currently have any TypeScript definitions, but this may be a future improvement.\n\n---\n\n# API Endpoints\nThe documented endpoints are designed to allow third parties to use Vigilance Hub's core features within their application. Most of the configuration should be done within the Vigilance Hub.\n\nA complete listing of all the endpoints can be found here: [https://documenter.getpostman.com/view/1822051/RWaEzqq2](https://documenter.getpostman.com/view/1822051/RWaEzqq2). Please note these are just technical details with no descriptions.\n","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":true,"owner":"1822051","team":129542,"collectionId":"82adbf2a-ed59-4128-aeaa-25ef0d4d863c","publishedId":"SVtN5Y7h","public":true,"publicUrl":"https://vigilance-hub-mhra-docs.redant.cloud","privateUrl":"https://go.postman.co/documentation/1822051-82adbf2a-ed59-4128-aeaa-25ef0d4d863c","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"EC1C23"},"documentationLayout":"classic-double-column","version":"8.10.0","publishDate":"2020-03-20T18:44:04.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{},"logos":{}},"statusCode":200},"environments":[{"name":"Vigilance Hub API Documentation","id":"f5319825-8c91-4d02-9d0e-609a3b7950d2","owner":"1822051","values":[{"key":"URL","value":"https://digital-store-api-mhr-uat.herokuapp.com","enabled":true},{"key":"VERSION","value":"v1","enabled":true},{"key":"EMAIL","value":"","enabled":true},{"key":"PASSWORD","value":"","enabled":true},{"key":"PLATFORM_ID","value":"","enabled":true},{"key":"ORGANISATION_ID","value":"","enabled":true},{"key":"DOMAIN","value":"","enabled":true},{"key":"FORMSCHEMA_ID","value":"e50172e1-daee-4ee7-8ec7-40b4cdbef9aa","enabled":true},{"key":"NEWS_ARTICLE_ID","value":"","enabled":true},{"key":"USER_ID","value":"","enabled":true},{"key":"TOKEN","value":null,"enabled":true},{"key":"REFRESH_TOKEN","value":"","enabled":true},{"key":"FIRST_NAME","value":"","enabled":true},{"key":"LAST_NAME","value":"","enabled":true},{"key":"THEME_ID","value":"","enabled":true},{"key":"token","value":"","enabled":true}],"published":true}],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/7ae76f9c1adc6f225b26c2d033276c190a3fecfbe7a7fcc65e75d5bff5e8ec50","favicon":"https://redant.cloud/favicon.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"},{"label":"Vigilance Hub API Documentation","value":"1822051-f5319825-8c91-4d02-9d0e-609a3b7950d2"}],"canonicalUrl":"https://vigilance-hub-mhra-docs.redant.cloud/view/metadata/SVtN5Y7h"}